Fitcheck7 Privacy Policy

Effective date: 31 August 2025
Domain: fitcheck7.com

This policy explains how Fitcheck7 processes personal data for the AI “try-on” service. It is GDPR-aligned but is not legal advice.

1) Who we are (Controller)

Fitcheck7 is the data controller for the service at fitcheck7.com.
Contact: [email protected]
Registered in the Netherlands.

We do not appoint a Data Protection Officer. Contact the address above for privacy matters.

2) What we collect

2.1 Account and usage

  • Identifiers: name, email, account ID.
  • Authentication data, session tokens.
  • Usage logs: timestamps, feature use, device/OS/browser, IP-derived coarse location, pages, referral.
  • Support messages and metadata.

2.2 Content you provide

  • User photo(s) for virtual try-on.
  • Garment image(s).
  • Prompts and settings.
  • Generated outputs.

We do not seek special-category data. Do not upload sensitive content. We do not use face images to identify you or to verify identity.

2.3 Payments

  • Billing email, plan, transaction IDs, last 4 digits and expiry (from processor).
  • We do not store full card numbers.

2.4 Cookies and similar tech

  • Essential cookies for login and security.
  • Optional analytics/marketing cookies only with consent.

3) Why we process data (purposes + legal bases)

| Purpose | Legal basis | |---|---| | Provide the service, render try-on images, account management | Contract (Art. 6(1)(b)) | | Prevent abuse, secure the service, rate-limit, debug | Legitimate interests (Art. 6(1)(f)) | | Payments, invoicing, tax and accounting | Legal obligation (Art. 6(1)(c)) and Contract | | Communicate about service changes, incidents | Legitimate interests | | Optional analytics and product improvement | Consent (Art. 6(1)(a)) or Legitimate interests (aggregated, non-identifying) | | Marketing emails (if opted-in) | Consent | | Legal requests and dispute handling | Legal obligation / Legitimate interests |

We do not use your personal images to train models unless you opt in.

4) How the AI processing works

  • Your uploaded photo and garment image are processed by our servers and/or vetted AI providers to synthesize a try-on image.
  • We do not perform biometric identification. We may compute facial landmarks transiently to align garments.
  • Unless you choose to save items to your account, original uploads are deleted within 24 hours after generation; cached intermediates are purged sooner. Saved items remain until you delete them.

5) Retention

  • Account data: for the life of the account, then up to 24 months for audit, fraud prevention, or legal claims.
  • Content (uploads/outputs):
    • Ephemeral runs: delete within 24 hours after generation.
    • Saved to account: kept until you delete, or your account is closed.
  • Logs and security events: 12 months unless a longer period is required for investigations.
  • Payments and invoices: as required by tax law (typically 7 years in NL).

6) Sharing and recipients

We share data with processors strictly to operate the service:

  • Hosting and CDN providers (infrastructure, storage, delivery).
  • AI inference providers (image processing under our instructions).
  • Payment processor (e.g., Stripe) for billing; they are independent controllers for payment data.
  • Email and support tooling (transactional email, issue tracking).
  • Analytics and error