PRIVACY POLICY
FitCheck is an AI-enabled fashion discovery and virtual try-on service. We process personal data to provide account access, generate virtual try-on images (“VTON Outputs”), personalise your experience, operate safely, and comply with law. If you do not agree with this Privacy Policy, do not use the Service
2. Scope and Relationship to Other Documents
This Privacy Policy applies to personal data we process in connection with:
your use of the FitCheck app and website/landing pages;
your uploads (including photos) and generated VTON Outputs;
your subscription status and entitlement metadata received from app stores;
communications with us (support, complaints, feedback);
our product research and marketing communications (where permitted).
This Privacy Policy should be read with:
the Terms & Conditions; and
any in-app notices and “just-in-time” prompts (e.g., camera/photo access, consent screens).
Where mandatory local law provides stronger protections, that law prevails to the extent it applies.
Who We Are (Controller) and How to Contact Us
Controller: FitCheck Global Inc., a Delaware corporation (United States). FitCheck generally acts as the “controller” (or equivalent) for personal data processed via the Service.
Contact:
Email: privacy@fitcheckapp.com
Postal Address: FitCheck Global Inc., ______________________, United States (insert registered address)
If required by law, we may appoint an EU/UK representative and/or a Data Protection Officer (DPO). See Section 24.
Depending on how you use the Service, we may collect:
4.1 Account and Profile Data
name/handle/username;
email address or login identifier;
country/region, language, timezone;
account settings and preferences;
subscription tier/entitlements (as received from the app stores).
4.2 Device, Network, and Technical Data
device identifiers (device ID, OS type/version, app version);
IP address and general location (city/country level);
network and connectivity information;
logs, timestamps, session identifiers, security events.
4.2 Device, Network, and Technical Data
in-app actions (swipes, selections, favourites, views);
searches and filters;
clicks to third-party retailers/links;
VTON feature usage (counts, feature interactions);
crash reports and performance diagnostics.
4.3 Usage and Interaction Data
in-app actions (swipes, selections, favourites, views);
searches and filters;
clicks to third-party retailers/links;
VTON feature usage (counts, feature interactions);
crash reports and performance diagnostics.
4.4 Payment and Transaction Metadata (App Store)
FitCheck does not typically receive full card details. Purchases are processed by Apple/Google. We may receive:
subscription status and renewal/expiry information;
purchase confirmations/transaction identifiers;
whether a payment succeeded, failed, refunded, or charged back.
4.5 Communications
messages you send to us (support, feedback, complaints);
attachments you choose to provide (e.g., screenshots).
4.6 Marketing Preferences (Where Applicable)
opt-in/opt-out status for marketing;
notification preferences;
interactions with marketing messages (where permitted).
5. Images, Face/Body Data, and VTON Outputs (Sensitive Processing)
FitCheck processes photos/images of you (face and/or body) and generates VTON Outputs. These can be sensitive depending on your jurisdiction.
5.1 Purpose Limitation
We process your images to:
generate VTON Outputs;
deliver and improve the user experience (quality, performance, safety);
prevent misuse and enforce policies.
5.2 No Biometric Identification / No Identity Verification
FitCheck is not a biometric identification or identity verification service. We do not use your photos to identify you, authenticate your real-world identity, or create biometric templates for identification purposes.
5.3 Consent and Controls
Where required (and as a GDPR-forward standard), FitCheck uses in-app consent flows before enabling image upload and VTON generation. You can withdraw consent by stopping image processing, deleting your images (where available), or requesting account deletion (Section 14 and Section 24), subject to lawful retention.
5.4 What We Do Not Do
We do not knowingly collect government ID biometrics.
We do not disclose your raw photos or identifiable VTON Outputs to advertisers as creative assets without your explicit opt-in consent.
6. Sources of Personal Data
We obtain personal data from:
you, when you sign up, upload content, set preferences, or contact support;
your device/app, via technical signals, logs, and SDKs;
Apple/Google, providing subscription and transaction metadata;
service providers, supplying analytics, crash diagnostics, hosting, and security signals;
public sources for product/fashion content retrieval (where used), configured so your personal images are not sent to those sources.
We do not buy consumer marketing lists from data brokers.
