Privacy Policy

Last updated: June 3, 2026

Introduction

Fit & Miss Ltd ("we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, share, retain, and protect your data when you use our mobile and web applications and related services (the "Service"). It also describes your rights. By using the Service, you consent to the practices described here. This Policy is part of our Terms of Service.

We act as the Data Controller for personal data collected through the Service, as defined under the GDPR and equivalent frameworks. Our Data Processing Agreement is available at fitormiss.com/dpa.

1. Information We Collect & Legal Basis for Processing

• Account Registration Data: Full name, email address, username, password (hashed), and self-certified age confirmation (18+). Legal basis: Performance of a contract (GDPR Art. 6(1)(b)).
• Social Login Data: If you register or sign in using a third-party service (e.g., Google Sign-In, Apple Sign-In), we receive basic profile information from that provider (such as name, email address, and profile photo) as permitted by your settings with that provider. We do not receive your password for those services. Legal basis: Performance of a contract / Consent.
• User-Generated Content (UGC): Outfit photos, videos, captions, hashtags, votes, comments, and direct messages. Legal basis: Performance of a contract / Legitimate interests (GDPR Art. 6(1)(b)(f)).
• Profile Data: Username, profile photo/avatar, bio, and style preferences. Legal basis: Performance of a contract.
• Technical & Device Data: IP address, device type, hardware model, operating system, browser type, mobile advertising identifiers (Apple IDFA, Google Advertising ID), crash logs, and session tokens. Legal basis: Legitimate interests (service security and performance).
• Usage & Analytics Data: Screens viewed, features used, tap events, time spent on content, and voting behavior, collected via tools including Google Analytics, Google Tag Manager, and Microsoft Clarity. Legal basis: Consent (for non-essential analytics) / Legitimate interests.
• Location Data: Approximate location inferred from IP address only. We do not collect precise GPS location unless you explicitly grant permission in your device settings. Legal basis: Legitimate interests.
• Push Notification Tokens: Device tokens to deliver push notifications, if you opt in. Legal basis: Consent.
• Communications Data: Emails or messages sent to our support team, and in-app direct messages.
• Payment Data (if applicable): Billing name, address, and masked payment card details, processed by a PCI-DSS-compliant payment processor. We do not store full card numbers.
• Cookies & Tracking Technologies: See Section 3 (Cookie Policy) below.

2. Biometric Data Notice

Fit & Miss does not intentionally collect, use, or store biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), Washington's My Health MY Data Act, or equivalent state or international biometric privacy laws. This includes, but is not limited to, retina or iris scans, fingerprints, voiceprints, face geometry, and hand geometry.

We do not perform facial recognition, body measurement analysis, or any automated biometric processing on User-Generated Content. Outfit images uploaded to the Service are displayed for community voting and are not processed by any biometric identification system operated by or on behalf of Fit & Miss.

In the event that we ever introduce any feature that could be construed as biometric data collection, we will: (a) provide prominent prior notice to affected users; (b) obtain separate, explicit, written consent as required by applicable law; (c) publish a compliant Biometric Data Retention Policy; and (d) not sell, lease, trade, or otherwise profit from biometric data.

If you believe that any feature of the Service has collected your biometric data without authorization, please contact us immediately at support@fitormiss.com.

3. Cookie Policy

We use cookies, tracking pixels, web beacons, and similar technologies to operate the Service, remember your preferences, and enable advertising and analytics.

• Essential Cookies: Required for core Service functionality, including authentication session tokens. These cannot be disabled.
• Analytics Cookies: Used by tools such as Google Analytics, Google Tag Manager, and Microsoft Clarity to understand usage patterns. Set only with your consent where required by applicable law.
• Advertising & Tracking Pixels: Used to serve personalized advertisements and track affiliate link conversions. These may be set by third-party advertising networks.
• Consent & Cookie Preferences: Where required by law (e.g., the EU ePrivacy Directive for EU/UK users, and CCPA for California users), a cookie consent banner will be displayed giving you granular control over non-essential cookies. You may withdraw or change your consent at any time via your account Cookie Settings or your browser settings.
• Do Not Track (DNT). California's Online Privacy Protection Act (CalOPPA) requires us to disclose how we respond to DNT signals. Currently, Fit & Miss does not alter its data collection or use practices in response to DNT signals from your browser, as there is no universally accepted standard for how platforms should respond to such signals. We will revisit this position as standards evolve. You may limit certain tracking by adjusting your cookie preferences as described above.

