← Back

Privacy Policy

Last updated July 11, 2026

This Privacy Notice for Ratecard Technologies Limited ('we', 'us', or 'our') describes how and why we might access, collect, store, use, and/or share ('process') your personal information when you use our services ('Services'), including when you:

  • Visit our website at http://www.like2fit.com or any website of ours that links to this Privacy Notice.
  • Use Like2Fit. Like2Fit is an AI-powered fashion discovery and styling web application. Users can upload outfit screenshots from social media to identify every clothing item and find similar products across hundreds of retailers at personalised budget tiers. Users can also upload photos of clothing they already own to receive AI-generated outfit pairing suggestions for specific occasions. The app generates AI fashion editorial images showing complete outfits on a personalised model based on user-provided physical characteristics including height, body shape, skin tone and hair type.
  • Engage with us in other related ways, including any marketing or events.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal information is processed. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at support@like2fit.com.

Summary of Key Points

This summary provides key points from our Privacy Notice. You can find more detail in the full sections below.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use.

Do we process any sensitive personal information? Some of the information may be considered 'special' or 'sensitive' in certain jurisdictions. We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law.

Do we collect any information from third parties? We do not collect any information from third parties.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties.

How do we keep your information safe? We have adequate organisational and technical processes and procedures in place to protect your personal information. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure.

What are your rights? Depending on where you are located geographically, applicable privacy law may give you certain rights regarding your personal information.

How do you exercise your rights? The easiest way to exercise your rights is by submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Table of Contents

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  6. DO WE OFFER ARTIFICIAL INTELLIGENCE-BASED PRODUCTS?
  7. HOW DO WE HANDLE YOUR SOCIAL LOGINS?
  8. HOW LONG DO WE KEEP YOUR INFORMATION?
  9. HOW DO WE KEEP YOUR INFORMATION SAFE?
  10. DO WE COLLECT INFORMATION FROM MINORS?
  11. WHAT ARE YOUR PRIVACY RIGHTS?
  12. CONTROLS FOR DO-NOT-TRACK FEATURES
  13. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  14. DO WE MAKE UPDATES TO THIS NOTICE?
  15. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  16. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. What information do we collect?

Personal information you disclose to us

In Short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide to us when you register on the Services, express an interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.

Personal Information Provided by You. The personal information we collect may include:

  • names
  • email addresses
  • passwords
  • usernames
  • contact or authentication data

Sensitive Information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • biometric data — specifically, an optional selfie photograph you upload to personalise AI-generated lookbook images so the model resembles you
  • physical characteristics you enter to generate lookbook models (height, body shape, skin tone, hair type, and optional age)

Selfies and personalisation characteristics are processed only with your explicit in-app consent (the "Personalisation" toggle in the Account tab). You can turn personalisation off, replace your selfie, or delete it at any time from the same screen. See section 8 for retention and section 16 for deletion.

Social Media Login Data. We may provide you with the option to register with us using your existing social media account details. If you choose to register in this way, we will collect certain profile information from the social media provider, as described in section 7.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes.

Information automatically collected

In Short: Some information — such as your IP address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information.

  • Log and Usage Data. Service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services.
  • Device Data. Information about your computer, phone, tablet, or other device used to access the Services.
  • Location Data. Information about your device's location, which can be either precise or imprecise.

Google API. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

1.a Apple Sign-In data

When you sign in with Apple on iOS, we receive an Apple-issued identity token containing a stable user identifier (sub) and an email address (either your real Apple ID email or, if you choose Apple's Hide My Email option, a relay address of the form xxx@privaterelay.appleid.com). On your first sign-in only, Apple also returns your full name if you consent in the system dialog. We record your acceptance of the Apple consent dialog as part of the sign-in event.

1.b Google Sign-In data

When you sign in with Google, we receive a Google-issued identity token containing your Google account email, your name, and, if you grant the relevant scope, your profile picture URL.

1.c Native plugin data flow

On native iOS and Android, the identity token returned by Apple or Google is passed through the Capgo social-login plugin to our authentication backend (Supabase Auth, hosted on Lovable Cloud) solely to verify the token and create your Like2Fit session. No identity-token data is shared with any third party other than the issuing provider (Apple or Google) and our authentication backend.

2. How do we process your information?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including to facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order.

  • Account creation and authentication. We process the data described in section 1 to create and authenticate your account via Apple Sign-In, Google Sign-In, or email and password.
  • Email confirmation. When you register with an email and password, we send you a verification email; your account is activated only after you confirm your email address via the link in that email.
  • Apple Hide My Email. When you choose Apple's Hide My Email option, all email we send (including verification and account-related messages) is delivered to the relay address Apple provides us. We cannot identify or contact your real email address through that relay.

