Privacy Policy
Last Updated: May 2026
We value your privacy and comply with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Who We Are and How to Contact Us
(Un)scripted (the "App") is operated by Chameleonne GmbH, the data controller responsible for processing your personal data under the General Data Protection Regulation (GDPR).
Company: Chameleonne GmbH c/o Villa Klassik GmbH
Address: Knesebeckstraße 30, 10623 Berlin, Germany
Email: support@unscripted.style
2. Categories of Personal Data We Collect
We collect and process the following categories of personal data when you use the App:
Account & Sign-In Data: Your username, optional display name, optional city, optional region, and optional sex selection (menswear, womenswear, unisex) provided during profile setup. When signing in via Apple or Google, we receive a unique, pseudonymous identifier from those services to authenticate you. We do not receive or store your third-party account passwords.
User Content: Photos you upload to the App, threads you create, and comments you leave in the community sections.
Derived Technical Attributes: When you upload a photo, our system automatically generates 3 aesthetic tags and 5 short descriptive phrases of your outfit using automated AI analysis. These are continuously aggregated to build your "Style DNA" profile.
In-App Engagement Data: Records of which threads you post to, which brand campaigns you view or click, where you saw those campaigns (e.g., brand section, slider, or thread), your accumulated aesthetic tags, points balance, badges, and your app cycle level.
Technical & Device Data: Basic technical details including device type, operating system, app version, and crash data collected to monitor platform stability.
3. How and Why We Process Your Data
Under the GDPR, we must establish a valid legal basis for every processing activity. Because (Un)scripted is fundamentally an AI-driven style curation and rewards platform, the data analysis is a core component of the service you contract us to deliver.
A. Performance of a Contract — Art. 6(1)(b) GDPR
The following operations are strictly required to execute our Terms of Service. If you do not want your data processed for these purposes, you cannot use the App:
Account Management: Creating, maintaining, and authenticating your profile using your Account and Sign-In Data.
Community Features: Storing and displaying your photos, threads, and comments within the community sections of the App.
AI Fashion Analysis & Content Moderation: Automatically processing your uploaded photos to extract aesthetic tags, style descriptions, and screening images for platform safety (offensive content, nudity, hate speech, or harassment).
Automated Style DNA Curation: Combining your aesthetic tags, thread engagement history, and campaign clicks to build an automated "Style DNA" profile. This profile dictates your specific eligibility for brand rewards and discount coupons.
Brand Rewards Lifecycle: Tracking your points balance and gift cycle levels based on your posts to automatically issue discount codes, limited-drop access, or event invitations from brand partners matching your profile.
B. Legitimate Interests — Art. 6(1)(f) GDPR
We process certain data based on our legitimate business interests, provided they do not override your privacy rights:
App Stability & Bug Fixing: Processing basic device data to monitor crashes and technical performance via our infrastructure tools.
C. Legal Obligations — Art. 6(1)(c) GDPR
Regulatory Compliance: Retaining and processing specific records when mandated by applicable law, statutory retention periods, or official court orders.
4. Who We Share Your Data With
We do not sell your personal data. We share your information only with trusted sub-processors necessary to run the App:
OpenAI, LLC: Processes every uploaded photo via secure APIs for the parallel purposes of fashion analysis and safety moderation. Data is processed anonymously and is not utilized by the provider to train their models.
PostHog, Inc.: Handles internal product telemetry and campaign tracking. PostHog is hosted exclusively on EU-based servers.
Google Cloud Platform (GCP): Hosts our backend cloud infrastructure, production databases, and user photo assets within the europe-west region.
Google (Firebase Crashlytics): Captures automated technical crash logs to ensure app stability.
Brand Partners: We provide commercial brands with aggregated, statistical performance reports regarding their campaigns. This includes information about what how many users saw their campaigns, how many users clicked their campaign, which profile of users engaged most with their camapign (users with what aesthetic tag, what gender (if provided by user), what city (if provided by user), in which threads users interested in their campaigns mostly post to.
5. International Data Transfers
While our primary databases (Google Cloud Platform) and telemetry services (PostHog) are located within the European Economic Area (EEA), your photos are securely transmitted to OpenAI, LLC in the United States for automated processing. To guarantee lawful transfers, we rely on the EU Standard Contractual Clauses (SCCs) embedded within OpenAI’s standard Data Processing Addendum (DPA), which we signed.
6. Automated Decision-Making and Profiling
To provide our core automated brand and algorithm taste matchmaking service, the App utilizes rule-based background processes to instantly evaluate your profile without manual human intervention:
Your Style DNA is dynamically compiled from your accumulated aesthetic tags.
Your eligible Brand Campaigns and Rewards are automatically selected based on matching algorithms comparing your Style DNA metadata with active partner requirements.
