Fit It On - Privacy Policy

Introduction

At FitItOn (referred to as 'Fit It On', 'we', 'us', or 'our'), we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data when you use our website, apps, and services.

Scope of this Policy

This policy applies to all services provided by Fit It On, including our primary site fititon.app and our Shopify app hosted at shopify.fititon.app. Third-party services integrated with our offerings have their own privacy policies.

Information Collection

We collect information in the following ways:

• Direct Collection: Information you provide directly to us, such as your contact details (e.g., email address if you sign up manually), and content you upload or share (e.g., photos for virtual try-on).
• Automatic Collection: Device information, geolocation data (if enabled), and usage data like pages visited, interactions within the app, and technical logs.
• Third-Party Sources: Additional data from partners like social networks or service providers, primarily for authentication purposes.
• Google User Data: When you sign in to Fit It On using your Google account, we collect your Google email address and Google profile name. We do not collect any other Google user data (such as contacts, calendar, or Google Drive data) beyond what is necessary for authentication and basic profile display.
• Shopify store and customer data (Shopify app only): If you install our Shopify app, we collect store identifiers (store domain, plan/usage context, API key), merchant API/storefront events you send (shop domain, customer ID/email, first/last name, product ID/title, activity type such as try-on/add to cart/purchase, metadata, timestamps, and source), and API request logs (request type, status, input/output, and error messages) to operate the service.

We collect only the minimum data needed to deliver try-on experiences and merchant analytics. Please avoid sending sensitive or special-category personal data in free-form metadata fields.

Photo Privacy: Photos uploaded for virtual try-on are only processed and stored to generate your try-on results and to enhance your user experience by allowing you to view and manage your try-on history in your gallery. They are never shared with third parties for marketing or other unrelated purposes, are not used for training general AI models, and can be deleted by you at any time from your gallery settings.

Use of Information

Your information, including Google user data, is used solely to provide and improve our core application functionality:

• To provide and improve our virtual try-on services.
• To create and manage your user account and login sessions.
• To communicate essential service-related updates, offers, and customer support.
• To ensure the security and legal compliance of our services.
• Use of Google User Data: We use your Google email address to create and manage your Fit It On account, for login purposes, and to send you essential service-related communications (such as password resets or account notifications). We use your Google profile name to personalize your user experience within the application (e.g., displaying your name in your profile).
• Shopify app: We use Shopify store and customer event data only to provide merchant-facing analytics, performance reporting, troubleshooting, fraud/abuse prevention, and support. We do not use Shopify customer data for advertising or selling to third parties.

Information Sharing

We share your data only under the following limited circumstances:

• With your explicit consent.
• With trusted third-party service providers who perform functions on our behalf to support our services (e.g., cloud hosting, database management). These providers are contractually bound to protect your data and are prohibited from using it for any other purpose.
• To comply with legal obligations, enforce our terms of service, or protect the rights, property, or safety of Fit It On, our users, or the public.
• Sharing of Google User Data: We do not share, transfer, or disclose your Google user data with any third parties except as strictly necessary to provide the core functionality of Fit It On (e.g., for secure account management with our backend service provider) or when legally required.

Prohibited Data Uses and Transfers

We strictly limit the use and transfer of all personal data, including Google user data, to providing or improving the user-facing features of Fit It On.

We DO NOT sell your personal data to third parties. This is a fundamental principle of our service.

Data Protection

We implement industry-standard measures to protect your data, including encryption in transit and at rest, encrypted backups, access controls with least privilege, role-based access that is periodically reviewed, strong-password/SSO (and MFA where available) for staff, access logging for protected data with periodic review, and separation of test and production environments. Only authorized staff may access production data for support/operations, and access is revoked when no longer needed. We maintain a documented security incident response plan and will notify affected merchants/users without undue delay if an incident affects their data, including scope, impact, and remediation steps.

We apply data loss prevention controls (e.g., egress restrictions, monitoring/alerting, code reviews) and keep production customer data out of test/staging systems; we use synthetic or de-identified data in non-production.

Data Retention and Deletion

We retain your personal data, including Google user data, Shopify store and customer event data, and uploaded photos, only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, to provide our services to you, and to comply with our legal and regulatory obligations.

Account Deletion: When you delete your account, all associated personal data — including uploaded photos and try-on history — is permanently deleted from our systems. This action is irreversible and the data cannot be recovered. You may request for your data to be deleted by deleting your account through your account settings or by contacting us at the email below.

Shopify app data: We retain Shopify store customer events and API request logs while the store remains connected and for a limited period afterward (typically up to 180 days) for security, auditing, and troubleshooting, after which they are deleted or de-identified unless a longer period is required by law. Uninstalling the app stops future ingestion and triggers scheduled deletion. Merchants may also request earlier deletion via the contact below.

Backups are encrypted and follow a rolling retention schedule; backup copies age out and are purged on rotation. Deletion requests are applied to active data and will be reflected in backups once those backups expire from the retention window.

Your Rights

You have rights regarding your personal data, including access, correction, deletion, and objection to processing where applicable.

Depending on your location, you may also have rights under laws such as the GDPR (EU/UK/Switzerland) or CCPA (California).

Automated decision-making with legal or similarly significant effects is not performed by our services.

Shopify merchants and customers: We honor Shopify redaction/denial responses and will delete or provide access to customer data we process on your behalf upon request. To make a request, contact us at the email below or uninstall the app (which stops further ingestion).

Shopify App Disclosures

Our Shopify app processes protected customer data under Shopify’s protected customer data requirements. We collect only the minimum data needed to provide merchant analytics. If Shopify denies or redacts access to certain fields (for example, phone or address), those fields will return null and we will operate without them.

Merchants are responsible for obtaining any required consents from their customers before sending data to us and for avoiding sensitive or special-category personal data in free-form metadata fields.

Changes to this Policy

We may update this policy occasionally. Updates will be posted on our website with an updated effective date. Continued use of our services after changes implies your acceptance.