7. How We Use Personal Data (Purposes)
We use personal data to:
7.1 Provide the Service
create and manage accounts;
enable image upload and VTON generation;
deliver core features and user experience.
7.2 Personalisation
tailor recommendations and content feeds;
improve relevance based on your interaction patterns.
7.3 Subscription and Entitlements
verify subscription status;
enable/disable features based on entitlements;
maintain credit balances/usage records.
7.4 Security and Abuse Prevention
detect suspicious activity, fraud, misuse, and policy violations;
protect users and the Service.
7.5 Product Analytics and Performance
measure feature usage and engagement;
fix bugs/crashes;
improve reliability and UX.
7.6 Support and Communications
respond to inquiries and complaints;
provide service notices, security alerts, and operational updates.
7.7 Legal and Compliance
comply with law and lawful requests;
enforce Terms & Conditions;
manage disputes and risk.
7.8 Research and Development
improve features and service safety using aggregated/de-identified insights (see Section 9).
8. Legal Bases for Processing (EEA/UK)
If you are in the EEA or UK, we rely on the following legal bases:
8.1 Contract
To provide the Service, generate VTON Outputs, manage your account, and deliver subscribed functionality.
8.2 Legitimate Interests
For security, fraud prevention, service integrity, analytics, and product improvement, balanced against your rights.
8.3 Consent
For processing that requires consent (including certain image/sensitive processing and optional marketing) and where we choose consent as the safest basis. You can withdraw consent at any time; withdrawal does not affect prior lawful processing.
8.4 Legal Obligation
To comply with applicable laws and lawful requests.
9. AI, Machine Learning, and Profiling
9.1 AI Processing
We use AI systems to generate VTON Outputs and to provide recommendations, ranking, and filtering.
9.2 No “Article 22” Significant Decisions
We do not use automated decision-making that produces legal effects or similarly significant effects about you (e.g., credit, employment, housing decisions).
9.3 Model Improvement Approach
We may use de-identified/aggregated usage signals (e.g., error rates, performance metrics, abuse indicators) to improve reliability and safety.
If FitCheck ever offers a feature that uses identifiable photos or identifiable VTON Outputs for training/refinement in a jurisdiction where consent is required, we will obtain explicit opt-in consent and provide withdrawal controls, as described in this Policy and in-app notices.
10. Sharing and Disclosure of Personal Data
We do not sell personal data in the traditional sense. We may share personal data with:
10.1 Service Providers (Processors)
We do not sell personal data in the traditional sense. We may share personal data with:
10.2 App Stores
Apple and Google process payments and maintain their own records. We receive limited subscription/transaction metadata.
10.3 Professional Advisors
Legal, accounting, audit, or similar advisors where necessary.
10.4 Legal and Safety
Courts, regulators, law enforcement, or others where required by law or necessary to protect rights, users, and safety.
10.5 Corporate Transactions
If we undergo a merger, acquisition, financing, or asset sale, personal data may be transferred as part of that transaction, subject to appropriate protections.
10.6 Third-Party Retailer Links
If you click through to third-party retailers, those third parties operate independently and their privacy practices apply (see Section 22).
11. Third-Party Integrations and External Content
FitCheck may show external links or pull publicly available product/fashion content from third-party sources. We configure integrations to avoid sending your personal photos/facial images to external content retrieval services unless explicitly required for a feature and disclosed to you.
12. International Data Transfers
FitCheck is based in the United States and may process data in the U.S. and other countries where we or our providers operate.
Where required (including for EEA/UK users), we implement appropriate safeguards such as:
EU/UK Standard Contractual Clauses (SCCs) or equivalent;
contractual restrictions and confidentiality;
technical and organisational measures (encryption, access controls).
13. Data Retention
We retain personal data only as long as reasonably necessary for the purposes described, including compliance, security, and dispute resolution.
13.1 Active Accounts
Account/profile data and associated content are retained while your account is active.
13.2 Cancellation and Reactivation Window
If you cancel your subscription but do not delete your account, we may retain account data and associated content for up to 90 days to enable reactivation, handle billing/support, and prevent fraud.
13.3 Deletion Requests
Verified deletion requests are generally completed within 30 days, subject to lawful exceptions and technical constraints (e.g., security investigations, legal holds, chargeback disputes).
13.4 Logs and Security Records
Security logs and fraud-prevention records may be retained longer where necessary for security, compliance, and dispute handling.
