Last updated [date] May 2026.
1.1 We are Glamify Me Ltd, a company registered in England and Wales under company number 16597761 with its registered office at 48 Matlock Way, New Malden, England, KT3 3AY (we, us or our). We are the controller responsible for your personal data.
1.2 We comply with our obligations under the Data Protection Act 2018 and the EU law retained version of the General Data Protection Regulation ((EU) (2016/679) (UK GDPR) (data protection laws). If any of these laws are replaced or superseded, we will also comply with those.
1.3 We are registered with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (ico.org.uk), and our registration number is [registration number]. If you have any concerns about data protection, we would appreciate if you contacted us first so we can discuss these with you before you approach the ICO. For data protection matters, please email us at support@glamifyme.beauty.
1.4 We respect your privacy and are committed to protecting your personal data. This policy explains the terms on which we collect and process your personal data, and how we protect your personal data, such as when you:
2.1 Personal data/information means any information about an individual from which that person can be identified. It does not include anonymous data. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Please do not upload or share sensitive personal data with us unless we specifically ask for it or the feature clearly requires it and we have explained how it will be used.
We may use different methods to collect data from and about you including through:
3.1 Direct interactions. You may give us your Identity Data, Contact Data, Profile Data, User Content Data, Transaction Data, Marketing and Communications Data and other personal data by filling in forms, creating an account, completing multi-factor authentication, uploading photos, videos, wardrobe images or body scans, using virtual try-on or styling features, making purchases, entering competitions or challenges, responding to surveys, or by corresponding or engaging with us by post, phone, email, social media or otherwise.
3.2 Automated technologies or interactions. As you interact with our website and App, we will automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies such as pixels, device identifiers and in-app analytics tools and third-party technologies integrated into our website and App. We may receive Technical Data and Transaction Data from app store providers, payment processors, analytics providers and other technical service providers. We may also collect information about how you use App features, including virtual try-on, recommendation, notification and saved-item features.
3.3 Third parties and public sources. We may collect personal data about you from third parties and public sources, such as Google, Companies House, or the electoral register. This may also include identity and authentication providers, social media platforms where you choose to sign in or connect your account, payment providers, analytics providers, advertising networks, fraud prevention providers, supported body-scanning or AR/VR technology providers, and other service providers who help us operate our website, App and services.
We will only use your personal data when we can rely on a legitimate (lawful) basis, and only for the purposes described in this privacy policy, such as:
4.1 Contract: Where we need to perform the contract, we are about to enter into or have entered into with you.
4.2 Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
4.3 Legal Obligation: Where we need to comply with a legal obligation.
4.4 Consent: We rely on consent only where we have obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter or where we use your personal data for personalisation, profiling, recommendations or other AI-enabled features where consent is required.
We have set out below, in a table format, a description of all the ways we plan to use the various categories of your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
| Purpose/activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To enable you to submit an enquiry to us, whether via the App, email, or social media. | Identity Contact Profile | Contract - where your enquiry relates to the services you have signed up to or steps taken at your request before entering into a contract. Legitimate Interests - to respond to enquiries, keep our records accurate, improve customer service and demonstrate compliance if challenged. |
| To create and administer your account, including where you sign in using a social media account, complete multi-factor authentication, and access and use the App and its core functionality. | Identity Contact Technical Profile Usage | Contract - to create and administer your account, provide access to the App, and deliver its core functionality to you. Legitimate Interests - to verify users, maintain account security, prevent fraud and unauthorised access, operate, monitor and improve the App, and maintain service performance. |
| To process your purchase of products, subscriptions, outfit sets, digital items or other in-App purchases, including payments, renewals, cancellations, refunds and rewards activity. | Contact Transaction Financial (processed via third party providers) Profile | Contract - to process payments, cancellations, refunds or reward redemptions, and provide access to paid features. Legal Obligation - to comply with financial and tax obligations. Legitimate Interests - to recover sums due to us and keep accurate financial and account records. |
