Privacy Policy – SIZIT AI SL

At SIZIT AI SL ("SIZIT," "we," "us," or "our"), we are committed to safeguarding your privacy and ensuring compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and secure personal data when you interact with our website, our mobile application, or any other platform operated by us (collectively, the "Platform").

1. Data Controller

The data controller responsible for processing your personal data is:

2. Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly: name, email address, contact details, and other information you provide when registering, contacting us, or using our services.

Images of your feet: provided voluntarily when using our AI measurement service.

Automatically collected information: device information, browser type, IP address, pages visited, and cookies (see Section 8).

Information from transactions: if you proceed to purchase, we may collect relevant identifiers (e.g., cart or order references).

3. Purposes and Legal Bases of Processing

We process your personal data for the following purposes and under the legal bases established by GDPR:

Provision of services (Legitimate Interest / Contractual Necessity):

• Processing images of your feet to provide the size recommendation service you request.
• These images are not stored after analysis and are only processed to deliver the requested output.

Algorithm improvement (Legitimate Interest, with Anonymization & Randomization):

• When you add products to the cart, images may be anonymized, randomized, stripped of all metadata, and saved for algorithm training and improvement purposes.
• These images cannot be traced back to you and do not allow identification of any individual.

Communication (Consent / Legitimate Interest):

• To respond to your inquiries and provide updates related to our services.
• For marketing communications, we will only process your data with your prior consent (you may withdraw at any time).

Compliance and legal obligations (Legal Obligation):

• To comply with applicable law, respond to lawful requests from authorities, and defend legal claims.

4. Data Retention

Service images: deleted immediately after processing your size recommendation.

Anonymized images (training data): retained only for as long as necessary to improve and maintain our algorithms, without any possibility of linking to individual users.

Other personal data (e.g., account information, communications): retained for as long as your account is active or as required by applicable law.

5. Data Sharing and Recipients

We may share personal data with:

• Service providers and processors assisting us with hosting, analytics, and technical support, subject to strict confidentiality obligations.
• Authorities or regulators, where required by law.
• Business transactions, if SIZIT AI SL undergoes a merger, acquisition, or restructuring, in which case appropriate safeguards will be implemented.

We do not sell or trade your personal data to third parties.

6. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, in line with GDPR requirements.

7. Your Rights

As a data subject, you have the following rights under GDPR:

• Right of access – to obtain a copy of your personal data.
• Right of rectification – to correct inaccurate or incomplete data.
• Right of erasure ("right to be forgotten") – to request deletion of your data.
• Right to restriction of processing – to limit how your data is used.
• Right to data portability – to receive your data in a machine-readable format.
• Right to object – to object to processing based on legitimate interests or for marketing purposes.
• Right to withdraw consent – where processing is based on your consent.
• Right to lodge a complaint – with the Spanish Data Protection Authority (AEPD) or another supervisory authority in the EU.

You may exercise these rights at any time by contacting us at: contact@sizit.ai

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance functionality, analyze usage, and improve our services. You may adjust your browser settings to disable cookies, although this may affect your user experience.

9. Children's Privacy

Our Platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such information, please contact us so we can delete it.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse. However, no system is completely secure, and we cannot guarantee absolute security.

11. Updates to this Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date.

12. Contact Us

For questions, concerns, or to exercise your GDPR rights, please contact us at: