Privacy Policy

FitFinder is the data controller for personal data processed through this service. For any privacy-related questions or to exercise your rights, contact us at the email address in the Contact section below.

We collect: (1) Account data — email address, display name, profile picture (Google sign-in only), and bcrypt-hashed password. (2) Style preferences — gender, age range, style, budget range, occasion, season, and colour preferences you select. (3) Wardrobe data — clothing item images you upload, plus metadata such as category, colour, and style tags. (4) Outfit history — outfits generated for you, including style, occasion, and product matches. (5) Subscription and payment data — Stripe customer and subscription IDs, plan name, payment amount, currency, and status. Full card details are never stored by FitFinder. (6) Analytics data — page views and navigation events via Google Analytics 4, collected only with your explicit consent.

We use your data to: create and manage your account; generate personalised AI outfit recommendations from your style preferences; manage your digital wardrobe; process and manage subscription payments via Stripe; improve the service through aggregated, anonymised analytics (only with your consent); respond to support requests.

Contract (Art. 6(1)(b) GDPR): account management, outfit generation, and payment processing are necessary to provide the service. Consent (Art. 6(1)(a) GDPR): analytics tracking via Google Analytics 4 requires your opt-in. You may withdraw consent at any time by declining cookies. Legitimate interest (Art. 6(1)(f) GDPR): security monitoring and fraud prevention.

FitFinder uses automated processing — including AI-based profiling — to generate outfit recommendations. Your style preferences (gender, age range, style, budget, occasion, season, colours) are combined with AI models to produce personalised outfit suggestions. Pursuant to Art. 22 GDPR, this processing does not produce legal or similarly significant effects: it only suggests outfits. You may update or delete your preferences at any time from your profile settings.

We share your data only as necessary with the following third-party processors, each bound by appropriate data agreements: Stripe (payment processing — billing and subscription data); Google (authentication via OAuth and optional analytics via Google Analytics 4); Cloudflare R2 (image storage — wardrobe photos, isolated per user). Outfit image generation uses external AI services (Pollinations AI, Google Gemini) — no personally identifying data is included in those requests. Product catalogue queries (Kelkoo, TradeDoubler) contain no personal data. We do not sell your data.

Google Analytics 4 is loaded in consent-denied mode by default — no tracking data is sent until you explicitly accept via the cookie banner. Your choice is saved locally in your browser. You may change your preference at any time by clearing the stored consent and reloading the page. We do not use advertising cookies or cross-site tracking.

We retain your personal data for as long as your account is active. When you delete your account, all data — profile preferences, wardrobe images, outfit history, likes, and wishlist items — is permanently and immediately deleted from our systems. Wardrobe images are also removed from Cloudflare R2 storage. Stripe retains payment records in accordance with its own retention policy and applicable financial regulations.

Under GDPR you have the right to: access a copy of your personal data (Art. 15); correct inaccurate data via profile settings (Art. 16); erase your account and all associated data permanently from account settings (Art. 17); restrict processing in certain circumstances (Art. 18); receive your data in a portable format (Art. 20); object to processing based on legitimate interest (Art. 21); withdraw analytics consent at any time (Art. 7(3)). To exercise any right, contact us at info.fitfinder4u@gmail.com. You also have the right to lodge a complaint with your national data protection authority.

We apply appropriate technical and organisational measures to protect your data: passwords are hashed with bcrypt (12-round salt); wardrobe images are stored in isolated per-user directories; authentication uses short-lived JWT tokens; account registration includes rate limiting against brute-force attacks. No system is perfectly secure — if you believe your data has been compromised, contact us immediately.

For privacy enquiries or to exercise your data rights, contact us at info.fitfinder4u@gmail.com