Privacy Policy

Last updated: February 10, 2026

Introduction
Data We Collect
How We Use Your Data
AI Processing
Third-Party Services
Data Storage and Security
Data Retention
International Data Transfers
Cookies and Local Storage
Your Rights
Children's Privacy
Changes to This Policy
Contact Us

1. Introduction

Digivasion GmbH ("FitInView", "we", "us", or "our"), a company registered in Switzerland, operates the FitInView platform at fitinview.com -- an AI-powered smart wardrobe management application.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service. We are committed to safeguarding your privacy in accordance with the Swiss Federal Act on Data Protection (nDSG/FADP) and the European General Data Protection Regulation (GDPR).

This Privacy Policy forms part of our Terms of Service. We process your personal data on the lawful bases outlined in Section 3 below.

2. Data We Collect

2.1 Account Data

Email address -- used for authentication, communication, and account recovery
Name -- used for personalization within the app
Password -- securely hashed using argon2id (we never store plaintext passwords)
Google OAuth data -- if you sign in with Google, we receive your email and profile name from Google

2.2 Wardrobe Data

Photos of clothing items -- uploaded by you for cataloging
Personal photos for virtual try-on -- if you use the virtual try-on feature, you may upload photos of yourself; we process these solely to generate virtual try-on images at your explicit request
Item metadata -- categories, colors, subcategories, brands, descriptions, and other attributes you provide
Outfit compositions -- combinations of items you create

2.3 AI-Generated Data

Style analysis results -- style DNA profiles, fashion recommendations
Outfit suggestions -- AI-generated outfit combinations
Virtual try-on images -- AI-generated images showing you in selected outfits
Generated videos -- AI-generated fashion showcase videos
Background removal results -- processed item images with backgrounds removed
Style lookup research -- AI-researched information about fashion items

2.4 Location and Scanning Data

Storage locations -- labels for where items are stored in your home (e.g., closet names, room designations)
Camera frames -- during apartment scanning, camera frames are captured and processed to identify storage areas; these are temporarily stored for up to 7 days to ensure processing is complete, then permanently deleted
Microphone audio -- optional voice labeling during scanning, processed for text transcription only and not stored as audio
Geolocation -- optional, used solely for weather-based outfit suggestions; not tracked or stored beyond the current session

2.5 Payment Data

Stripe customer data -- your payment transactions are processed by Stripe; we store only your Stripe customer ID and subscription status
Transaction records -- credit purchases, subscription history, and billing events
We do not store credit card numbers, CVVs, or full payment card details on our servers

2.6 Usage and Engagement Data

Credit balance and transactions -- records of credits earned, spent, and purchased
Engagement data -- streaks, achievements, XP levels, and activity timestamps
Feature usage -- which features you use and how often

2.7 Email Import Data

Forwarded emails -- order confirmation emails you forward to your FitInView inbox address are parsed by AI to extract product details
Extracted product data -- item names, descriptions, images, and metadata extracted from forwarded emails
We process only emails sent to your unique FitInView inbox address; we do not access your email account directly

2.8 Authentication Data

JWT tokens -- used for session management
Google OAuth tokens -- if using Google Sign-In, managed per Google OAuth 2.0 protocol

2.9 Data from Third Parties

We may receive personal data from third-party sources (GDPR Art. 14):

Google -- if you use Google Sign-In, we receive your email address and display name from Google
Stripe -- payment confirmation data, subscription status, and customer identifiers

2.10 Special Categories of Data

We do not intentionally collect or process special categories of personal data as defined by GDPR Art. 9 (e.g., data revealing racial or ethnic origin, health data, biometric data for identification). If you upload personal photos for virtual try-on that may incidentally reveal such information, processing is based on your explicit consent given when you initiate the try-on feature. We do not use your photos for biometric identification purposes.

2.11 Necessity of Providing Data

Providing certain personal data (email address, name, and password) is necessary to create an account and use the service. If you do not provide this data, you will not be able to register or use FitInView. Optional features (such as virtual try-on, email import, or apartment scanning) require additional data only when you choose to use those features.

3. How We Use Your Data

We use your data for the following purposes, along with the lawful basis for each (as required by GDPR Art. 13):

Purpose	Lawful Basis (GDPR)
Providing the service -- wardrobe cataloging, outfit creation, AI styling features	Performance of contract (Art. 6(1)(b))
AI analysis -- generating style recommendations, virtual try-on images, and outfit suggestions	Performance of contract (Art. 6(1)(b))
Account management -- authentication, subscription management, credit tracking	Performance of contract (Art. 6(1)(b))
Communication -- service notifications and policy updates	Performance of contract (Art. 6(1)(b))
Weekly digest emails -- style tips and wardrobe insights	Consent (Art. 6(1)(a)); you can opt out at any time
Service improvement -- understanding feature usage patterns to improve the platform	Legitimate interest (Art. 6(1)(f))
Aggregated analytics -- analyzing anonymized and aggregated usage data to improve features and performance	Legitimate interest (Art. 6(1)(f))
Payment processing -- handling subscriptions and credit purchases via Stripe	Performance of contract (Art. 6(1)(b))
Legal compliance -- retaining financial records as required by law	Legal obligation (Art. 6(1)(c))

Where we rely on legitimate interest, our specific interests are: improving the service for all users, ensuring platform security, and preventing fraud. We have assessed that these interests do not override your rights and freedoms. You may object to processing based on legitimate interest at any time by contacting us at privacy@fitinview.com. We do not use your data for profiling for marketing or advertising purposes.