4. How We Use Your Information

• Service Delivery: To operate the core outfit-voting features, display your uploads, and facilitate user interactions.
• Personalization: To personalize your feed and recommend content.
• Advertising & Monetization: To serve relevant advertisements, sponsored recommendations, and affiliate links, and to measure ad performance.
• Security & Fraud Prevention: To detect and prevent fraud, spam, abuse, and unauthorized access; to enforce our 18+ policy.
• Analytics & Improvement: To monitor performance, fix bugs, and improve features.
• Legal Compliance: To comply with applicable laws and valid legal requests.
• Communications: To send transactional emails and, with your consent, marketing communications. You may unsubscribe from marketing emails at any time by clicking "Unsubscribe" in any marketing email or by contacting support@fitormiss.com. We process unsubscribe requests within ten (10) business days, as required by the CAN-SPAM Act (US), PECR (UK), and equivalent anti-spam laws.
• Automated Decision-Making: Our platform uses automated systems for content ranking, feed personalization, and spam detection. These systems process your usage data and content engagement signals. They do not make legally significant decisions about you. Under GDPR Art. 22, you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects; our automated systems do not rise to that threshold. If you have concerns, contact support@fitormiss.com.

5. How We Share Your Information

We do not sell your personally identifiable information to third-party data brokers.

• Public Content: Your username, profile photo, and outfit posts are visible to all users by default. Adjust visibility in your account settings.
• Advertising Networks: Anonymized or pseudonymized device identifiers, usage metrics, and location signals shared with ad networks for targeted advertising and measurement.
• Affiliate & E-Commerce Partners: Click metrics and tracking tokens processed when you interact with product links.
• Infrastructure Sub-processors: Cloud hosting providers, CDNs, and database vendors necessary to operate the Service (see Section 6).
• Legal & Safety Disclosures: Disclosed to law enforcement, regulators, or courts where required by law, or to protect the safety of our users or the public.
• Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred to the acquiring entity subject to the same privacy protections.
• With Your Consent: Shared with third parties only where you have given explicit consent.

6. Sub-Processors & International Data Transfers

We use the following categories of sub-processors: cloud infrastructure and database hosting (including Supabase); content delivery networks; analytics providers (Google Analytics, Microsoft Clarity); email delivery providers; advertising networks; and payment processors. A current list is available on request at support@fitormiss.com.

Your data may be transferred to and processed in countries outside your country of residence, including the United States. Where we transfer personal data from the EEA, UK, or Switzerland to a country not recognized as providing adequate protection, we implement Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards. Full details are in our DPA.

7. Data Retention

• Active Account Data: Retained for as long as your account is active or as needed to provide the Service.
• User-Generated Content: Retained until you delete it or your account. Removed from production servers within thirty (30) days of deletion.
• Backup Copies: Purged from backup systems on a rolling cycle within ninety (90) days.
• Legal Hold: Data may be retained longer where required by law, litigation holds, or regulatory obligations.
• Inactive Accounts: Data associated with accounts inactive for twenty-four (24) months is subject to deletion after prior notice, per Section 2 of our Terms of Service.
• Aggregated Analytics: Anonymized, aggregated data may be retained indefinitely as it no longer constitutes personal data.

8. Your Privacy Rights

Submit rights requests to support@fitormiss.com or via your in-app account settings. We respond within thirty (30) days (or the timeframe required by applicable law) after verifying your identity.

• Right of Access (GDPR Art. 15 / CCPA / APPs): Request a copy of your personal data.
• Right to Rectification (GDPR Art. 16): Correct inaccurate or incomplete data.
• Right to Erasure (GDPR Art. 17): Request deletion of your personal data where there is no compelling reason for continued processing.
• Right to Data Portability (GDPR Art. 20): Receive your data in a structured, machine-readable format.
• Right to Object (GDPR Art. 21): Object to processing based on legitimate interests, including direct marketing.
• Right to Restrict Processing (GDPR Art. 18): Request restriction of processing in certain circumstances.
• California Rights (CCPA/CPRA): California residents have the right to know, delete, correct, and opt out of the "sale" or "sharing" of personal information. To opt out, contact support@fitormiss.com or use the "Do Not Sell or Share My Personal Information" link on our website.
• Australia (Privacy Act 1988 & APPs): Australian residents may request access to and correction of their personal information and may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
• Right to Lodge a Complaint: EEA/UK residents have the right to lodge a complaint with their local data protection authority (e.g., the ICO in the UK).

9. Children's Privacy (COPPA & Global Equivalents)

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us at support@fitormiss.com and we will promptly delete it.

10. Security

We implement industry-standard technical and organizational security measures including TLS encryption in transit, encryption at rest, access controls, and regular security monitoring. No method of internet transmission is 100% secure. You upload content and transmit personal data at your own risk. To the fullest extent permitted by law, we accept no liability for damages from data breaches or unauthorized access, except where directly caused by our gross negligence or willful misconduct.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least fourteen (14) days before taking effect. The current version is always available at fitormiss.com/privacy.

12. Contact Us

Privacy Team: support@fitormiss.com. This Privacy Policy is part of our full legal framework, which also includes our Terms of Service, DPA, and Community Guidelines.