Skip to main content

Bespoq -- Privacy Policy

DRAFT -- NOT YET IN EFFECT

This document is a working draft and has not been reviewed by a licensed attorney. It must be reviewed, revised, and approved by qualified legal counsel before publication or use. Do not rely on this draft as a binding legal instrument.

Last Updated: June 2026

1. Introduction

Bespoq ("Company," "we," "us," or "our") operates the bespoq.ai website, mobile applications, and related services (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, retain, and protect your personal information when you use the Platform.

We are committed to protecting your privacy and complying with applicable data protection laws, including the European Union General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable privacy legislation.

By using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please do not use the Platform.

Data Controller:

Bespoq

[COMPANY_ADDRESS]

Data Protection Contact: privacy@bespoq.ai

2. Information We Collect

2.1 Information You Provide Directly

| Category | Data Elements | Purpose |

|----------|--------------|---------|

| Account Information | Name, email address, password (managed by Clerk), date of birth, gender identity (optional) | Account creation, authentication, age verification |

| Style Preferences | Fashion preferences, style quiz responses, favorite brands, color preferences, occasion preferences, lifestyle attributes | AI personalization, styling recommendations, Style Blueprint |

| Body Measurements | Height, weight, body dimensions captured via 3D body scanning (powered by 3DLOOK), manually entered measurements | Bespoke garment sizing, fit prediction, virtual try-on |

| Payment Information | Payment method details (processed and stored by Stripe; we do not store full card numbers) | Subscription billing, bespoke order payments |

| Order Information | Bespoke design selections, order history, shipping addresses, delivery preferences | Order fulfillment, customer service |

| Communications | Support inquiries, feedback, reviews, survey responses | Customer service, product improvement |

| Social Media Connections | Data from social media accounts you choose to connect (e.g., Pinterest boards, Instagram style posts) | Enhanced style profiling, inspiration sourcing |

2.2 Information Collected Automatically

| Category | Data Elements | Purpose |

|----------|--------------|---------|

| Usage Data | Pages viewed, features used, session duration, click patterns, search queries, recommendation interactions | Platform improvement, personalization, analytics |

| Browsing Behavior | Products viewed, items saved or wishlisted, recommendation click-through actions, affiliate link interactions | Recommendation refinement, conversion analytics |

| Device Information | Device type, operating system, browser type and version, screen resolution, unique device identifiers | Technical optimization, security |

| Location Data | Approximate location derived from IP address (we do not collect precise GPS location) | Regional content, currency, shipping estimation |

| Log Data | IP address, access times, referring URLs, error logs | Security, debugging, fraud prevention |

2.3 Information from Third Parties

We may receive information about you from third-party services you connect to the Platform, affiliate retail partners (limited to order confirmation data for commission tracking), and publicly available sources used to enhance our AI models (aggregated fashion trend data, not personal data).

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Core Service Delivery

  • Operating and maintaining your account;
  • Generating personalized AI styling recommendations based on your Style Blueprint;
  • Creating AI-generated bespoke garment designs tailored to your preferences and measurements;
  • Processing bespoke orders and coordinating manufacturing and delivery;
  • Providing virtual try-on and fit prediction;
  • Processing subscription payments and managing billing.

3.2 Personalization and Improvement

  • Refining and improving our AI recommendation algorithms;
  • Training and improving our AI design generation models using aggregated and anonymized data;
  • Conducting analytics to understand usage patterns and improve the Platform;
  • Personalizing your experience based on your preferences and behavior.

3.3 Communications

  • Sending transactional messages (order confirmations, shipping updates, account notifications);
  • Sending marketing communications (new features, promotions, styling content) if you have opted in;
  • Responding to your support inquiries and feedback.

3.4 Safety and Compliance

  • Detecting and preventing fraud, abuse, and security threats;
  • Enforcing our Terms of Service;
  • Complying with legal obligations and responding to lawful requests from authorities.

