Legal
Effective date: May 28, 2026 · Last updated: May 28, 2026
Vastram Studio ("we", "us", or "our") operates the Vastram Studio platform at vastramstudio.com (the "Service"), an AI-powered fashion catalog tool built for Indian D2C and wholesale fabric sellers. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and what rights you have over it.
By creating an account or using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Service.
When you sign up, we collect your email address, name, and password (securely hashed) via our authentication provider Clerk. If you use Google, Apple, or another OAuth provider, we receive your name and email from that provider.
The core function of Vastram Studio is to transform fabric photos into model catalog images. To do this you upload fabric or garment photos ("Fabric Images"). These images are stored on Cloudinary, a cloud media platform, and are transmitted to OpenAI's image-editing API solely to generate your catalog output. We do not use your Fabric Images to train any AI model, including our own or OpenAI's.
AI-generated output images are stored on Cloudinary under your account. You can delete them at any time from your dashboard.
You may optionally provide your company name, logo, phone number, address, and GST number for use in catalog generation (brand overlays, cover pages, back-cover contact details). This data is stored securely in our database (Convex) and only used to produce your catalogs.
We automatically collect technical data when you use the Service: IP address, browser type, operating system, pages visited, timestamps, and error logs. This helps us maintain reliability and security.
Subscription payments are processed by our payment provider. We do not store your full card number, CVV, or bank account details. Our payment provider provides us with a transaction reference and subscription status only.
We will never sell your personal data or your uploaded images to any third party for advertising or any other commercial purpose.
Running Vastram Studio requires us to share certain data with trusted sub-processors. Each is contractually obligated to protect your data and use it only to provide their service to us.
| Provider | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication & identity | Email, name, OAuth tokens |
| Cloudinary | Image storage & delivery | Uploaded & generated images |
| OpenAI | AI image generation (gpt-image-1) | Fabric images (for processing only; OpenAI API data is not used for training per their API terms) |
| Convex | Database & backend | Account data, generation metadata, branding info |
| Payment Provider | Subscription billing | Email, billing amount; no card data stored by us |
Some of these providers may process data outside India. When this occurs, we ensure appropriate contractual safeguards are in place consistent with applicable law.
We implement industry-standard security measures: HTTPS/TLS encryption in transit, encrypted storage at rest, role-based access controls, and regular security reviews. However, no method of transmission or storage is 100% secure. You are responsible for keeping your account credentials confidential. Please notify us immediately at hello@vastramstudio.com if you suspect any unauthorised access to your account.
You have the following rights regarding your personal data:
To exercise any of these rights, email us at hello@vastramstudio.com with the subject line "Data Rights Request". We will respond within 30 days.
We use essential cookies required for authentication (session tokens managed by Clerk) and basic session management. We do not use third-party advertising or tracking cookies. You can disable cookies in your browser, but this may prevent you from logging in to the Service.
Vastram Studio is intended for use by persons aged 18 and above, or by minors aged 13 and above only under the supervision of a parent or guardian operating a legitimate business. We do not knowingly collect personal data from children under 13. If you believe a child under 13 has provided us with personal data, please contact us immediately so we can delete it.
This Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any successor data-protection legislation. Any disputes arising from this Policy shall be subject to the jurisdiction of courts located in India.
We may update this Policy from time to time. When we make material changes, we will notify you via email or a prominent notice on the Service at least 14 days before the change takes effect. The updated Policy will be posted on this page with a revised "Last updated" date. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
For any privacy-related questions, requests, or complaints, please contact:
Also read our Terms of Use.