Privacy Policy

Introduction

This Privacy Notice will inform you as to how Viral App Brewery Pte. Ltd. (hereinafter referred to as the "Company", "we", "us" and "our") collects and processes information about you and in particular, your personal data when you use the Fitted AI mobile application ("App") and related services. We hereby assure you that this Privacy and Personal Data Protection Policy ("Privacy Policy") fully respects and complies with the Personal Data Protection Act 2012 of Singapore ("PDPA") and, where applicable, the EU General Data Protection Regulation 679/2016 ("GDPR") for users in the European Economic Area.

Useful Definitions

Personal Data means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, indicatively by reference to an identifier such as a name, an identification number, address, contact details, an online identifier, etc., or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Controller (or Data Controller) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor (or Data Processor) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third Party means a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

The Data Controller

Regarding the personal data, and in cases where we determine the purposes and means of the processing, the Controller is:

Viral App Brewery Pte. Ltd.

Singapore

Email: fyn@viralappbrewery.com

Principles We Adhere To

At Viral App Brewery, we are committed to, and adhering to, the following principles of processing personal data in accordance with the PDPA and GDPR (where applicable):

  • Lawfulness, Fairness and Transparency: Personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject.

  • Purpose Limitation: Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

  • Data Minimisation: Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.

  • Accuracy: Personal data is accurate and, where necessary, kept up to date; we take every reasonable step to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.

  • Storage Limitation: Personal data is kept in a form which permits identification of data subjects for no longer than is necessary or as required by relevant laws.

  • Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

  • Accountability: We are able to demonstrate compliance with the aforementioned principles.

Collection of Personal Data

We, as the Controller, collect Personal Data from you in the following cases:

  • When you download and use the Fitted AI application;

  • When you create an account or sign up for our services;

  • When you complete the onboarding process and provide profile information;

  • When you upload photographs for color analysis or virtual try-on features;

  • When you contact us directly or indirectly (e.g., through email, customer support, or social media);

  • When you subscribe to our premium services;

  • When you interact with product recommendations or third-party retailer links;

  • When you provide feedback or feature requests;

  • When you visit our website or social media accounts.

Categories of Data Subjects

The categories of data subjects related to data processed by us as the Controller include:

  • Users of the Fitted AI application;

  • Individuals contacting us for information or support;

  • Visitors of our website and social media accounts;

  • Subscribers to our premium services;

  • Candidates for employment;

  • Our employees and contractors.

Kind of Personal Data We Collect

Data from the following categories of personal information about you may be collected and processed per case and not as a whole, when we are the Controller, in order to serve the purpose of the data collection:

Account and Identity Data

  • Full name

  • Email address

  • User ID and authentication credentials

  • Date of birth / age

Physical and Appearance Data

  • Gender

  • Height and weight

  • Body type classification

  • Selfie photographs

  • Hair color, eye color, and skin tone (as analyzed by our AI)

  • Seasonal color analysis results (undertone, contrast level, color palette)

Style and Preference Data

  • Style preferences (minimalist, streetwear, professional, bohemian, trendy, casual, etc.)

  • Favorite colors

  • Style challenges and goals

  • Preferred occasions (work, casual, going out, etc.)

  • Previous fashion app usage

Photographs and Visual Data

  • Selfie photographs submitted for color analysis

  • Body photographs submitted for virtual try-on features

  • Virtual try-on result images

Transaction and Subscription Data

  • Subscription status and plan details

  • Payment transaction records (processed by Apple/Google)

  • Trial usage history

  • Purchase history within the App

Device and Technical Data

  • Device identifiers

  • Device type and operating system

  • Push notification tokens

  • IP address

  • App usage data and session information

Communication Data

  • Customer support inquiries

  • Feedback and feature requests

  • Email communications

Cookies and Analytics Data

  • Usage patterns within the App

  • Feature engagement metrics

  • Error and crash reports

How We Use Your Personal Data

We process your personal data for the following purposes:

Service Delivery

  • To provide AI-powered color analysis based on your selfie photographs

  • To generate virtual try-on previews using your photographs

  • To deliver personalized style and outfit recommendations

  • To curate product recommendations matching your color palette and preferences

Account Management

  • To create and manage your user account

  • To authenticate your identity

  • To process subscription purchases and manage entitlements

  • To communicate with you about your account and services

Service Improvement

  • To improve our AI algorithms and recommendation accuracy

  • To analyze usage patterns and optimize user experience

  • To develop new features and services

  • To conduct research using anonymized and aggregated data

Communications

  • To send service-related notifications

  • To respond to your inquiries and support requests

  • To send marketing communications (with your consent)

