Privacy Policy

1. Introduction

Couture Profile ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our measurement management service ("Service"). This policy applies to all users globally and complies with the UAE Personal Data Protection Law (PDPL) and the General Data Protection Regulation (GDPR) for EU users.

2. Information We Collect

2.1 Account Information

When you sign in with Google OAuth, we collect:

• Name (from your Google account)
• Email address (from your Google account)
• Profile picture (if available from Google)
• Google user ID (for authentication purposes)

2.2 Profile and Measurement Data

You provide the following information when creating profiles and forms:

• Profile names (for yourself and family members)
• Relation (e.g., Self, Mother, Sister)
• Age category (Adult, Teen, Child)
• Gender
• Body measurements (chest, waist, hip, etc.)
• Custom measurement fields you create
• Notes and preferences
• Outfit type and style selections
• Purchase intent information (optional: designer name, email, timeline)

2.3 Photos and Media

Reference photos you upload, along with your descriptions (up to 500 characters per photo).

2.4 Comments and Communication

When designers or others comment on your shared forms, we collect their name (or "Anonymous"), optional email, and comment text.

2.5 Technical Data

We automatically collect minimal technical information including IP address, browser type, and access timestamps for security and service improvement purposes.

3. How We Use Your Information

We use your personal data for the following purposes:

3.1 Service Provision

• To create and maintain your account
• To store and display your measurement profiles and forms
• To generate shareable links for your forms
• To enable PDF downloads of your measurements
• To facilitate comments and communication on shared forms

3.2 Notifications

• To send in-app notifications when someone comments on your forms
• To send email notifications for new comments (with your consent)

3.3 Service Improvement

• To understand how users interact with the Service
• To identify and fix technical issues
• To improve features and user experience

3.4 Legal Basis for Processing (GDPR)

Our legal bases for processing your data are:

• Contract: Processing necessary to provide the Service you requested
• Consent: For email notifications (you can opt-out anytime)
• Legitimate Interest: To improve the Service and ensure security

4. How We Store and Protect Your Data

4.1 Data Storage

Your data is stored securely using:

• Supabase (PostgreSQL Database): For profiles, forms, measurements, and comments
• Supabase Storage: For reference photos
• Encryption: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS
• Access Control: Row-level security (RLS) policies ensure users can only access their own data

4.2 Data Security Measures

• Industry-standard encryption for data at rest and in transit
• Regular security audits and updates
• Secure authentication via Google OAuth
• Access logs and monitoring for suspicious activity

4.3 Third-Party Services

We use the following trusted third-party services:

• Supabase: Database and file storage infrastructure (ISO 27001 certified)
• Google: Authentication services via OAuth
• Cloudflare: Hosting and content delivery network
• Email Service Provider: For transactional email notifications

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

5. Share Links and Privacy

When you create a share link for an outfit form:

• Public Access: Anyone with the link can view the measurements, photos, and comments
• Not Searchable: Share links include a "noindex" meta tag, preventing search engines from indexing them
• Permanent: Links remain active until you delete the form or your account
• Your Responsibility: You control who has access by choosing who to share the link with

Important: Do not share links publicly if you want to keep your measurements private. We are not responsible for data accessed via links you share.

6. Your Privacy Rights

You have the following rights regarding your personal data:

6.1 Right to Access

You can view all your data anytime by logging into your account. You can also request a copy of your data by contacting us.

6.2 Right to Rectification

You can edit your profiles, forms, and measurements directly within the Service at any time.

6.3 Right to Deletion

You can delete individual forms, profiles, or your entire account through the Service. Deletion is permanent and immediate.

6.4 Right to Data Portability

You can download your measurement data as PDF files. For a complete data export, contact us.

6.5 Right to Object

You can opt-out of email notifications at any time through your account settings or by clicking unsubscribe in any email we send.

6.6 Right to Withdraw Consent

You can withdraw consent for optional data processing (like email notifications) at any time without affecting the lawfulness of processing based on consent before withdrawal.

7. Data Retention

We retain your data for as long as your account is active. When you delete your account or specific data, it is permanently removed from our systems within 30 days. Backup copies may persist for up to 90 days for disaster recovery purposes only.

8. International Data Transfers

Your data may be processed and stored in data centers operated by our service providers (Supabase, Cloudflare) in various locations globally. These providers comply with international data protection standards and employ appropriate safeguards for data transfers.

9. Cookies and Tracking

We use minimal cookies strictly necessary for the Service to function:

• Authentication Cookies: To keep you logged in (set by Supabase)
• Session Cookies: To maintain your session state

We do NOT use:

• Analytics cookies (Google Analytics, etc.)
• Advertising cookies
• Third-party tracking cookies

10. Children's Privacy

Users must be at least 13 years old to create an account. If you are between 13-18 years old, you must have parental or guardian consent. We do not knowingly collect personal information from children under 13. If we discover we have collected data from a child under 13, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. For significant changes, we may also send an email notification.

12. Contact Us

If you have questions, concerns, or requests regarding your privacy or this policy, please contact us:

Email: privacy@coutureprofile.com
Data Protection Officer: dpo@coutureprofile.com
Address: Couture Profile, Abu Dhabi, United Arab Emirates

For EU Users: If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.