3. What legal bases do we rely on to process your personal information?

We rely on the following legal bases under UK GDPR and the Data Protection Act 2018 to process your personal information:

  • Consent — for optional processing such as your selfie photograph and physical characteristics used for personalisation, marketing emails you opt into, and non-essential cookies. You can withdraw consent at any time from the Account tab.
  • Contract performance — for processing needed to create your account, deliver outfit analyses, process subscription payments, and provide the core Services you signed up for.
  • Legitimate interests — for security, fraud prevention, aggregate analytics to improve the Services, and communicating essential service updates. You can object to processing based on legitimate interests by contacting us.
  • Legal obligation — where required by applicable law, including retention of financial records for tax purposes and responding to lawful requests from regulators.
  • Vital interests — in rare cases to protect the vital interests of you or another person.

4. When and with whom do we share your personal information?

We share personal information with a limited set of third-party processors that operate the Services on our behalf:

  • OpenAI. We use OpenAI's gpt-image-2 API to generate outfit visualisations and analyse uploaded garment imagery. Images you upload are transmitted to OpenAI for processing and are subject to OpenAI's data-retention policy. If you have enabled personalisation, your selfie photograph is also transmitted to OpenAI as a reference image on every lookbook render so the generated model resembles you. OpenAI retains API inputs for up to 30 days for abuse monitoring and does not use them to train its models.
  • SerpApi. We use SerpApi to search for matching products across retailers. Product imagery and descriptions are queried, but no user PII is shared with SerpApi.
  • Skimlinks. Affiliate clicks originating in our app are routed via Skimlinks so we can receive commission on qualifying purchases.
  • Resend. We use Resend to send transactional email (verification, account-deletion confirmation, daily outfit emails you have opted into).
  • Apple and Google. Sign-in providers receive the data required to authenticate you, per their own privacy policies.

5. Do we use cookies and other tracking technologies?

We use minimal cookies and local storage to operate the Services:

  • Essential storage — we use browser localStorage on the web and secure keychain on native mobile to store your authentication session, guest identifier, and in-app preferences (personalisation toggle, offline shopping location, plan selection). Without these, core Services will not function.
  • Analytics — we use PostHog and Supabase Analytics to track anonymised product usage patterns (screens visited, features used, conversion events). Analytics cookies do not track you across other websites.
  • Marketing — we do not use marketing or advertising cookies. We do not sell your data to advertisers.
  • Third-party embeds — some parts of the web Services may load resources from Google (Sign-In), Apple (Sign-In), and Skimlinks (affiliate redirection). These providers may set their own cookies subject to their privacy policies.

You can clear browser storage at any time via your browser settings. Signing out clears your session storage automatically. Do Not Track browser signals are respected where technically feasible.

6. Do we offer artificial intelligence-based products?

Yes. Like2Fit uses artificial intelligence to power core features:

  • Outfit analysis — when you paste an outfit link or upload a photo, we use OpenAI's gpt-image-2 API and custom prompts to identify garments, evaluate fit and style, and generate personalised recommendations. Your input images are sent to OpenAI for processing.
  • Lookbook generation — if you enable personalisation, we generate AI images showing outfits on a model matching your physical characteristics. Your selfie (if uploaded) is transmitted to OpenAI as a reference image on every render.
  • Style reasoning — we use large language models to generate written reasoning and styling suggestions tailored to your inputs.

AI outputs are recommendations, not guarantees. AI may occasionally produce inaccurate or unexpected results. We do not use AI to make automated decisions that produce legal or similarly significant effects about you (such as credit, employment, or insurance decisions).

You have the right to opt out of AI-based personalisation at any time via the Personalisation toggle in the Account tab. Core outfit analysis cannot be disabled without ceasing use of the Services, as it is the primary feature.

7. How do we handle your social logins?

We offer Sign in with Apple and Sign in with Google as authentication options.

When you use these providers, we receive only the data necessary to identify and authenticate your account: a stable user identifier issued by the provider, your email address (or Apple's relay address if you use Hide My Email), and your name on first sign-in only. Where you consent to it, we may also receive your profile picture URL from Google.

We do not receive access to your other Apple or Google account data (calendar, contacts, photos, files, etc.). We do not post anything back to your Apple or Google account.

Provider tokens are used solely to verify your identity with our authentication backend (Supabase Auth) and create your Like2Fit session. Tokens are not shared with any other third party.

If you sign in with Apple using Hide My Email, we can only reach you through the relay address Apple provides. If Apple deactivates that relay, we lose the ability to email you.

You can disconnect Like2Fit from your Apple or Google account at any time from your provider's account settings. Disconnecting will prevent future sign-ins but does not automatically delete your Like2Fit account — use the in-app Delete Account flow for that.

8. How long do we keep your information?

  • Wardrobe items, outfits, and lookbooks are retained until you delete your account.
  • Generated images (gpt-image-2 outputs) are retained until you delete your account.
  • Selfie photograph (if you have enabled personalisation) is stored in a private bucket and retained until you delete it from the Account tab, turn personalisation off, or delete your account. Lookbook images already generated from a selfie persist until you delete those outfits or your account.
  • Analytics events are retained indefinitely. When you delete your account, your user identifier is removed from analytics events so they can no longer be linked back to you; the anonymised events remain for aggregate product metrics.
  • Account-deletion audit log entries are retained for 90 days for compliance purposes and then erased.
  • Anonymous analyses created without an account are automatically deleted after 7 days to minimise unnecessary data retention.

9. How do we keep your information safe?

We use industry-standard security measures to protect your personal information:

  • Encryption — all data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted using AES-256 in our database (Supabase, hosted on AWS in the EU).
  • Access controls — access to personal data is limited to authorised personnel and third-party processors under contract. Row-level security policies enforce that users can only access their own data.
  • Authentication — passwords are hashed using bcrypt. Social sign-in tokens are verified server-side. Sessions expire and refresh regularly.
  • Selfies and personalisation photos — stored in a private, access-controlled storage bucket. Only you and the AI generation service (OpenAI) can access them, and only during generation.
  • Payment data — we do not store payment card details. Subscription payments are processed by Apple through the App Store. We receive only a receipt confirmation via RevenueCat, our subscription management provider.

Despite our safeguards, no system is 100% secure. If we become aware of a data breach affecting your personal information, we will notify you and applicable regulators as required by law.

10. Do we collect information from minors?

Like2Fit is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If we discover that a user under 13 has provided personal information, we will delete the account and associated data promptly. If you believe a child has provided personal information without parental consent, please contact us at support@like2fit.com.

Users between 13 and 18 should use the Services only with the consent of a parent or guardian. Some features (including subscription purchases) may require age verification or parental approval through Apple's App Store family sharing controls.

11. What are your privacy rights?

Depending on your location, you have the following rights under UK GDPR, EU GDPR, and comparable laws:

  • Right of access — request a copy of the personal information we hold about you.
  • Right to rectification — correct inaccurate or incomplete personal information.
  • Right to erasure — delete your personal information (subject to legal retention requirements). You can initiate this through the in-app Delete Account flow.
  • Right to restrict processing — limit how we process your personal information.
  • Right to data portability — receive your personal information in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time.
  • Right not to be subject to automated decision-making — we do not make automated decisions that have legal or similarly significant effects about you.
  • Right to lodge a complaint — with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

To exercise any of these rights, use the in-app controls in the Account tab or email support@like2fit.com. We will respond within 30 days.

12. Controls for do-not-track features

Most web browsers include a Do Not Track (DNT) setting. We honour DNT signals where technically feasible by disabling non-essential analytics and tracking cookies. However, there is no industry-standard DNT protocol, and some third-party providers may not respect DNT signals.

You can further limit tracking by clearing browser storage, using private browsing mode, or opting out of analytics via the Account tab.

13. Do United States residents have specific privacy rights?

Yes. Residents of California, Colorado, Connecticut, Utah, Virginia, and other US states with comprehensive privacy laws have specific rights regarding their personal information, including:

  • Right to know what personal information we collect, use, disclose, and sell.
  • Right to delete personal information we have collected.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information for cross-context behavioural advertising. We do not sell your personal information and do not share it for cross-context behavioural advertising.
  • Right to limit the use of sensitive personal information.
  • Right to non-discrimination for exercising your privacy rights.

To exercise these rights, use the in-app controls in the Account tab or email support@like2fit.com. We will respond within the timeframes required by applicable law.

14. Do we make updates to this notice?

Yes. We may update this Privacy Notice from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this notice.
  • Notify you via in-app notification or email at least 14 days before material changes take effect.
  • Where required by law, obtain your renewed consent.

Continued use of the Services after changes take effect constitutes acceptance of the updated Privacy Notice. If you do not agree with the changes, you should delete your account before they take effect.

15. How can you contact us about this notice?

If you have questions or concerns about this Privacy Notice or our privacy practices, contact us at:

Ratecard Technologies Limited
Email: support@like2fit.com

For UK residents, our data protection representative can be reached at the same email address.

If you are unsatisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

16. How can you review, update, or delete the data we collect from you?

You can delete your Like2Fit account at any time from the Account tab → Delete Account in the app.

  • On deletion, your account is immediately soft-deleted and becomes inaccessible — you can no longer sign in or use the Services.
  • You have a 30-day recovery window: email support@like2fit.com from your account address within 30 days to restore the account.
  • After 30 days, all of your personal data is permanently deleted: wardrobe items, outfits, lookbooks, generated images, your selfie photograph (if any), profile, preferences, and authentication records (including the Apple/Google identifier we received at sign-in).
  • Analytics events tied to your account are anonymised (user identifier removed) but retained for aggregate metrics, as described in section 8.
  • To remove Like2Fit's access from the provider side as well, revoke the app in your Apple ID settings (Settings → Apple Account → Sign in with Apple) and/or your Google account (myaccount.google.com → Security → Third-party apps).

For any other request to review or update your data, contact us at support@like2fit.com.

Contact: Ratecard Technologies Limited — support@like2fit.comTerms of ServiceDelete your account