The Fitting Room

Legal

Privacy & Cookie Policy

Last updated October 29, 2025

1. Introduction

This Privacy and Cookie Policy ("Policy") explains how The Fitting Room ("we", "us", or "our") collects, uses, stores, and protects personal data when individuals ("you", "user") interact with our platform, whether directly through our website or via the embedded widget installed on partner brand websites.

This Policy complies with the EU General Data Protection Regulation (GDPR), the Swiss Federal Data Protection Act (DSG), and other applicable privacy laws.

2. Data Controller And Contact

  • Controller (Direct Users): The Fitting Room, when you use our website or upload content directly.
  • Processor (Widget Users): When our widget is embedded in a brand’s website, we process data on behalf of that brand (the controller).

Contact for privacy inquiries: 📧 concierge@thefittingroom.com 🏢 Address: Polychrome - 20 rue Joseph Girard - 1227 Carouge - Switzerland

3. Types Of Data We Collect

3.1 Directly Provided Data

  • Uploaded photos or images for try-on visualizations
  • Name and contact information (if account created)
  • Payment and billing details (via Stripe)

3.2 Automatically Collected Data

  • IP address, browser type, device information
  • Referring URLs, session IDs, cookies, and analytics data
  • Widget interaction data (clicks, image generation events, etc.)

3.3 From Third Parties

  • Payment confirmations from Stripe
  • Hosting and AI processing data from Google Cloud and AWS/S3
Purpose Legal Basis
Providing AI try-on service and widget functionality Contract performance (Art. 6(1)(b) GDPR)
Analytics, optimization, and fraud prevention Legitimate interests (Art. 6(1)(f) GDPR)
Payment processing Contract performance + legal obligation
Consent management for cookies Consent (Art. 6(1)(a) GDPR)
AI model training (if applicable) Explicit consent (Art. 9(2)(a) GDPR)
Compliance with law, defense of claims Legal obligation (Art. 6(1)(c) GDPR)

5. Data Retention

  • Uploaded images are retained only for the duration of the session unless the user creates an account.
  • Logs and analytics data are retained for up to 90 days.
  • Backups containing personal data are automatically deleted or anonymized within 6 months.
  • Stripe payment records are kept as required by accounting laws.

6. Data Sharing And Subprocessors

We may share personal data only with:

Recipient Purpose Location
Google Cloud (Gemini) AI image generation EU/EEA
AWS/S3 Image and file storage EU/CH
Stripe Payments Payment processing EU/US (adequate safeguards)
Cloudflare / CDN Content delivery and DDoS protection Global

All subprocessors operate under GDPR-compliant Data Processing Agreements and provide Standard Contractual Clauses (SCCs) where applicable.

7. International Data Transfers

If data is transferred outside Switzerland or the EEA, we rely on:

  • Adequacy decisions (e.g., for EU/CH)
  • Standard Contractual Clauses (SCCs) approved by the European Commission

8. User Rights

You have the following rights under GDPR and DSG:

  • Access your personal data
  • Request correction or deletion
  • Withdraw consent
  • Object to processing or restrict it
  • Data portability (receive a copy in machine-readable form)

Requests can be made by email to concierge@thefittingroom.com. We may require identity verification before processing requests.

9. Cookies And Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device when visiting a website or using a widget. They help improve usability, remember preferences, and analyze usage.

9.2 Types of Cookies Used

Type Purpose Retention
Strictly Necessary Cookies Enable core features (security, session management) Session only
Performance Cookies Collect anonymous usage statistics Up to 12 months
Functional Cookies Remember settings and preferences Up to 12 months
Advertising Cookies Track cross-site activity for marketing Up to 6 months
Third-Party Cookies Set by analytics, CDN, or payment processors Variable

Upon first visit, users see a cookie banner allowing acceptance or customization. Consent is stored for 12 months and can be withdrawn anytime via the banner link or browser settings.

9.4 Widget Cookies

When our widget is embedded on a brand website, cookies may be set on:

  • Our domain (e.g., the-fitting-room.app)
  • The host website’s domain (if permitted)

Brands must display cookie notices referencing this Policy and obtain end-user consent.

10. SECURITY

We apply industry-standard technical and organizational measures including:

  • HTTPS encryption
  • Firewalls and DDoS protection
  • Access control and role-based permissions
  • Regular security audits and vulnerability scans

However, no system is 100% secure, and we cannot guarantee absolute protection.

11. CHILDREN’S PRIVACY

Our Service is not directed to children under 16 years of age. We do not knowingly collect their data. If discovered, such data will be deleted promptly.

12. CHANGES TO THIS POLICY

We may update this Policy periodically. Material updates will be announced through our website and widget interface. Continued use after updates constitutes acceptance of the revised Policy.

13. CONTACT AND COMPLAINTS

Questions or complaints can be addressed to: 📧 concierge@thefittingroom.com

If you believe your rights under GDPR/DSG have been violated, you may lodge a complaint with:

  • The Swiss Federal Data Protection and Information Commissioner (FDPIC), or
  • Your local EU Data Protection Authority (DPA).
Cookie Name Type Purpose Retention
_tfr_session Strictly necessary Maintains session ID Session
_tfr_consent Functional Stores cookie preferences 12 months
_ga, _gid Analytics Google Analytics tracking 12 months
__stripe_sid, __stripe_mid Payment Fraud prevention 12 months

15. EFFECTIVE DATE

This Privacy and Cookie Policy enters into force on November 1, 2025 and remains effective until replaced or withdrawn.

The Fitting Room Email: concierge@thefittingroom.com Address: Polychrome - 20 rue Joseph Girard - 1227 Carouge - Switzerland