Your Reward Issuance triggers automatically once your points balance crosses our established technical thresholds.
7. Data Retention & Deletion
We adhere to strict data minimization principles. Data is deleted according to the following lifecycles:
Account & Profile Metadata: Retained until you delete your account.
User Photos & Content: Retained until you delete your account or manually remove the content.
Style DNA & Core Tags: Retained until you delete your account.
PostHog Analytics History: Retained for 1 year from collection.
Database Backups (Cloud SQL): Persists in encrypted rolling backups for up to 30 days following deletion.
Legal Compliance Records: Retained for the duration mandated by local commercial and tax regulations.
Account Deletion
You can initiate an un-delayed, permanent deletion of your account at any time directly through the Profile Settings within the App. Upon triggering deletion:
Your profile records are scrubbed from our active production database.
Your uploaded user content, community posts, and comments are deleted from the frontend platform.
Automated deletion flags are transmitted to our sub-processors (GCP Storage, PostHog) to clear assets tied to your randomized identifier.
8. Your Data Rights
Under the GDPR, you possess the following rights regarding your personal data:
Right of Access (Art. 15): Request a copy of all personal records we hold about you.
Right to Rectification (Art. 16): Update or fix inaccurate or incomplete profile settings.
Right to Erasure (Art. 17): Request the wholesale deletion of your data via our in-app account deletion workflow or manual request.
Right to Restrict Processing (Art. 18): Restrict further processing of your data under specific statutory conditions.
Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing carried out under legitimate business interests.
How to Exercise Your Rights
To submit an official data subject request, please contact us at support@unscripted.style. We will process and respond to verified identity requests within the legal 90-day window.
You also possess the statutory right to file a direct complaint regarding our processing with your regional data protection authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, Germany
Website: www.datenschutz-berlin.de
9. Children’s Privacy
The App is explicitly intended for individuals aged 16 and over. We do not knowingly collect or maintain data from individuals under this threshold. If we discover that an account has been registered by a minor under 16, all associated data records will be purged immediately from our systems.
10. Security
We use appropriate technical and organisational measures to protect your data. However, no system is 100% secure.
11. Changes
We may update this policy. Major changes will be notified in-app or by email.
12. Supervisory Authority
You can lodge a complaint with your local data protection authority. In Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) – https://www.bfdi.bund.de/
Privacy Policy
Last Updated: May 2026
We value your privacy and comply with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
1. Who We Are and How to Contact Us
(Un)scripted (the "App") is operated by Chameleonne GmbH, the data controller responsible for processing your personal data under the General Data Protection Regulation (GDPR).
Company: Chameleonne GmbH c/o Villa Klassik GmbH
Address: Knesebeckstraße 30, 10623 Berlin, Germany
Email: support@unscripted.style
2. Categories of Personal Data We Collect
We collect and process the following categories of personal data when you use the App:
Account & Sign-In Data: Your username, optional display name, optional city, optional region, and optional sex selection (menswear, womenswear, unisex) provided during profile setup. When signing in via Apple or Google, we receive a unique, pseudonymous identifier from those services to authenticate you. We do not receive or store your third-party account passwords.
User Content: Photos you upload to the App, threads you create, and comments you leave in the community sections.
Derived Technical Attributes: When you upload a photo, our system automatically generates 3 aesthetic tags and 5 short descriptive phrases of your outfit using automated AI analysis. These are continuously aggregated to build your "Style DNA" profile.
In-App Engagement Data: Records of which threads you post to, which brand campaigns you view or click, where you saw those campaigns (e.g., brand section, slider, or thread), your accumulated aesthetic tags, points balance, badges, and your app cycle level.
Technical & Device Data: Basic technical details including device type, operating system, app version, and crash data collected to monitor platform stability.
3. How and Why We Process Your Data
Under the GDPR, we must establish a valid legal basis for every processing activity. Because (Un)scripted is fundamentally an AI-driven style curation and rewards platform, the data analysis is a core component of the service you contract us to deliver.
A. Performance of a Contract — Art. 6(1)(b) GDPR
The following operations are strictly required to execute our Terms of Service. If you do not want your data processed for these purposes, you cannot use the App:
Account Management: Creating, maintaining, and authenticating your profile using your Account and Sign-In Data.
Community Features: Storing and displaying your photos, threads, and comments within the community sections of the App.
AI Fashion Analysis & Content Moderation: Automatically processing your uploaded photos to extract aesthetic tags, style descriptions, and screening images for platform safety (offensive content, nudity, hate speech, or harassment).
Automated Style DNA Curation: Combining your aesthetic tags, thread engagement history, and campaign clicks to build an automated "Style DNA" profile. This profile dictates your specific eligibility for brand rewards and discount coupons.