13.5 Backups
Residual copies may persist in secure backups for a limited period, then are overwritten or deleted according to our backup cycle.
13.6 De-Identified / Aggregated Data
We may retain de-identified/aggregated data longer for analytics, safety, and product improvement, provided it does not reasonably identify you.
14. Your Choices and Controls
Depending on the feature and device, you may be able to:
manage profile and app preferences;
control notifications;
manage marketing preferences (unsubscribe/opt-out);
delete certain content (where the app provides deletion tools);
request account deletion (Section 24);
withdraw consent (where processing is based on consent).
If you are in the EEA/UK, you may have the right to:
access your personal data;
correct inaccurate data;
delete data (subject to exceptions);
restrict processing;
data portability (where applicable);
object to processing based on legitimate interests and direct marketing;
withdraw consent at any time (where consent is the basis).
We may need to verify your identity before responding.
16. Your Rights (California and Other U.S. State Privacy Laws)
If you are a resident of California or another state with a comprehensive privacy law, you may have rights such as:
to know categories and specific pieces of personal information collected/used/disclosed;
to delete personal information (subject to exceptions);
to correct inaccurate personal information;
to opt out of “sale” or “sharing” (as defined by applicable law) for targeted advertising;
to limit use of sensitive personal information (where applicable);
non-discrimination for exercising rights.
FitCheck Positioning: We do not sell personal information in the traditional sense. If we engage in targeted advertising practices that qualify as “sharing” under certain laws, we will provide an opt-out mechanism where required.
17. Rights in GCC and Other Regions
If you are located in jurisdictions such as the UAE, Saudi Arabia, Qatar, Bahrain, or other regions with data protection laws, you may have similar rights (access, correction, deletion, restriction, objection, withdrawal of consent). We honour applicable rights as required by local law.
18. Cookies, SDKs, and Similar Technologies
18.1 Website Cookies
Our website/landing pages may use cookies and similar technologies. Where required, we provide a cookie banner and allow you to manage non-essential cookies.
18.2 Mobile SDKs
The mobile app may use SDKs for analytics, crash reporting, and security. Where required by law, we provide disclosures and controls for optional tracking.
19. Marketing Communications
Where permitted by law, we may send:
service notices and account messages (non-marketing);
product updates, offers, and promotions (marketing, subject to opt-in/opt-out rules).
You can opt out of marketing communications via unsubscribe links or in-app settings (where available). Service and security communications may still be sent.
20. Children and Minors
FitCheck is not intended for children under 13 and we do not knowingly collect data from them. If we learn we collected such data, we will take steps to delete it.
Where local law requires parental consent for older minors (e.g., under 16 in parts of the EEA), we may restrict access or require consent mechanisms.
21. Security Measures
We use technical and organisational measures designed to protect personal data, such as:
encryption in transit and, where appropriate, at rest;
access controls and authentication;
logging and monitoring;
least-privilege access and internal policies.
No system is perfectly secure. If a personal data incident occurs, we will notify users and/or regulators where required by law.
22. Third-Party Links and Independent Services
The Service may link to third-party websites and retailers. Those third parties are independent and their privacy practices apply. We are not responsible for their content or data handling.
23. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in the Service, legal requirements, or data practices. We will update the Effective Date and provide additional notice where required. Continued use after the effective date means you accept the updated Policy.
24. How to Exercise Rights, Complaints, Representatives
24.1 Requests and Rights
To exercise your rights or ask questions, contact: privacy@fitcheckapp.com
We may request verification to protect you.
24.2 Complaints
You may lodge a complaint with your local data protection authority (EEA/UK) or relevant regulator. We encourage you to contact us first so we can address concerns.
24.3 EU/UK Representative / DPO (If Appointed)
If we appoint:
an EU representative: ______________________
a UK representative: ______________________
a DPO: ______________________ their contact details will be provided in-app and/or on our website.
25. Definitions
“Personal data / personal information”: information relating to an identified or identifiable individual.
“Processing”: any operation performed on personal data (collection, storage, use, disclosure, deletion).
“Controller”: entity determining purposes and means of processing.
“Processor”: entity processing data on behalf of a controller.
“De-identified / aggregated data”: data processed so it does not reasonably identify an individual.