Privacy Policy

Last updated: April 1, 2026

The short version: All face processing runs entirely on your device. No camera data, face images, or biometric data is ever transmitted to our servers or any third party.

Camera Access & Face Processing

The Forge Tryon widget uses your device's camera and MediaPipe Face Mesh to detect facial landmarks in real time. This processing happens entirely in your web browser using WebAssembly (WASM). No video frames, face images, or landmark coordinates are sent to any server.

Face landmark data is computed per-frame and immediately discarded after rendering. Nothing is stored in memory between sessions, and no face data persists after you close the widget.

Data Collection

The Forge Tryon widget collects no personal data. Specifically:

• No cookies are set
• No browser fingerprinting
• No tracking pixels or analytics beacons
• No user accounts or login required
• No IP address logging by the widget

The only network requests made by the widget are to load 3D models (GLB files) from the store's API server, and to load MediaPipe WASM binaries from Google's CDN.

Third-Party Services

The widget contacts exactly two external services:

1. Store API — to fetch the product catalog and 3D model files. This is your store's own server.
2. Google CDN — to load MediaPipe face detection WASM modules (cdn.jsdelivr.net). Google does not receive any face data from this request.

No other third-party services, ad networks, or analytics platforms are contacted.

GDPR Compliance

Since no personal data is processed server-side by the Forge Tryon widget, there is no data controller obligation for the try-on feature itself. The hosting store remains the data controller for their e-commerce platform and should include this widget in their own privacy policy.

Under GDPR Article 6, the lawful basis for camera access is consent — the user explicitly grants camera permission via the browser's native permission dialog before any processing begins.

Children's Privacy (COPPA)

The widget does not collect, store, or transmit any data from any user — adult or child. No personal information of any kind is gathered, so COPPA obligations do not apply to the widget's processing.

Data Retention

There is no data to retain. Face landmarks are computed per-frame and discarded. No session data, cookies, or local storage entries are created by the widget.

Security

All API communication uses HTTPS. 3D model files are served with signed URLs that expire after a configurable time window. The widget runs inside a Shadow DOM to prevent CSS/JS interference from the host page.

Contact

Questions about privacy? Contact us at bogdan@codeswiftr.com.