3.5 Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data on the following legal bases:

| Legal Basis | Examples |

|-------------|----------|

| Contract Performance | Account management, order fulfillment, subscription billing |

| Consent | Marketing communications, optional social media connections, 3D body scanning |

| Legitimate Interests | Platform improvement, fraud prevention, analytics (balanced against your rights) |

| Legal Obligation | Tax reporting, responding to lawful government requests |

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following limited circumstances:

4.1 Affiliate Retail Partners

When you click on product recommendations that link to third-party retailers, we share anonymized click and conversion data only with those affiliate partners. This data includes a click identifier, product identifier, and conversion status. We do not share your name, email, style preferences, body measurements, or any other personal information with affiliate partners.

4.2 Manufacturing Partners

When you place a bespoke order, we share the minimum information necessary for manufacturing:

  • Body measurements required for garment construction;
  • Garment design specifications;
  • Shipping address for direct delivery.

We do not share your name, email, style preferences, browsing history, or account information with manufacturing partners. Each manufacturing partner receives a unique order identifier, not your personal identity. Manufacturing partners are bound by data processing agreements that restrict their use of this information solely to fulfilling your order.

4.3 Service Providers

We use third-party service providers who process data on our behalf under contractual obligations:

| Provider | Data Shared | Purpose |

|----------|-------------|---------|

| Clerk | Email, name, authentication credentials | User authentication and account management |

| Stripe | Payment method details, billing address, transaction amounts | Payment processing and subscription management |

| FASHN | Product images, body approximation data | Virtual try-on rendering |

| 3DLOOK | Body scan images and derived measurements | 3D body scanning and measurement extraction |

| Analytics providers | Anonymized usage data, device information | Platform analytics and performance monitoring |

| Cloud infrastructure | All data (encrypted at rest and in transit) | Data hosting and storage |

| Email service provider | Email address, name | Transactional and marketing email delivery |

All service providers are vetted for their data protection practices and are bound by data processing agreements.

4.4 Legal and Safety Disclosures

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to an emergency.

4.5 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

| Data Category | Retention Period |

|---------------|-----------------|

| Account and profile data | Duration of account existence plus thirty (30) days after deletion request |

| Style Blueprint data | Duration of account existence; exportable and deletable on request |

| Body measurements | Duration of account existence; deleted within thirty (30) days of account deletion or upon request |

| Bespoke order records | Seven (7) years after order completion (legal and tax requirements) |

| Payment records | Retained by Stripe per their retention policy; we retain transaction references for seven (7) years |

| Usage and analytics data | Twenty-four (24) months in identifiable form; indefinitely in aggregated/anonymized form |

| Marketing consent records | Duration of account existence plus three (3) years |

| Support communications | Three (3) years after resolution |

Upon account deletion, we will delete or anonymize your personal information within the timeframes above, except where retention is required by law.

6. Your Rights

6.1 Rights for All Users

Regardless of your location, you have the following rights:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Data Export: Request a copy of your Style Blueprint data and order history in a structured, machine-readable format (JSON or CSV).
  • Marketing Opt-Out: Unsubscribe from marketing communications at any time via the unsubscribe link in emails or your account settings.

6.2 Additional Rights Under GDPR (EEA, UK, Switzerland)

If you are located in the European Economic Area, United Kingdom, or Switzerland, you also have the right to:

  • Restrict Processing: Request that we limit the processing of your personal data in certain circumstances.
  • Object to Processing: Object to processing based on legitimate interests, including profiling for recommendation purposes.
  • Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Withdraw Consent: Withdraw consent for any processing based on consent, without affecting the lawfulness of prior processing.
  • Lodge a Complaint: File a complaint with your local data protection supervisory authority.

International Data Transfers: If your data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful transfer mechanisms.

6.3 Additional Rights Under CCPA/CPRA (California Residents)

If you are a California resident, you have the following additional rights under the CCPA/CPRA:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, we will provide a "Do Not Sell or Share My Personal Information" link.
  • Right to Limit Use of Sensitive Personal Information: You may limit our use of sensitive personal information (such as body measurements) to purposes necessary for providing the services you requested.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights.