We do not sell, rent, or share your personal data with third parties for their marketing or advertising purposes.

4. AI Processing

FitInView uses artificial intelligence extensively to provide its core features. Here is how your data interacts with AI systems:

Photo analysis -- your clothing photos and, where applicable, personal photos are sent to AI services for style analysis, virtual try-on generation, background removal, and item recognition
Text analysis -- item descriptions, style preferences, and forwarded email content are processed by AI to extract structured information
Image generation -- AI generates virtual try-on images and fashion videos based on your photos and wardrobe items
Storage of results -- AI-generated images and videos are stored on our servers and associated with your account

AI Providers and Data Minimization

Our AI processing is performed through the following providers: Google (Gemini AI models for text and image analysis, Veo for video generation), Perplexity (fashion research via Sonar Pro), and OpenRouter (as a gateway for additional AI model routing). We apply data minimization principles by sending only the specific data needed for each AI operation -- for example, only the relevant clothing photo for style analysis, not your entire wardrobe catalog.

AI outputs are algorithmic suggestions based on pattern recognition. We do not guarantee their accuracy. If you believe an AI-generated result is inaccurate or inappropriate, you can contact privacy@fitinview.com to request a human review. All AI features are user-initiated; no AI processing occurs without your explicit action.

AI training: We access AI services through their commercial APIs. Your data is not used to train AI models. Our API agreements with providers prohibit the use of customer data for model training.

5. Third-Party Services

We use the following third-party services to operate FitInView:

Service	Purpose	Location
Hetzner	Server hosting and data storage	Germany (EU)
Stripe	Payment processing for credit purchases and subscriptions	United States (DPF certified)
Google (Gemini AI, Veo)	AI image analysis, text generation, video generation, OAuth authentication	United States (DPF certified)
OpenRouter	AI request routing to various AI model providers (see note below)	United States
Perplexity	AI-powered fashion and product search	United States
Postfix (self-hosted)	Transactional email delivery (runs on our own European servers)	Germany (EU)

All third-party service providers who process personal data on our behalf do so under written Data Processing Agreements (DPAs) that comply with GDPR Art. 28 and Swiss nDSG requirements. We share only the minimum data necessary for each service to function.

Note on OpenRouter: OpenRouter acts as a gateway to AI model providers (sub-processors). We currently route requests through OpenRouter to the following downstream providers: Google (Gemini models), Groq, and Anthropic. We require OpenRouter to maintain appropriate data protection agreements with all downstream providers. We will update this list when new sub-processors are added. You may request the full current list at any time by contacting privacy@fitinview.com.

6. Data Storage and Security

Server location -- your data is stored on servers located in Germany (EU), hosted by Hetzner
Database isolation -- each tenant (account) has its own isolated SQLite database, ensuring your data is separated from other users
Image storage -- uploaded and generated images are stored on our server filesystem with unique identifiers
Encryption -- all data in transit is encrypted using TLS 1.2+/HTTPS; passwords are hashed with argon2id; database files are stored on encrypted volumes
Access control -- access to production systems is restricted to authorized personnel only via SSH key authentication; no shared credentials
Backups -- regular encrypted backups are maintained; backups are subject to the same security controls as primary data
Monitoring -- we employ security monitoring to detect and respond to unauthorized access attempts

We do not sell your data to any third party, ever.

7. Data Retention

Data Type	Retention Period
Active account data	Retained while your account is active; accounts inactive for 3+ years (no login) are subject to review and potential deletion after 30 days' notice via email
Deleted account data	All data deleted within 30 days of account deletion
Demo try-on results	Automatically deleted after 24 hours
Apartment scan frame images	Deleted after 7 days
Email queue files	Deleted after processing; failed emails removed after 3 attempts
Payment records	10 years as required by Swiss accounting law (Swiss Code of Obligations Art. 958f)
AI-generated content	Retained while your account is active; deleted within 30 days of account deletion
Engagement data (streaks, XP)	Retained while your account is active; deleted within 30 days of account deletion

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours (GDPR Art. 33). If the breach is likely to result in a high risk to you, we will also notify you directly without undue delay (GDPR Art. 34).

8. International Data Transfers

While your primary data is stored on servers in Europe, certain data is transferred to the United States for processing by our third-party AI and payment providers (see Section 5). All transfers are to the United States.