Legal and Compliance

  • To comply with applicable laws and regulations

  • To enforce our Terms of Service

  • To protect our rights and the rights of other users

  • To detect and prevent fraud or abuse

Purposes of Processing & Legal Bases

The processing of personal data by us as the Controller is based on the following legal bases:

Consent

When you:

  • Create an account and agree to our terms

  • Upload photographs for color analysis or virtual try-on

  • Opt-in to receive marketing communications

  • Provide feedback or contact us

  • Enable push notifications

Performance of a Contract

When processing is necessary to:

  • Provide our services as described in the Terms of Service

  • Process your subscription and deliver premium features

  • Manage your account

Legitimate Interests

When processing is necessary for:

  • Improving our services and AI algorithms

  • Ensuring security and preventing fraud

  • Analyzing usage to enhance user experience

  • Communicating service updates

Legal Obligations

When processing is necessary to:

  • Comply with applicable laws and regulations

  • Respond to lawful requests from authorities

  • Maintain required business records

Third-Party Services and Data Sharing

To provide our services, your data may be processed by the following third-party service providers:

AI and Processing Services

Google (Gemini AI)

  • Purpose: Color analysis from selfie photographs, style recommendations

  • Data shared: Photographs, user preferences

  • Location: Global (Google Cloud)

FASHN API

  • Purpose: Virtual try-on image processing

  • Data shared: User photographs, product images

  • Location: As per FASHN's infrastructure

Authentication Services

Clerk

  • Purpose: User authentication and account management

  • Data shared: Email, name, authentication credentials

  • Location: United States

Backend and Storage Services

Supabase

  • Purpose: Database storage, user data management

  • Data shared: User profile data, preferences, photographs

  • Location: As per Supabase infrastructure

Subscription and Payment Services

RevenueCat

  • Purpose: Subscription management, entitlement verification

  • Data shared: User ID, subscription status, purchase data

  • Location: United States

Apple App Store / Google Play Store

  • Purpose: Payment processing for subscriptions

  • Data shared: Payment information (processed directly by Apple/Google)

  • Location: United States

Analytics and Monitoring

We may use analytics services to understand App usage and improve our services. Data collected is anonymized and aggregated where possible.

Data Sharing Summary

We do NOT:

  • Sell your personal data to third parties

  • Share your photographs with other users

  • Use your photographs for marketing without explicit consent

  • Share your data with advertisers for targeted advertising

We DO share data with:

  • Service providers necessary to deliver our services (as listed above)

  • Authorities when required by law

  • Professional advisors (lawyers, auditors) under confidentiality obligations

Retention of Data

We store personal data for as long as it is required by the respective processing purpose and any other permitted linked purpose:

Data Type & Retention Period

Account data - Until account deletion or 3 years of inactivity

Photographs - Until you delete them or delete your account

Color analysis results - Until account deletion

Style preferences - Until account deletion

Subscription data - Duration of subscription plus 7 years for tax/legal compliance

Analytics data - 2 years (anonymized thereafter)

Customer support communications - 3 years

Marketing consent records

Until consent withdrawal plus 1 year

Data collected on the basis of contractual and legal obligations shall be retained after the expiry of the contractual and legal obligations as provided by the relevant institutional framework.

Information that is no longer necessary is securely destroyed or anonymised. We limit access to your personal data to those employees and contractors who need to use it for the specific purpose.

How We Ensure the Security of Personal Data

We have implemented reasonable organisational and technical measures to protect the personal data we collect. We follow industry standards and best practices to ensure the security of our operations:

  • Access Control: Access to personal data is restricted to a limited number of authorised personnel on a need-to-know basis.

  • Encryption: We use encryption for data in transit (HTTPS/TLS) and at rest where appropriate.

  • Secure Storage: Sensitive data such as authentication tokens are stored using secure storage mechanisms (Expo Secure Store).

  • Confidentiality: Our employees and contractors are bound by confidentiality agreements.

  • Vendor Assessment: We select trusted third-party service providers who are contractually committed to data protection obligations.

  • Monitoring: Access to our systems is monitored to detect and prevent unauthorised use.

  • Incident Response: We have procedures in place to detect, report, and respond to data breaches.