| To manage our relationship with you which will include (a) notifying you about changes to our terms and conditions or this privacy and cookie policy (b) dealing with your requests, complaints, and queries. | Identity Contact Profile Marketing and Communications | Contract - necessary to provide the services you have signed up to and respond to your enquiries. Legal Obligation - to provide certain updates under consumer protection and data protection laws. Legitimate Interests - to keep our records accurate, improve customer service and handle complaints and disputes. |
| To provide body scan, sizing, fit, virtual try-on, avatar and styling functionality, including generating fit predictions, size recommendations, colour and tone recommendations and similar styling outputs. | Identity Technical Profile Usage User Content Special Category Data (where applicable) | Contract - to provide the scan, fit, try-on and styling features you request through the App. Consent - to provide the scan, fit, try-on and styling features you request through the App. Legitimate Interests - to improve fit accuracy, recommendation quality and the performance of these features. Where this processing involves Special Category Data, we will also rely on an additional condition required by data protection law and, where required, obtain your explicit consent. |
| To provide AI stylist, outfit suggestions, personalisation, recommendations and similar AI-enabled features based on your preferences, activity, wardrobe uploads, scans, purchases, calendar-linked preferences, location or other inputs you choose to use. | Identity Technical Profile Usage User Content Marketing and Communications Special Category Data (where applicable) | Contract - where the feature is part of the service you actively request and use through the App. Legitimate Interests - to personalise your experience, improve relevance, develop our services and grow our business. Consent - where consent is required by law or where we choose to rely on it for a particular feature. Where relevant, we will explain when recommendations involve profiling or AI-enabled processing and the lawful basis we rely on. |
| To enable you to upload, store, create, generate, share or publish photos, videos, wardrobe images, try-on looks, comments and other user content, and to let you choose who can view that content. | Identity Profile Usage User Content | Contract - to provide the sharing, storage and social features you choose to use. Legitimate Interests - to operate these features, apply your sharing preferences, investigate misuse and keep the platform/App safe. Consent - where we ask for your permission for a particular use, such as optional sharing or connected social media functionality. |
| To allow you to save favourite items, receive sale alerts, recommendation notifications, subscription renewal notices and other service messages. | Identity Contact Transaction Profile Usage Marketing and Communications | Contract - to provide service features you request. Legitimate Interests - to send relevant service-related updates, maintain engagement and improve your user experience. Consent - where required by law for particular notifications or marketing channels. |
| To administer loyalty, rewards, competitions, fashion challenges, badges, discounts and similar promotional features. | Identity Contact Transaction Profile Usage User Content Marketing and Communications | Contract - where necessary to administer the reward, competition or challenge you choose to enter or use. Legitimate Interests - to encourage engagement, measure participation, promote our services and improve our offerings. Legal Obligation - where required to administer promotions fairly and keep legally required records. |
| To send you direct marketing and maintain our mailing list. | Identity Contact Technical Profile Usage Marketing and Communications | Consent - where you actively opt in to receive email, SMS or other electronic marketing. Legitimate Interests - to promote relevant products and services to existing customers where the soft-opt-in applies (existing customers who have not opted out). Legal Obligation - to maintain a suppression list of people who have opted out. |
| To administer and protect the App, our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | Identity Contact Technical | Legitimate Interests - to run our business efficiently, ensure IT security, prevent fraud and support any corporate reorganisation. Legal Obligation - to comply with statutory data-security duties and cooperate with lawful requests from regulators or law-enforcement. |
| To deliver relevant in-App content and, where permitted, personalised promotions or advertising, and to measure their effectiveness. | Identity Contact Profile Usage Marketing and Communications Technical | Legitimate Interests - to study how users use the App, develop our services, grow our business and inform our content and marketing strategy. Consent - where required for direct marketing or use of non-essential technologies. |
| To use data analytics to improve the App, user experience and functionality. | Technical Profile Usage User Content Aggregated | Legitimate Interests - to analyse how users interact with the App, fix issues, improve performance and develop new features. Where possible, we use aggregated or de-identified information for these purposes. |
6.1 You will receive marketing communications from us if you have provided your consent to receive such communications or, where permitted under applicable law (including the Privacy and Electronic Communications Regulations 2003), where you have previously purchased products or services from us, we are marketing similar products or services, and you have not opted out at the time of collection or in any subsequent communication.
