Fit Room

Legal

Privacy & Cookies

Last updated: 26 April 2026 · Fit Room is operated from the United Kingdom.

This Privacy & Cookies policy explains how Fit Room ("we", "us", "our") processes personal data when you use our websites, applications, and virtual try-on services at https://fit-room.com (together, the "Service"). It applies to visitors, business customers, and their end users where we act as a processor on behalf of a retailer. We process personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data controller and contact

The data controller for personal data we collect in connection with the Service is the Fit Room entity named in your order, contract, or sign-up (UK). For questions about this policy or your personal data, contact us at privacy@fit-room.com. You can also write to the postal address provided on your agreement or on our website. We are not required to appoint a Data Protection Officer for all cases; if we designate one, their details will appear here and in our Contact page.

2. What personal data we collect

Depending on how you use the Service, we may process:

  • Account and contact data — name, work email, company name, role, billing and shipping address, phone number, and similar details you or your organisation provide.
  • Authentication and security data — login identifiers, security tokens, session and device metadata used to keep accounts secure and prevent abuse.
  • Service and product usage data — feature usage, API calls, configuration, error logs, performance metrics, and support tickets.
  • Images and media for virtual try-on — where enabled, photos, short video, or other uploads that shoppers or your staff provide so our models can render try-on results. This may include images of a person’s body or face for fitting visualisation. We process such media only to deliver the try-on feature and as described in your agreement or embed settings.
  • Cookies and similar technologies — see section 5.
  • Correspondence — content of emails, chat, or calls with us, and marketing preferences.

If you are a retail customer’s end user, the retailer (our customer) is often the controller of your personal data, and we process it as a processor under their instructions. The retailer’s privacy notice will also apply. Where we are the controller, this policy applies in full.

3. How and why we use your data (lawful bases)

We use personal data for the following purposes, based on the lawful basis stated:

  • To provide, secure, and improve the Service — performance of a contract, steps prior to a contract, or legitimate interests in operating a reliable B2B SaaS platform and virtual try-on product.
  • Billing, accounting, and administration — contract and legal obligation (including tax).
  • Customer support and communications — contract and legitimate interests.
  • Analytics, product research, and security monitoring — legitimate interests, or consent where we rely on non-essential cookies (see below).
  • To comply with law — legal obligation (e.g. requests from competent authorities where valid).
  • Direct marketing to business contacts — legitimate interests and/or consent, depending on channel and your preferences. You can opt out of marketing at any time.

Some image processing for virtual try-on may involve special category or sensitive data in certain contexts. Where that applies, we rely on the explicit instructions of the retailer (where they are controller), appropriate contractual safeguards, and/or appropriate lawful bases and safeguards under UK GDPR, including your explicit consent where we ask for it in the product flow.

4. Recipients, processors, and international transfers

We share personal data with trusted service providers (hosting, email delivery, support tooling, security, payments, and analytics) who process data on our instructions under written agreements. Some providers may be located outside the United Kingdom. When we transfer personal data to countries not covered by a UK adequacy decision, we use appropriate safeguards such as the UK International Data Transfer Agreement or Addendum (IDTA) and supplementary measures as needed.

5. Cookies and similar technologies

We use cookies and similar technologies to:

  • Strictly necessary — remember sessions, load balancing, security (e.g. CSRF protection), and your cookie choices. These are required for the site to work.
  • Functional — remember preferences such as language or UI settings.
  • Analytics — understand how the Service is used so we can improve it. Where required by law, we will only set non-essential cookies after you consent through our cookie banner or settings.
  • Personalisation and marketing — if we use them, we will only activate them with your consent where the Privacy and Electronic Communications Regulations (PECR) and UK GDPR require it.

You can change cookie choices via the link or banner on our site. Browser settings can also block cookies, but some features may not work correctly.

6. Data retention

We keep personal data only for as long as needed for the purposes above, including legal, accounting, and dispute resolution. Image and media used for a try-on may be held only for a short period required to generate results, or longer if the retailer’s settings or the contract require it—subject to review and minimum retention. When retention ends, we delete or irreversibly anonymise data, unless a longer period is required by law.

7. Security

We use technical and organisational measures appropriate to the risk, such as access controls, encryption in transit, monitoring, and staff training. No method of transmission or storage is 100% secure; we encourage strong passwords and device security on your side.

8. Your rights under UK GDPR

You may have the right to:

  • Request access to your personal data;
  • Request rectification of inaccurate data;
  • Request erasure, restriction, or object to processing in certain cases;
  • Data portability, where applicable;
  • Withdraw consent for processing where we rely on consent, without affecting earlier lawful processing;
  • Object to direct marketing (always);
  • Not be subject to solely automated decisions with legal or similarly significant effects, where the UK GDPR applies.

To exercise your rights, contact privacy@fit-room.com. If you are an end user of a retailer’s site, you may also contact the retailer, who is often your main point of contact.

9. Supervisory authority

If you are in the UK and have concerns that we have not resolved, you can complain to the Information Commissioner’s Office (ICO): ico.org.uk.

10. Children

The Service is directed at businesses and adults. We do not intentionally collect personal data from children under 14 (or the digital consent age in your market) for profile-building. Try-on features on retailer sites are controlled by the retailer’s own rules.

11. Changes to this policy

We may update this Privacy & Cookies policy from time to time. The "Last updated" date at the top will change, and we will take further steps (such as email or a notice in the app) for material changes where appropriate.