Back to Fitrum

PRIVACY POLICY

Privacy Policy

Last updated: May 22, 2026

FitRum AI Virtual Try-On ("FitRum", "we", "us", or "our") helps Shopify merchants offer AI-powered virtual try-on experiences on their storefronts. This Privacy Policy explains what data we process, why we process it, how long we keep it, and how merchants or shoppers can contact us.

FitRum support writes only from [email protected]. Any other email or person claiming to represent FitRum support should be treated as fraudulent.

1. Our Role

For shopper data processed through a merchant's Shopify store, the merchant is usually the data controller and FitRum acts as a service provider or processor on behalf of that merchant.

For data we use to operate FitRum itself, such as merchant account support requests, billing status, app security logs, and product improvement records, FitRum may act as a controller.

2. Data We Process

Merchant and Store Data

When a merchant installs or uses FitRum, we may process:

  • Shopify store domain and store identifiers.
  • Merchant contact details provided by Shopify or by the merchant.
  • App settings, enabled products, selected source photos, and widget configuration.
  • Shopify access tokens needed to operate the app.
  • Subscription, billing status, and usage information processed through Shopify Billing.
  • Support messages sent to us.

Shopper Data

When a shopper uses the virtual try-on widget, we may process:

  • Uploaded shopper photo, only to create the requested try-on preview.
  • Generated try-on image.
  • Email address if the shopper enters it and gives consent.
  • Consent status and timestamps.
  • Product, variant, and storefront interaction data related to the try-on.
  • Session identifiers used to enforce limits, prevent abuse, and measure app performance.

Automatically Collected Technical Data

We may process technical data such as timestamps, browser information, request metadata, error logs, webhook delivery records, and security events. We use this data to keep the app reliable, secure, and compliant.

3. How We Use Data

We use data only for the purposes needed to provide and protect the FitRum service:

  • Provide AI virtual try-on previews requested by shoppers.
  • Save merchant settings and show the Try-On button on selected products.
  • Enforce per-user generation limits and prevent abuse.
  • Provide merchant analytics, attribution, and potential customer email reports.
  • Process subscriptions and usage through Shopify Billing.
  • Respond to support, privacy, and security requests.
  • Maintain app security, debug errors, and comply with legal obligations.

We do not sell personal data. We do not use shopper photos for advertising. We do not use shopper photos to train AI models.

4. Legal Bases

Depending on the applicable law and the merchant's setup, processing may rely on:

  • Contractual necessity to provide FitRum to merchants.
  • Shopper consent for photo upload, try-on generation, and optional email capture.
  • Legitimate interests for security, fraud prevention, diagnostics, and service improvement.
  • Legal obligations where records must be kept for compliance, billing, tax, or dispute reasons.

Merchants are responsible for presenting any required notices and collecting any required consent on their storefronts.

5. Retention

FitRum keeps data only as long as needed for the purposes described above.

Data category Typical retention
Uploaded shopper photos 24 hours by default, unless the merchant configures a shorter or longer supported period
Generated try-on images 24 hours by default, unless the merchant configures a shorter or longer supported period
Shopper email leads Until no longer needed by the merchant, deletion is requested, consent is withdrawn where applicable, or the merchant uninstalls the app
Analytics and attribution events Up to 24 months unless a shorter period is required
Webhook and security logs Kept only as long as needed for compliance, security, and troubleshooting
Billing and tax records Kept as required by law and Shopify Billing records

When a merchant uninstalls FitRum or Shopify sends a privacy redaction request, FitRum processes the request through its compliance workflow and deletes or anonymizes data unless retention is legally required.

6. Service Providers

FitRum uses trusted service providers to operate the app, including:

  • Shopify services for app installation, API access, billing, and webhooks.
  • Secure hosting, database, and temporary file processing infrastructure.
  • AI processing services used only to create requested try-on previews and related safety checks.
  • Email delivery, support, logging, monitoring, and security services.

These providers may process data only for FitRum's stated service purposes and must follow confidentiality, security, and data protection obligations. We do not publicly expose internal infrastructure details that could weaken operational security, but we can provide additional subprocessor information to merchants when required by law, contract, or Shopify review.

7. Security

We use administrative, technical, and organizational safeguards designed to protect data, including:

  • Encryption in transit.
  • Access controls and least-privilege permissions.
  • Encrypted or protected Shopify session handling.
  • Private handling of uploaded and generated images.
  • Time-limited access to temporary media where possible.
  • Abuse prevention and per-user generation limits.
  • Logging and review of privacy and deletion requests.
  • Separation of development and production configuration.

No online service can guarantee absolute security, but we work to minimize data collected, limit retention, and reduce unnecessary access.

8. International Processing

FitRum and its service providers may process data in different countries. Where required, we use appropriate contractual and organizational safeguards for cross-border processing.

9. Your Rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data.

If you are a shopper, contact the Shopify merchant first because the merchant controls the storefront relationship. You may also contact us at [email protected], and we will help route or process the request where appropriate.

If you are a merchant, contact [email protected] for privacy requests related to your store or app account.

10. Shopify Privacy Webhooks

FitRum is designed to receive and process Shopify privacy webhooks for:

  • customers/data_request
  • customers/redact
  • shop/redact

These requests are used to export, delete, or anonymize relevant data as required by Shopify and applicable privacy laws.

11. Cookies and Similar Technologies

FitRum may use cookies, local storage, or similar technologies that are necessary for app sessions, widget operation, security, analytics, abuse prevention, and attribution. Shopify may also use its own cookies and technologies as part of Shopify Admin and storefront functionality.

12. Children's Data

FitRum is not intended for children under 13 or for anyone below the minimum age required by local law. Merchants should not knowingly use FitRum to collect photos from children without all required permissions. If you believe a child submitted data through FitRum, contact [email protected].

13. Changes

We may update this Privacy Policy from time to time. The "Last updated" date will show the latest version. Material changes may also be communicated through the app, by email, or through Shopify where appropriate.

14. Contact

For privacy, security, or support questions:

Email: [email protected]

Important: FitRum support writes only from [email protected]. Any other email or person claiming to represent FitRum support should be treated as fraudulent.

Stay Safe from Fraud

Our official support team communicates exclusively from [email protected]. Any other email address claiming to represent Fitrum is fraudulent. We will never ask for your password, payment details, or store credentials via email.

Back to Fitrum homepage