Brand Rewards Lifecycle: Tracking your points balance and gift cycle levels based on your posts to automatically issue discount codes, limited-drop access, or event invitations from brand partners matching your profile.
B. Legitimate Interests — Art. 6(1)(f) GDPR
We process certain data based on our legitimate business interests, provided they do not override your privacy rights:
App Stability & Bug Fixing: Processing basic device data to monitor crashes and technical performance via our infrastructure tools.
C. Legal Obligations — Art. 6(1)(c) GDPR
Regulatory Compliance: Retaining and processing specific records when mandated by applicable law, statutory retention periods, or official court orders.
4. Who We Share Your Data With
We do not sell your personal data. We share your information only with trusted sub-processors necessary to run the App:
OpenAI, LLC: Processes every uploaded photo via secure APIs for the parallel purposes of fashion analysis and safety moderation. Data is processed anonymously and is not utilized by the provider to train their models.
PostHog, Inc.: Handles internal product telemetry and campaign tracking. PostHog is hosted exclusively on EU-based servers.
Google Cloud Platform (GCP): Hosts our backend cloud infrastructure, production databases, and user photo assets within the europe-west region.
Google (Firebase Crashlytics): Captures automated technical crash logs to ensure app stability.
Brand Partners: We provide commercial brands with aggregated, statistical performance reports regarding their campaigns. This includes information about what how many users saw their campaigns, how many users clicked their campaign, which profile of users engaged most with their camapign (users with what aesthetic tag, what gender (if provided by user), what city (if provided by user), in which threads users interested in their campaigns mostly post to.
5. International Data Transfers
While our primary databases (Google Cloud Platform) and telemetry services (PostHog) are located within the European Economic Area (EEA), your photos are securely transmitted to OpenAI, LLC in the United States for automated processing. To guarantee lawful transfers, we rely on the EU Standard Contractual Clauses (SCCs) embedded within OpenAI’s standard Data Processing Addendum (DPA), which we signed.
6. Automated Decision-Making and Profiling
To provide our core automated brand and algorithm taste matchmaking service, the App utilizes rule-based background processes to instantly evaluate your profile without manual human intervention:
Your Style DNA is dynamically compiled from your accumulated aesthetic tags.
Your eligible Brand Campaigns and Rewards are automatically selected based on matching algorithms comparing your Style DNA metadata with active partner requirements.
Your Reward Issuance triggers automatically once your points balance crosses our established technical thresholds.
7. Data Retention & Deletion
We adhere to strict data minimization principles. Data is deleted according to the following lifecycles:
Account & Profile Metadata: Retained until you delete your account.
User Photos & Content: Retained until you delete your account or manually remove the content.
Style DNA & Core Tags: Retained until you delete your account.
PostHog Analytics History: Retained for 1 year from collection.
Database Backups (Cloud SQL): Persists in encrypted rolling backups for up to 30 days following deletion.
Legal Compliance Records: Retained for the duration mandated by local commercial and tax regulations.
Account Deletion
You can initiate an un-delayed, permanent deletion of your account at any time directly through the Profile Settings within the App. Upon triggering deletion:
Your profile records are scrubbed from our active production database.
Your uploaded user content, community posts, and comments are deleted from the frontend platform.
Automated deletion flags are transmitted to our sub-processors (GCP Storage, PostHog) to clear assets tied to your randomized identifier.
8. Your Data Rights
Under the GDPR, you possess the following rights regarding your personal data:
Right of Access (Art. 15): Request a copy of all personal records we hold about you.
Right to Rectification (Art. 16): Update or fix inaccurate or incomplete profile settings.
Right to Erasure (Art. 17): Request the wholesale deletion of your data via our in-app account deletion workflow or manual request.
Right to Restrict Processing (Art. 18): Restrict further processing of your data under specific statutory conditions.
Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing carried out under legitimate business interests.
How to Exercise Your Rights
To submit an official data subject request, please contact us at support@unscripted.style. We will process and respond to verified identity requests within the legal 90-day window.
You also possess the statutory right to file a direct complaint regarding our processing with your regional data protection authority:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin, Germany
Website: www.datenschutz-berlin.de
9. Children’s Privacy
The App is explicitly intended for individuals aged 16 and over. We do not knowingly collect or maintain data from individuals under this threshold. If we discover that an account has been registered by a minor under 16, all associated data records will be purged immediately from our systems.
10. Security
We use appropriate technical and organisational measures to protect your data. However, no system is 100% secure.
11. Changes
We may update this policy. Major changes will be notified in-app or by email.
12. Supervisory Authority
You can lodge a complaint with your local data protection authority. In Germany: Bundesbeauftragte für den Datenschutz und die Informationsfreiheit (BfDI) – https://www.bfdi.bund.de/