Privacy Policy

Last updated: May 1, 2025

Introduction & Scope

At Dressify, Inc., we prioritize the privacy and security of our global user base. This Privacy Policy applies to all personal data collected about individuals interacting with our websites, mobile applications, APIs, and associated digital or offline services (collectively, "Services"). It outlines how we collect, process, store, share, and protect personal information, in accordance with international privacy frameworks (GDPR, CCPA, PIPEDA, LGPD, Australia Privacy Act, etc.).

By using our Services, you consent to the collection and use of your data as described herein. If you do not agree, please discontinue use of the Services and contact us via the link at the bottom of this page.

1. Data Collection & Sources

We collect personal data directly from you when you register, interact, or complete forms within our Services, including:

  • Registration Data: Name, email, password, username, and optional demographic information (age, gender).
  • Profile & Preference Data: Photos, body measurements, style preferences, budgets, and sustainability settings.
  • Payment & Transaction Data: Billing address, credit/debit card tokenization, purchase history, and refunds.
  • Device & Technical Data: IP address, device operating system, browser version, screen resolution, and unique device identifiers.
  • Usage & Interaction Data: Pages/screens viewed, clicks, time stamps, feature usage metrics, and in-app navigation paths.
  • Third-Party & Public Data: Social media profile information (when you connect via OAuth), marketing lists, publicly available data, and analytics providers (Google Analytics, Mixpanel).
  • Support & Communications Data: Messages, support tickets, feedback, call recordings, and chat logs when you contact customer support.

2. Purpose of Processing & Legal Grounds

We process your personal data for the following purposes, with corresponding legal bases under GDPR and equivalent global regulations:

  • Service Delivery (Contract Fulfillment): To register accounts, process transactions, and deliver purchased virtual try-on services.
  • Personalization & Recommendations (Legitimate Interest): To analyze style preferences and browsing behavior to customize outfit suggestions and UI experience.
  • Marketing & Communications (Consent): With your consent, to send newsletters, promotions, surveys, and event invitations. You may withdraw consent anytime.
  • Security & Fraud Prevention (Legal Obligation/Legitimate Interest): To detect and investigate fraudulent activity, enforce terms of service, and comply with law enforcement requests.
  • Product Improvement & Research (Legitimate Interest): To conduct A/B testing, feature usage analysis, and internal research for product enhancements.
  • Legal Compliance (Legal Obligation): To comply with tax laws, accounting standards, court orders, and other regulatory requirements.

3. Data Retention & Minimization

We retain personal data only as long as necessary for the purposes outlined above, including legal, tax, or accounting obligations. Retention periods vary by data type:

  • Account & Profile Data: Until you delete your account and for a maximum of 7 years thereafter for compliance purposes.
  • Transaction & Payment Data: 7 years for financial record-keeping obligations.
  • Support Communications: 3 years unless required longer for dispute resolution.
  • Analytics & Usage Logs: 2 years, aggregated or anonymized beyond this period.
  • Marketing Data: Until consent is withdrawn.

4. Data Sharing & International Transfers

To support our global operations, we may share your data with the following categories of recipients:

  • Service Providers: Cloud hosting (AWS, Azure), CDN, payment gateways (Stripe, PayPal), analytics providers.
  • Business Partners: Brand partners for co-marketing and wardrobe sync integrations.
  • Affiliates & Subsidiaries: Internal divisions for consolidated service delivery and support.
  • Legal & Regulatory Bodies: Law enforcement, tax authorities, and court orders when required by law.

Where data is transferred outside your jurisdiction, we employ Standard Contractual Clauses, Privacy Shield Frameworks, or equivalent safeguards to ensure adequate protection.

5. Cookies, Tracking & Third-Party Technologies

We use cookies, local storage, and tracking pixels for functional, analytical, and advertising purposes:

  • Strictly Necessary Cookies: Essential for site navigation and security.
  • Performance & Analytics Cookies: Google Analytics, Mixpanel, Hotjar for usage insights.
  • Functional Cookies: Remember user preferences, language settings, and video player states.
  • Advertising & Marketing Cookies: Facebook Pixel, Google Ads, and programmatic ad partners to measure campaign effectiveness.

You can manage or disable cookies via your browser settings or through our Cookie Preferences banner.

6. Data Subject Rights & Requests

Depending on your jurisdiction, you may exercise the following rights:

  • Right of Access: Obtain a copy of your personal data.
  • Right to Rectification: Correct incomplete or inaccurate data.
  • Right to Erasure: Delete your personal data (“right to be forgotten”).
  • Right to Restriction: Restrict processing of your data under certain conditions.
  • Right to Data Portability: Receive your data in a machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdraw consent for marketing communications at any time.

To submit a request, please email privacy@dressify.com with your details and request type. We respond within 30 days.

7. Children’s Privacy & Age Restrictions

Our Services are not intended for children under 16 (or older if required by local law). We do not knowingly collect or process data from minors. If you become aware of any data from a minor, please contact us to request deletion.

8. Security Measures & Incident Response

We employ industry-standard security controls including encryption at rest and in transit (AES-256, TLS 1.2+), role-based access, regular penetration testing, and SOC 2 Type II audits. In the event of a data breach, we will notify affected users and regulators within 72 hours, per GDPR and other breach notification laws.

9. International Transfers & Data Localization

Dressify’s infrastructure spans multiple regions. Where personal data is transferred across borders, we rely on approved mechanisms such as EU Standard Contractual Clauses, Privacy Shield, or binding corporate rules. For users in jurisdictions with data localization requirements (e.g., Russia, China), we maintain local data centers to ensure compliance.

10. Policy Changes & Version Control

We review this Privacy Policy annually or when significant changes occur. A version history is maintained below:

  • Version 3.0 (May 1, 2025): Expanded international compliance, data retention, and incident response.
  • Version 2.5 (January 10, 2024): Added CCPA section and marketing cookies details.
  • Version 2.0 (June 5, 2023): Introduced Virtual Try-On data handling and API integration.
  • Version 1.0 (March 1, 2022): Initial policy launch aligning with GDPR.
Contact Us About Privacy