Categories of Personal Information Collected (per CCPA categories):

| CCPA Category | Examples | Sold? | Shared? |

|---------------|----------|-------|---------|

| Identifiers | Name, email, account ID | No | No |

| Commercial Information | Order history, subscription records | No | No |

| Biometric Information | Body measurements from 3D scan | No | No (except to manufacturing partners for orders) |

| Internet Activity | Browsing behavior, click data | No | No (anonymized data shared with affiliates) |

| Geolocation Data | Approximate location from IP | No | No |

| Inferences | Style preferences, size predictions | No | No |

| Sensitive Personal Information | Body measurements | No | No (limited sharing per Section 4.2) |

6.4 Exercising Your Rights

To exercise any of the rights described above, contact us at:

  • Email: privacy@bespoq.ai
  • Mail: [COMPANY_ADDRESS], Attn: Privacy

We will verify your identity before processing your request. We will respond within thirty (30) days (or within the timeline required by applicable law). If we need additional time, we will notify you of the extension and the reasons for it.

7. Cookies and Tracking Technologies

7.1 Types of Cookies We Use

| Cookie Type | Purpose | Duration |

|-------------|---------|----------|

| Strictly Necessary | Authentication, security, core functionality | Session / persistent |

| Functional | Remembering your preferences and settings | Up to twelve (12) months |

| Analytics | Understanding usage patterns and improving the Platform | Up to twenty-four (24) months |

| Marketing | Measuring the effectiveness of our marketing campaigns (if opted in) | Up to twelve (12) months |

7.2 Cookie Consent

On your first visit, we present a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your cookie preferences at any time through the cookie settings link in the Platform footer. Strictly necessary cookies cannot be disabled as they are essential for the Platform to function.

7.3 Do Not Track

We honor "Do Not Track" browser signals and Global Privacy Control (GPC) signals. When detected, we disable non-essential tracking for that session.

8. Data Security

We implement industry-standard technical and organizational measures to protect your personal information, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256);
  • Access controls and authentication for all internal systems;
  • Regular security audits and vulnerability assessments;
  • Employee training on data protection;
  • Incident response procedures for data breaches.

Body measurement data is encrypted with additional protections and is accessible only to the specific systems that require it for garment design and manufacturing.

Despite our efforts, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly notifying affected users and relevant authorities in the event of a data breach, in accordance with applicable law.

9. Children's Privacy

The Platform is not intended for children under the age of thirteen (13). We do not knowingly collect personal information from children under thirteen. If we become aware that we have collected personal information from a child under thirteen, we will take steps to promptly delete such information.

If you are a parent or guardian and believe that your child under thirteen has provided personal information to us, please contact us at privacy@bespoq.ai.

Users between the ages of thirteen (13) and eighteen (18) may use the Platform only with the consent and supervision of a parent or legal guardian. We do not offer 3D body scanning features to users under eighteen (18) without verified parental consent.

10. Third-Party Services and Links

The Platform contains links to third-party retailer websites and uses third-party services as described in Section 4.3. These third parties have their own privacy policies, and we are not responsible for their data practices. We encourage you to review the privacy policies of any third-party services you interact with through the Platform.

11. AI and Automated Decision-Making

11.1 How We Use AI

Our AI systems process your Style Blueprint data (preferences, measurements, behavior) to generate personalized recommendations and bespoke designs. This constitutes automated decision-making and profiling as defined under the GDPR.

11.2 Your Rights Regarding AI Processing

Under GDPR, you have the right to:

  • Request human review of decisions made solely by automated processing that significantly affect you;
  • Obtain meaningful information about the logic involved in automated decisions;
  • Express your point of view and contest automated decisions.

To exercise these rights, contact privacy@bespoq.ai.

11.3 AI Training Data

We use aggregated and anonymized user data to train and improve our AI models. Individual users' personal information is not identifiable in the training data. You may opt out of having your anonymized data used for AI training by contacting privacy@bespoq.ai; opting out will not affect your use of the Platform.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

  • Posting the updated Privacy Policy on the Platform with a revised "Last Updated" date;
  • Sending an email notification to the address associated with your account at least thirty (30) days before material changes take effect.

We encourage you to review this Privacy Policy periodically.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Bespoq -- Privacy Team

Email: privacy@bespoq.ai

Mailing Address: [COMPANY_ADDRESS]

For GDPR-specific inquiries, you may also contact our designated Data Protection contact at privacy@bespoq.ai.

If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.

This Privacy Policy is effective as of June 2026.