6.2 We may also use your Identity Data, Contact Data, Technical Data, Usage Data and Profile Data to assess which products, services and offers may be of interest to you and to send you relevant marketing communications, where permitted by law.
We will get your express consent before we share your personal data with any third party for their own direct marketing purposes.
8.1 You can ask to stop sending you marketing communications at any time by following the opt-out links within any marketing communication sent to you or by contacting us at support@glamifyme.beauty.
8.2 If you opt out of receiving marketing communications, you will still receive service-related communications that are essential for administrative or customer service purposes for example relating to updates to our terms and conditions and checking that your contact details are correct.
9.1 We use cookies and similar technologies (including third-party tracking technologies) to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and to display advertisements according to your interests, and also allows us to improve our website services.
9.2 A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer where required by law and subject to your consent for non-essential cookies. Cookies contain information that is transferred to your computer's hard drive. Some emails and pages contain a tiny graphic file that lets us see when you open a message or visit a page. Web beacons work together with cookies; if you disable cookies, they may stop working.
9.3 We display a cookie banner when you first visit our website which allows you to accept, reject or customise your preferences for non-essential cookies. Strictly necessary cookies are always active as they are required for the operation of the website.
9.4 We use the following cookies:
9.5 The App currently uses mobile SDKs, authentication/session tools, analytics and crash-reporting technologies provided by third party providers (including providers such as Firebase Analytics and Google Analytics for Firebase) to support functionality, authentication, performance monitoring, analytics and security.
9.6 You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
9.7 When you first visit, a cookie banner lets you accept, reject or customise non-essential cookies. You can change your choices at any time by clicking "Cookie Settings" in the website footer. Most browsers also let you block or delete cookies through their settings; see www.allaboutcookies.org for instructions.
10.1 We may disclose your information in the following cases:
10.2 We use a variety of third party services providers (sub-processors) as part of our business activities and may share your personal data them where necessary. The types of sub-processors we might use fall into different categories, as follows:
10.3 We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where third parties process personal data on our behalf, we require them to do so only for specified purposes and in accordance with our instructions. Some third parties may, however, process your personal data as independent controllers where permitted or required by law.
11.1 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure data we collect. In particular, we use the following measures:
11.2 In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11.3 If there is a personal data breach, we will take appropriate steps to respond to it and will notify the ICO and affected individuals where we are legally required to do so. We will then take all necessary steps, including informing the ICO, to limit the extent of the breach and to prevent a further recurrence.
11.4 Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website and App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
11.5 Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted to our website and App; any transmission is at your own risk.
12.1 We may transfer your personal data outside of the UK or the European Economic Area (EEA) where we engage third parties to provide services on our behalf, such as to receive services or deal with payment. Whenever we transfer your personal data out of the UK or the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
12.2 Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or the EEA.
13.1 We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including to provide the App and its features, and for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
13.2 To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
13.3 By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
13.4 Where deletion is not possible due to legal, regulatory or contractual obligations, we will explain the reason and, where appropriate, restrict further processing of the data.
13.5 After the relevant retention periods have expired, personal data will be securely erased or anonymised. We may retain anonymised data for research, statistical or product improvement purposes. Anonymised data is not personal data and may be used indefinitely.
13.6 Some content, such as images, scans, try-on content or other uploaded materials, may be deleted automatically after a limited retention period unless you choose to save them to your user profile, in which case we may retain them for longer in line with this policy and our legal, operational and security requirements. Temporary processing assets which are not saved to a user account may be deleted automatically once they are no longer needed for the relevant processing activity.
14.1 You have a number of rights under Data Protection Laws in relation to your personal data. You have the right to:
14.2 If you wish to exercise any of the rights set out above, please contact us at support@glamifyme.beauty.
14.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
14.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
14.5 We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We do not knowingly collect personal data from children. The App is intended for users aged 18 or over. If we become aware that we have collected personal data from a child, we will take appropriate steps to delete it.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
17.1 We keep our privacy and cookies policy under regular review. This version was last updated on the date at the header of this policy.
17.2 It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.