privacy

Your data, in plain English.

Last updated May 28, 2026

This is the privacy policy for the Toxome website at toxome.app and the Toxome iOS app. Both are run by Toxome LLC, a New York limited-liability company (“Toxome,” “we,” “us”). We're a clothing scanner and editorial shop for people who want to know what's actually in their clothes.

We try to collect the minimum data needed to make Toxome work, we don't sell it, and you can ask us to delete it at any time. The rest of this page tells you exactly what we collect, why, who we share it with, and what your rights are.

What we collect

We collect three kinds of data:

Account info

When you sign up on the website or the app, we collect your email address and, if you set one, your display name and photo. Authentication is handled by Firebase (Google). We use this to sign you in, recognize you across the web and the app, and send you transactional messages (sign-in links, important changes to your account or the service).

What you do in Toxome

On the app, when you scan a clothing label, we store the photo of the label, the fabric composition we extract from it, the brand and category we identify, and the Toxome Score we calculate. If you save a scan to your closet, that scan stays in your account until you delete it.

On the website, we store the items you save to your wishlist and the filters you apply when browsing the shop. We also receive your subscription status from Apple via RevenueCat so we know whether to unlock premium features.

During onboarding in the app you may share preferences (concerns, gender, budget, focus areas). We use these to personalize what you see; you can change or clear them anytime in the app.

Basic usage data

Like most websites and apps, we record basic technical information: device type, browser, approximate location (from your IP), and which pages or screens you visit. This is aggregate analytics to understand what works and what doesn't. It is not tied to advertising trackers and we do not enable third-party ad networks.

How we use it

We use your data to:

Run the service — show your closet, save your wishlist, sign you in.
Personalize what you see — for example, suggesting cleaner alternatives in the categories where your closet leans high-risk.
Process subscription payments through Apple and our subscription provider (RevenueCat).
Send you transactional emails — account confirmations, sign-in codes, and important changes to the service. We do not send marketing emails without your explicit opt-in.
Improve the product. We may look at de-identified, aggregated trends (e.g. “30% of scans this month were polyester tops”) to decide what to build next. Aggregated data cannot be tied back to you.
Comply with the law and protect Toxome and our users from abuse.

We don't sell your data. We share it only with the companies we use to run Toxome, and only as much of it as they need to do their job:

Firebase (Google) — authentication, your closet, your wishlist, and the photos you upload.
Supabase— our product catalog. You don't have an account here; Supabase only serves the items you browse on the shop.
RevenueCat + Apple App Store — subscription management and payments. We never see your card details; Apple does.
Vercel — the platform our website runs on. They handle hosting and basic request logs.
Affiliate partners— when you click “Buy at [brand]” we send you to that brand's website. Some links contain an affiliate code so we earn a small commission. We don't share your Toxome account or closet data with them; they only see that the click came from us. We also keep our own anonymous record of which products and brands get viewed and clicked — tied to a random device id, never your name or email — so we can see what's resonating and show brands the interest we send their way. This stays inside Toxome; it isn't sold or handed to advertisers.
Law enforcement, if we receive a valid legal request and we believe we have to comply.

Your data, your rights

You can see most of your data inside Toxome itself — your account page shows your closet score, fiber breakdown, wishlist, and email. If you want more:

Delete your account — in the app: Settings → Delete account. On the web: email nyah@toxome.appfrom the email tied to your account. We'll delete your account and all associated data within 30 days, except where the law requires us to keep something (e.g. transaction records).
Export your data— email us and we'll send you a copy of the data we have on you.
Correct your data— most of it is editable in-app. For anything that isn't, email us.
Opt out of analytics— if you don't want us to use even aggregated analytics, email us and we'll flag your account so we exclude it from product analytics.

If you live in California, you have additional rights under the CCPA, including the right not to be discriminated against for exercising any of the above. If you live in the EU/UK, you have additional rights under the GDPR. To exercise any of them, email nyah@toxome.app from the email tied to your account.

Cookies and similar tech

The website uses essential cookies (to keep you signed in) and basic analytics. We do not use third-party advertising cookies and we do not enable cross-site tracking. The iOS app uses the standard Apple-provided identifiers governed by Apple's App Tracking Transparency rules; we do not request tracking permission because we don't need it.

Children

Toxome is not directed at children under 13 and we don't knowingly collect data from them. If you believe a child under 13 has signed up, email us and we'll delete the account.

Security

Data is encrypted in transit between your device and our servers. Our storage providers (Firebase, Supabase) encrypt data at rest and follow industry-standard security practices. No system is bullet-proof; if we ever learn of a breach that affects you, we'll let you know.

Where your data lives

Our service providers store data in US-based data centers. If you're outside the US, your data is transferred to the US when you use Toxome. We rely on Standard Contractual Clauses and our providers' data processing agreements for cross- border transfers as required by GDPR.

Changes to this policy

If we make a material change, we'll let you know in-app or by email before the change takes effect. The “Last updated” date at the top of this page is the source of truth for the current version.

Contact

For anything privacy-related — questions, requests, complaints — email nyah@toxome.app. The company behind Toxome is Toxome LLC, registered in New York.