SSIZDInstall
Legal

Privacy policy

What we collect, why, how long we keep it, and the rights you have over your data.

Last updated May 2, 2026

SIZD is operated by Rapid R Ltd ("we", "us"). SIZD provides a virtual try-on and size recommendation service for Shopify merchants. This policy explains what data we collect, why, how long we keep it, and how shoppers can exercise their rights under the GDPR and CCPA.

Who is the controller?

The Shopify merchant operating the store on which SIZD is installed is the data controller for shopper data collected through the widget. SIZD acts as a data processor on behalf of that merchant.

What we collect

  • Photos uploaded by shoppers. When a shopper uses the try-on feature, they upload one or more photos of themselves.
  • Body measurement estimates. Derived from the photo by an AI model to power size recommendations.
  • Try-on results. AI-generated images showing the shopper wearing a selected garment.
  • A random session identifier stored in the shopper's browser localStorage, used to reconnect them to their own photos on return visits. Not a tracking cookie.
  • Merchant account data (store domain, installation metadata, settings) collected from Shopify when the app is installed.

Biometric data

Photos of faces and bodies are considered biometric data in some jurisdictions. We process them only to provide the try-on and sizing features the shopper explicitly requested by clicking "Try it on" and confirming consent. We do not use photos to identify individuals or for any other purpose.

How data is used and shared

  • Photos are sent to FASHN AI (fashn.ai) for try-on image generation and to Anthropic (Claude) for body measurement estimation. These are contractual sub-processors.
  • Photos and results are stored in Cloudflare R2, with the storage bucket keyed to the merchant's shop.
  • Application data is stored in a PostgreSQL database hosted on Railway (EU region).
  • We do not sell data, share it with advertisers, or use it to train models.

Retention

Shopper photos and generated try-on images are automatically deleted 30 days after upload. A shopper can request earlier deletion at any time by contacting the merchant or emailing office@sizdtryon.com. When a merchant uninstalls the app, all associated shop data is deleted immediately.

GDPR: data subject rights

Shoppers in the EU have the right to access, correct, delete, or export their data, and to withdraw consent. Requests can be made directly to the merchant or to office@sizdtryon.com.

Storefront try-on sessions are anonymous and not linked to a Shopify customer account, so Shopify customer-deletion webhooks cannot match a customer to specific stored data. To exercise deletion or access rights, shoppers should email us directly with the approximate date of use and the merchant store. We will identify and remove the relevant photos and results.

Consent

Before processing any photo, the widget asks the shopper to tick an explicit consent checkbox. No photo is uploaded or processed without that consent.

Security

All traffic uses HTTPS. Stored photos are accessible only through time-limited presigned URLs. Access to backend systems is restricted to authorized personnel and logged.

Children

SIZD is not intended for use by children under 13 (or under 16 in the EEA). We do not knowingly collect data from children.

Changes to this policy

We will post updates to this page and change the "Last updated" date above. Material changes will be notified in-app to merchants.

Contact

Questions, requests, or complaints: office@sizdtryon.com.