Privacy Policy — FitScan

1. Introduction

FitScan ("we", "our", "us") operates the website fitscan.io and the FitScan mobile application. This Privacy Policy explains how we collect, use, store, and protect your information when you use our AI-powered shoe sizing platform.

We are committed to protecting your privacy. FitScan is designed with a privacy-first approach: we collect only the minimum data required to provide accurate shoe size recommendations.

Data controller. The controller of personal data processed through FitScan products is FitScan, Inc. (legal entity name and registered address to be inserted by founder before public launch). Privacy contact: privacy@fitscan.io. Under GDPR Art. 27, an EU representative will be designated where required; under the UK GDPR, a UK representative likewise.

2. Data We Collect

Data Type	Collected	Details
Foot length (mm)	Yes	Measured via LiDAR scan or manual input
Foot width (mm)	Yes	Measured via LiDAR scan or manual input
Device type	Yes	e.g. iPhone 15 Pro (used for scan calibration)
Shoe size preferences	Yes	Preferred brands, fit preferences (narrow/wide)
Name or email	No	Not required for sizing; never collected by default
Photos or images	No	Photos are processed entirely on-device and never uploaded
Location data	No	We do not request or store location information

What stays on your device, what we receive: the camera image of your foot is processed entirely on your device using on-device AI — the photo itself is never transmitted to our servers. The derived numerical measurements (foot length and width, in millimetres) are transmitted to our backend to generate your size recommendation, and may be stored under your email if you choose to save your Size Passport. You can request deletion of those measurements at any time (see §6 below).

Status under biometric-privacy laws. The Illinois Biometric Information Privacy Act (740 ILCS 14/10) defines "biometric identifier" as a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry — foot geometry is not enumerated. To the extent any data we derive from foot scans is determined to be a "biometric identifier" or "biometric information" under BIPA (or under analogous laws in Texas Chapter 503 or Washington RCW 19.375), we treat it as such for all consent, retention, and security purposes described in §§5, 7, and the BIPA / MHMD subsections of §7. This treatment is precautionary and is not an admission that foot geometry falls within those statutory definitions.

3. How We Use Your Data

We use the collected measurement data solely for the following purposes:

Generating accurate shoe size recommendations across brands
Building your Size Passport (a reusable sizing profile)
Improving the accuracy of our sizing algorithms through aggregated, anonymized statistics
Providing shoe fit predictions when you visit partner stores

We do not use your data for advertising, profiling, or any purpose unrelated to shoe sizing.

4. Data Storage and Security

Your measurement data is stored in two ways:

On-device: All measurements are stored locally on your device by default. You can use FitScan without any data leaving your phone.
Cloud sync (optional): If you choose to sync your Size Passport, your measurements are securely transmitted and stored on our servers hosted on Amazon Web Services (AWS) in the United States.

All data in transit is encrypted using TLS 1.2+. Data at rest is encrypted using AES-256. Access to production systems is restricted to authorized personnel only.

5. Data Retention

Retention schedule. Foot measurements and any biometric-treated data (see §2) are destroyed at the earliest of: (i) on your written request, (ii) when the purpose described in §3 has been satisfied, or (iii) 12 months from your last interaction with FitScan. This 12-month ceiling is stricter than — and therefore in compliance with — the 3-year maximum mandated by Illinois BIPA §15(a) (740 ILCS 14/15(a)).

You can request immediate deletion of your data at any time via our Delete My Data page or by contacting privacy@fitscan.io. We will action verified deletion requests within 30 days (GDPR Art. 12(3)).

6. Third Parties

We do not sell, rent, or share your personal measurement data with third parties.

When you use FitScan on a partner store's website, the store receives only your recommended shoe size for their specific products. They do not receive your raw foot measurements or any other personal data.

We may share aggregated, anonymized statistics (e.g., "average foot length for Nike US 9 buyers") with partner brands to improve their size charts. This data cannot be used to identify any individual.

7. Jurisdiction-Specific Rights

7.1 European Economic Area & United Kingdom (GDPR / UK GDPR)

If you are located in the EEA, the UK, or Switzerland, you have the following rights under the General Data Protection Regulation (Regulation (EU) 2016/679) and the UK GDPR:

Right of access (Art. 15): request a copy of the personal data we hold about you, including processing purposes, categories, recipients, retention, and your rights.
Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
Right to erasure / "right to be forgotten" (Art. 17): request deletion when the data is no longer necessary, consent is withdrawn, or you object to processing.
Right to restriction (Art. 18): request that we limit processing during a dispute over accuracy or lawfulness.
Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to object (Art. 21): object to processing based on legitimate interests at any time.
Right to withdraw consent (Art. 7(3)): withdraw your consent at any time; withdrawal does not affect the lawfulness of processing already carried out. Withdrawal is as easy as giving consent — email privacy@fitscan.io or use the in-app "Delete My Data" control.
Right to lodge a complaint with a supervisory authority (Art. 13(2)(d)): you may lodge a complaint with your national Data Protection Authority (or with the UK Information Commissioner's Office for UK users) without prejudice to any other remedy.