Although the transfer of data through the Internet cannot be guaranteed to be completely protected from cyberattacks, we work to maintain physical, electronic and procedural security measures to protect your data.

International Data Transfers

Your personal data may be transferred to and processed in countries outside of Singapore, including the United States and other jurisdictions where our service providers operate.

For users in the European Economic Area (EEA), we ensure that any transfer of personal data outside the EEA is done in compliance with GDPR requirements, including:

  • Transfers to countries with an adequacy decision

  • Standard Contractual Clauses (SCCs) with service providers

  • Other appropriate safeguards as required by law

For users in Singapore, we ensure that any transfer of personal data outside Singapore complies with the PDPA requirements.

Your Rights as a Data Subject

Depending on your location, you have the following rights regarding your personal data:

For All Users

Right to Access: You have the right to obtain confirmation as to whether or not your personal data is being processed, and where that is the case, access to your personal data.

Right to Rectification: You have the right to rectification of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure: You have the right to request deletion of your personal data when:

  • It is no longer necessary for the purposes for which it was collected

  • You withdraw your consent (where consent was the legal basis)

  • The data has been unlawfully processed

Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time.

Right to Data Portability: You have the right to receive your data in a structured, commonly used and machine-readable format.

Right to Object: You have the right to object to the processing of your data for direct marketing purposes.

Additional Rights for EEA Users (GDPR)

Right to Restriction of Processing: You have the right to request restriction of processing in certain circumstances.

Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority.

How to Exercise Your Rights

To exercise any of your rights, please contact us at [INSERT DPO EMAIL]. We will assess your request and respond within one month of receipt, either to satisfy your request or to provide objective reasons why it cannot be satisfied. Given the complexity of the request and the number of requests at any given time, we may request an extension of up to two additional months.

The exercise of your rights is free of charge. Where requests are manifestly unfounded or excessive, we may refuse to act or charge a reasonable administrative fee.

In-App Controls

You can also exercise certain rights directly within the App:

  • Delete your account and associated data through Settings

  • Update your profile information

  • Manage notification preferences

  • Delete uploaded photographs

Automated Decision-Making

We use AI and automated processing to provide our services, including:

  • Color analysis based on selfie photographs

  • Style recommendations based on your preferences

  • Product matching based on your color palette

These automated processes provide suggestions and recommendations only. They do not make decisions that produce legal effects or similarly significantly affect you. You are free to accept, modify, or disregard any AI-generated recommendations.

Personal Data Breach

In the event of a breach of the security and integrity of the personal data processed, we will:

  • Assess the breach to implement appropriate procedures to limit its impact

  • Examine the extent of the breach and the sensitivity of the data involved

  • Evaluate the risk and its impact on your rights and freedoms

  • Endeavour to reduce as much as possible any damage caused

  • Notify the relevant data protection authority within the required timeframe, if required

  • Notify affected individuals if the breach is likely to result in high risk to their rights and freedoms

  • Take appropriate measures to prevent the recurrence of the incident

Children's Privacy

Our services are not intended for children under 18 years of age. We do not knowingly collect personal data from children under 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children under 18 without verification of parental consent, we will take steps to remove that information from our servers.

Links to Other Websites and Services

Our App may contain links to third-party retailer websites that are not operated or controlled by us. If you click on a third-party link, you will be directed to that third party's site. We recommend that you review the Privacy Policy for each site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Contact Details with Data Protection Authorities

Singapore Personal Data Protection Commission (PDPC)

Website: https://www.pdpc.gov.sg

Email: info@pdpc.gov.sg

For EEA Users

You may contact your local data protection supervisory authority. A list of EEA supervisory authorities is available at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

Contact Us

If at any time you want to contact us or make a request regarding your rights or any other matter relating to the protection of personal data, you may contact us:

Viral App Brewery Pte. Ltd.

Singapore

Data Protection Officer

Email: fyn@viralappbrewery.com

Communication languages are primarily English.

Policy Updates

This policy was last updated on January 15, 2026, and may be reviewed when there is a significant change. Any updates will be made available within the App and on our website, with a note of the effective date. We encourage you to periodically review this Privacy Policy for the latest information on our privacy practices.

If we make material changes to this Privacy Policy, we will notify you through the App or by email before the changes take effect.

Brand

Explore our sleek website template for seamless navigation.

Contact

Newsletter

fyn@viralappbrewery.com

© 2026. All rights reserved.

Terms of service