These transfers are protected by the following legal mechanisms:

Standard Contractual Clauses (SCCs) -- approved by the European Commission (Commission Implementing Decision (EU) 2021/914) and recognized under Swiss law, in place with all US-based processors
Swiss-US and EU-US Data Privacy Framework -- for transfers to certified US organizations (Stripe is a certified participant)

Additionally, Stripe maintains PCI DSS (Payment Card Industry Data Security Standard) compliance as an industry security measure for all payment data.

Our third-party processors may transfer data onward to other countries. We require all such onward transfers to be protected by appropriate safeguards equivalent to those described above.

You may request a copy of the safeguards (such as Standard Contractual Clauses) used for international data transfers by contacting privacy@fitinview.com.

9. Cookies and Local Storage

FitInView uses a minimal set of cookies. When you first visit our site, you are presented with a cookie consent banner that allows you to accept all cookies or only essential cookies (in compliance with ePrivacy Directive Art. 5(3)).

Cookie Consent

Essential cookies are set without requiring consent as they are strictly necessary for the service to function. Functional cookies are only set if you consent by clicking "Accept All" in our cookie banner. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, or by contacting privacy@fitinview.com.

Cookie Details

Cookie	Type	Purpose	Duration
access_token	Essential	JWT authentication token for your login session	7 days
refresh_token	Essential	Secure token for renewing your session	30 days
cookie_consent	Essential	Records your cookie consent preference	1 year
demo_id	Functional	Anonymous identifier for the landing page demo	90 days

All cookies are first-party cookies set by fitinview.com. We do not use any third-party cookies.

Local Storage

We use browser localStorage (strictly necessary for service operation) for:

Apartment scan backup -- temporary backup of in-progress apartment scans (cleared after save)
UI preferences -- sidebar state, last viewed section
Cookie consent record -- backup of your consent preference

We do not use third-party analytics cookies, advertising cookies, or tracking pixels. We do not use cookies for profiling or marketing purposes.

10. Your Rights

Under the GDPR and the Swiss nDSG, you have the following rights regarding your personal data:

Right	GDPR	Swiss nDSG
Right of access -- obtain a copy of your personal data	Art. 15	Art. 25
Right to rectification -- correct inaccurate data	Art. 16	Art. 32
Right to erasure -- request deletion of your data	Art. 17	Art. 32
Right to data portability -- receive your data in a machine-readable format	Art. 20	Art. 28
Right to restrict processing -- limit how we use your data	Art. 18	--
Right to object -- object to certain processing of your data	Art. 21	--
Right to withdraw consent -- withdraw previously given consent at any time	Art. 7(3)	Art. 6(6)
Right regarding automated decisions -- not to be subject to decisions based solely on automated processing that produce legal or significant effects	Art. 22	Art. 21
Right to lodge a complaint -- file a complaint with a supervisory authority if you believe your data rights have been violated	Art. 77	Art. 49

Automated Decision-Making

FitInView uses AI to generate style recommendations, outfit suggestions, and virtual try-on images. These AI outputs are provided as suggestions only and do not produce legal effects or similarly significant effects on you. No decisions that affect your access to the service, pricing, or account standing are made solely by automated processing. You always retain full control over which suggestions to follow. If you have concerns about any AI-generated content related to you, you can contact us at privacy@fitinview.com to request a human review.

Where processing is based on your consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Exercising Your Rights

To exercise any of these rights, contact us at privacy@fitinview.com. We will respond within 30 days (or within the statutory period required by applicable law). If we require additional time, we will inform you of the reason and extension period (up to an additional 60 days for complex requests). We may request additional information to verify your identity before fulfilling your request (GDPR Art. 12(6)). You may exercise your data rights without it affecting your access to the service.

Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority if you believe your personal data has been processed in violation of applicable law:

Switzerland: Federal Data Protection and Information Commissioner (FDPIC) -- edoeb.admin.ch, Feldeggweg 1, 3003 Bern
EU/EEA: You may lodge a complaint with the Data Protection Authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement. A list of EU DPAs is available at edpb.europa.eu

11. Children's Privacy

FitInView is not intended for use by children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@fitinview.com, and we will promptly delete such data.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes affecting data processing purposes, lawful bases, or your data subject rights, we will notify you via email at least 30 days before the changes take effect. For minor administrative or clarifying changes, we will update the policy on our website.

The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Data Controller

Company: Digivasion GmbH
Address: Digivasion GmbH, Zurich, Switzerland
Email: privacy@fitinview.com
Website: fitinview.com

EU Representative

As Digivasion GmbH is established in Switzerland and offers services to individuals in the EU/EEA, we are in the process of appointing a representative in the European Union in accordance with GDPR Article 27. The contact details of our EU representative will be published here once appointed. In the meantime, EU/EEA residents may direct any privacy inquiries to privacy@fitinview.com.

Data Protection Officer

FitInView has not appointed a Data Protection Officer (DPO), as we do not meet the thresholds requiring one under GDPR Art. 37 or the Swiss nDSG. For all data protection matters, please contact us at privacy@fitinview.com.