Privacy Policy

Effective date: 6 March 2026

1. Data Controller

AI4.Style ("we", "us", "our") is the data controller for personal data processed through AI4.Style (the "Service"). Address: 22 Goodge Street, London W1T 2QE, England. Contact: [email protected]. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Personal Data We Collect

We may collect and process the following categories of personal data: (a) Identity and contact data — name, email address, and any other information you voluntarily provide via contact forms; (b) Technical data — IP address, browser type and version, operating system, device type, time zone, and general location data derived from your IP address; (c) Usage data — pages visited, features used, click patterns, session duration, and referral source; (d) AI interaction data — inputs you provide to the Service and the AI-generated outputs returned. We do not knowingly collect data from children under 13. If you believe we have, please contact us immediately.

3. Lawful Bases for Processing

We process your personal data on the following lawful bases under Article 6 of the UK GDPR: (a) Consent — where you have given clear consent for us to process your personal data for a specific purpose, such as receiving communications; (b) Legitimate interests — where processing is necessary for our legitimate interests (e.g., improving the Service, ensuring security, and understanding usage patterns), except where overridden by your rights; (c) Contract — where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract; (d) Legal obligation — where processing is necessary to comply with a legal obligation to which we are subject.

4. How We Use Your Data

We use your personal data to: (a) provide, operate, and maintain the Service; (b) respond to your enquiries and communications; (c) analyse usage patterns to improve the Service; (d) ensure the security and integrity of the Service; (e) comply with legal obligations; and (f) train and improve our AI models. Where AI interaction data is used to improve our models, it is aggregated and anonymised so that it no longer identifies you.

5. AI-Specific Data Processing

When you use the Service, your inputs are processed by artificial intelligence systems to generate styling recommendations and other outputs. You acknowledge that: (a) AI processing involves automated decision-making as described in Article 22 of the UK GDPR; (b) AI Outputs are algorithmically generated and we accept no liability for decisions you make based on them; (c) we may use anonymised and aggregated interaction data to improve our AI models; and (d) you have the right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects — if you believe such a decision has been made, contact us to request human review.

Profiling: The Service may use AI to analyse your preferences, inputs, and interactions to generate personalised styling recommendations. This constitutes profiling under Article 4(4) of the UK GDPR. Such profiling is based on your consent or our legitimate interest in providing a personalised experience. The profiling does not produce legal or similarly significant effects — it is used solely to generate styling suggestions. You may object to profiling at any time by contacting us at [email protected].

AI bias: AI Outputs may reflect biases present in training data. We take reasonable steps to identify and mitigate bias, but we cannot guarantee that AI Outputs are free from bias or discrimination. If you believe an AI Output is discriminatory or harmful, please contact us.

Data Protection Impact Assessment: We have conducted a Data Protection Impact Assessment (DPIA) in accordance with Article 35 of the UK GDPR for the AI processing activities carried out by the Service. This assessment evaluates the risks to your rights and freedoms and the measures we have implemented to mitigate those risks. A summary of our DPIA is available on request by contacting [email protected].

6. Cookies and Tracking Technologies

We use strictly necessary cookies to ensure the Service functions correctly. We may also use analytics cookies to understand how visitors interact with the Service. Analytics cookies are only set with your consent. You can manage your cookie preferences through your browser settings. For more detail, see our cookie information below. Strictly necessary cookies are essential for the Service to operate and cannot be switched off. Analytics cookies help us understand usage patterns and improve the Service; these are only placed with your consent.

7. Data Sharing and Third Parties

We do not sell your personal data. We may share your data with: (a) Service providers — trusted third parties who assist in operating the Service (e.g., hosting, analytics), bound by contractual obligations to process data only on our instructions and in compliance with UK GDPR; (b) Legal requirements — where required by law, regulation, legal process, or governmental request; (c) Business transfers — in connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy.

8. International Data Transfers

Some of our service providers may be located outside the United Kingdom. Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including: (a) transfers to countries deemed adequate by the UK Secretary of State; (b) the use of International Data Transfer Agreements (IDTAs) or the UK Addendum to EU Standard Contractual Clauses; or (c) other lawful transfer mechanisms. You may request details of the safeguards in place by contacting us.

9. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Contact form data is retained for up to 24 months. Technical and usage data is retained for up to 12 months. AI interaction data used for model improvement is anonymised promptly and retained in anonymised form only. When data is no longer required, it is securely deleted or anonymised.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include encryption in transit (TLS), access controls, and regular security reviews. However, no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office (ICO) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the UK GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay, in accordance with Article 34 of the UK GDPR, providing details of the breach and the measures taken or proposed to address it.

12. Your Rights Under UK GDPR

Under the UK GDPR, you have the following rights regarding your personal data: (a) Right of access — request a copy of the personal data we hold about you; (b) Right to rectification — request correction of inaccurate or incomplete data; (c) Right to erasure — request deletion of your personal data where there is no compelling reason for continued processing; (d) Right to restrict processing — request restriction of processing in certain circumstances; (e) Right to data portability — request transfer of your data to you or a third party in a structured, commonly used, machine-readable format; (f) Right to object — object to processing based on legitimate interests or direct marketing; (g) Rights related to automated decision-making — the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, and the right to request human intervention. To exercise any of these rights, contact us at [email protected]. We will respond within one month. There is no fee for exercising your rights, though we may charge a reasonable fee for manifestly unfounded or excessive requests.

13. Right to Complain

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection. ICO website: ico.org.uk. ICO helpline: 0303 123 1113. We would appreciate the opportunity to address your concerns before you contact the ICO — please reach out to us at [email protected] first.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated effective date. Where changes are significant, we will take reasonable steps to notify you. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

15. Contact

For any questions about this Privacy Policy or how we handle your personal data, contact us at [email protected] or write to us at AI4.Style, 22 Goodge Street, London W1T 2QE, England.