To exercise any of these rights, contact privacy@fitscan.io. We respond within one month of receipt (GDPR Art. 12(3)), extendable by two further months for complex requests.

Legal basis for processing (GDPR Art. 6)

Consent (Art. 6(1)(a)) for the processing of foot-geometry / biometric-treated measurements — given at the scan-page consent gate.
Performance of a contract (Art. 6(1)(b)) for storing your Size Passport when you choose to save one.
Legitimate interests (Art. 6(1)(f)) limited to aggregated, anonymised statistics for sizing-algorithm improvement, balanced against your rights and freedoms.

We do not engage in automated decision-making that produces legal or similarly significant effects on you (GDPR Art. 22).

7.2 Illinois Residents (BIPA)

If you are an Illinois resident, the following provisions apply to the extent foot geometry derived from FitScan scans is determined to be a "biometric identifier" or "biometric information" under the Illinois Biometric Information Privacy Act (740 ILCS 14, "BIPA"). This treatment is precautionary (see §2) and is not an admission.

§15(b) — Informed written consent. FitScan obtains your specific informed written consent before any collection — the consent checkbox on the scan page and this Privacy Policy together constitute the written disclosure required by §15(b)(1)–(3): purpose, length of term, and a written release executed by the subject (electronic affirmative-action checkbox under 815 ILCS 333/5 / E-SIGN).
§15(a) — Retention schedule. The public retention schedule and destruction guidelines are stated in §5 above: the earliest of (i) your request, (ii) purpose-satisfied, or (iii) 12 months from your last interaction — within the statutory 3-year ceiling.
§15(d) — No sale, lease, trade, or profit. FitScan does not sell, lease, trade, or otherwise profit from your biometric-treated data; we do not disclose it to third parties except as expressly permitted by §15(d)(2) (with your consent, to complete a financial transaction authorized by you, or as required by law).
§15(e) — Security. Stored using the reasonable standard of care described in §4 (TLS 1.2+ in transit, AES-256 at rest).
Private right of action. BIPA provides a private right of action for violations; remedies include statutory damages. To raise a concern, please contact privacy@fitscan.io before initiating litigation; we will investigate promptly.

7.3 Washington Residents (My Health My Data Act)

If you are a Washington resident, biometric data is treated as "consumer health data" under Washington's My Health My Data Act (RCW 19.373; "WA MHMD"). The following provisions apply:

Consent before collection. The scan-page consent checkbox satisfies the MHMD requirement of valid consent prior to collection (RCW 19.373.030).
No sale without separate authorization. FitScan does not sell consumer health data; if a future sale were ever contemplated, a separate, specific, signed authorization meeting RCW 19.373.060 would be obtained.
Right to confirm, withdraw, and delete (RCW 19.373.040). You may confirm whether we collect, share, or sell your consumer health data; withdraw consent; and request deletion. Contact privacy@fitscan.io. Deletion is propagated to processors and third parties to whom data was disclosed.
No geofencing. FitScan does not implement geofences around healthcare facilities (RCW 19.373.080).

Whether FitScan is a "regulated entity" under WA MHMD depends on a covered-entity threshold determination by counsel; the practices above are followed regardless.

7.4 California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act as amended by the California Privacy Rights Act (Cal. Civ. Code §§ 1798.100–1798.199.100) gives you the following rights with respect to personal information ("PI") FitScan collects:

Right to know / access. Categories and specific pieces of PI collected, sources, purposes, and recipients in the 12 months preceding the request.
Right to delete. Delete PI we collected from you (subject to statutory exceptions, e.g. completing a transaction or legal compliance).
Right to correct. Correct inaccurate PI.
Right to limit use of sensitive personal information. Foot-geometry data may be "sensitive PI" under § 1798.140(ae); we use it only for the disclosed sizing purposes and do not infer characteristics from it.
Right to opt out of sale or sharing. We do not "sell" personal information and we do not "share" it for cross-context behavioural advertising (as those terms are defined in CCPA/CPRA).
Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

To exercise these rights, contact privacy@fitscan.io or use our Delete My Data page. You may designate an authorized agent in writing.

8. Cookies and Analytics

Our website uses Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and is fully GDPR-compliant. No cookie consent banner is required.

We do not use any tracking cookies, advertising pixels, or fingerprinting technologies.

9. Children's Privacy

FitScan supports kids' shoe sizing. When processing children's foot measurements, we apply the same privacy protections described in this policy. We do not knowingly collect personal identifying information from children. Children's measurements are processed anonymously.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. If we make significant changes, we will provide a prominent notice on our website.

11. Contact Us

If you have any questions about this Privacy Policy or your data, contact us at:

Email: support@fitscan.io
Website: fitscan.io