FitCheckInstall on Shopify
← Back to home

Privacy Policy

How FitCheck handles the data you and your customers share with us.

Effective date: May 12, 2026

1. Who we are

FitCheck (“FitCheck”, “we”, “us”, “our”) is a Shopify app that provides an AI-powered virtual try-on experience for fashion stores. This policy explains what data we collect, how we use it, and the rights you have.

FitCheck is operated by Savvy Programmers. For any privacy-related questions, contact us at contact@savvyprogrammers.com.

If you are an EU/UK user, you may also use the same email to reach our designated privacy contact for data protection matters.

2. Data we collect

We only collect data we need to provide and improve the service. Specifically:

Shop data

  • Shop domain, shop name, owner email
  • Plan, currency, timezone, country

Merchant account data

  • Name and email associated with your Shopify account (received via OAuth)

Customer data

  • Emails captured by the try-on widget (only when a customer opts in to receive results or marketing)
  • Photos that customers upload or capture during a try-on session, used solely to generate the try-on result

Usage data

  • Feature usage, try-on generation counts, timestamps
  • IP address, browser, device, and operating system

Content data

  • Product images you authorize us to process
  • AI-generated try-on outputs

Billing data

Billing is handled by Shopify. We receive subscription status (active, cancelled, trial), plan tier, and usage counts. We do not receive or store payment card details.

3. How we collect it

  • Via Shopify OAuth when you install FitCheck
  • Via the Shopify Admin API and webhooks while the app is installed
  • Directly when you or your customers use the app UI or widget
  • Automatically through limited first-party analytics

4. Why we collect it

For each data type, the purpose and legal basis are:

  • Provide the service— contract performance. Required to operate the widget, generate try-ons, sync customer emails, and bill correctly.
  • Prevent abuse of the free tier— legitimate interest. We retain a hashed install identifier so the same store cannot repeatedly reinstall to reset free quota.
  • Comply with legal and tax obligations— legal obligation. Invoices and financial records are retained for the period required by applicable law.
  • Improve the product— legitimate interest. Aggregated, non-identifying usage metrics inform what we build next. We do not use customer photos to train AI models.
  • Marketing— consent. We only send marketing emails to merchants who have opted in.

5. Third parties

We use the following service providers to operate FitCheck:

  • Shopify — platform, billing, and merchant authentication. Privacy policy
  • DigitalOcean — application hosting, compute, and object storage. Privacy policy
  • MongoDB Atlas— managed database for merchant configuration, usage records, and customer email captures. Privacy policy
  • Prisma— the database access layer (ORM) we use to read and write data in MongoDB. Prisma is integrated as a library and does not, by itself, receive your data externally. Privacy policy
  • Google (Gemini “Nano Banana” image model)— the AI provider that generates try-on imagery. Product photos and customer try-on images are transmitted over TLS, processed transiently to produce the result, and are not used to train Google's models per the Gemini API terms. API terms · Privacy policy

6. Data retention

  • While installed: we retain data necessary to run the service.
  • After uninstall: we delete merchant and customer personal data within 48 hours, in line with Shopify policy and our GDPR webhook handlers.
  • Try-on photos: customer-uploaded photos are deleted within 24 hours of generation unless the customer explicitly saves the result.
  • Abuse-prevention identifier: a hashed install identifier is retained for up to 12 months to deter free-tier reinstallation abuse.
  • Financial records: kept as required by applicable law (typically 7 years).
  • Server logs: retained for 30 to 90 days, then rotated.

7. International data transfers

FitCheck's infrastructure and AI providers may process data in the United States, the European Union, and other regions. Where data leaves the EU/UK, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards required by applicable law.

8. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion (“right to be forgotten”)
  • Request portability of your data in a machine-readable format
  • Object to or restrict certain processing
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, email contact@savvyprogrammers.com. We respond within 30 days. If we cannot resolve your concern, you have the right to lodge a complaint with your local data protection authority.

9. GDPR webhooks compliance

FitCheck honors Shopify's three mandatory privacy webhooks:

  • customers/data_request— on receipt, we compile and provide any personal data we hold about the named customer to the requesting store within 30 days.
  • customers/redact— on receipt, we delete personal data associated with the named customer, except where retention is required by law.
  • shop/redact— received 48 hours after a store uninstalls FitCheck. On receipt, we delete all merchant and customer personal data associated with that store.

10. Children's data

FitCheck is not directed to children under 16 (or under 13 where COPPA applies). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Security

We protect your data with industry-standard practices: TLS encryption in transit, encryption at rest for databases and object storage, access controls and audit logging on production systems, and least-privilege service credentials. No system is unhackable; if a breach affects your data, we will notify you and the relevant authorities as required by law.

12. Cookies and tracking

Our marketing site uses essential first-party cookies to keep you signed in. We use PostHog for product analytics with IP anonymization. We do not run third-party advertising trackers on the embedded app surface. You can disable non-essential analytics from your browser's privacy controls.

13. Changes to this policy

We may update this policy as the product evolves. When we make material changes, we will update the effective date above and notify active merchants by email or via an in-app notice at least 14 days before the change takes effect.

14. Contact

For privacy questions, data requests, or to exercise any of your rights, contact:

Savvy Programmers — FitCheck
contact@savvyprogrammers.com
660 White Plains Rd, Tarrytown, NY 10591