Privacy Policy

Effective Date: 02.04.2026

SO-ME App Ltd ("SO-ME", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the SO-ME app and website (the "Service"). We operate in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data Controller

The data controller responsible for your personal data is:

SO-ME APP LTD

Toward Studio, Cambrian Buildings

Cardiff CF10 5FL

hello@so-me-app.com

2. What Data We Collect

We collect the following categories of personal data:

a) Account Information

When you create an account, we collect your name, email address, and authentication details (via email or Google OAuth). If you sign in with Google, we receive your Google profile name and email address.

b) Style Preferences and Onboarding Data

During onboarding and use of the Service, we collect your style preferences, gender preferences, budget ranges, preferred clothing categories, and condition preferences (new, preloved, or both).

c) Browsing Behaviour and Interaction Data

We collect data about how you interact with the Service, including products you view, save to favourites, swipe on, search queries, chat conversations with our AI stylist, and pages you visit.

d) Device and Technical Data

We automatically collect your IP address, browser type, device type, operating system, referring URLs, and session information through cookies and similar technologies. Your IP address and browser User-Agent string are stored in your session record when you sign in.

e) Images You Upload

If you upload images to our AI stylist chat for visual search or style matching, we process those images to provide recommendations. Uploaded images are not retained beyond the session unless you explicitly save them.

3. How We Use Your Data

We use your personal data for the following purposes:

•Personalised Recommendations: Your style preferences, browsing behaviour, and interaction data power our AI styling recommendations, helping us suggest products that match your taste, size, and budget.
•Account Management: To create and manage your account, authenticate your identity, and maintain your session.
•Service Improvement: To analyse usage patterns, diagnose technical issues, and improve the overall user experience.
•Communications: To send you service-related notifications, updates, and, where you have opted in, marketing communications.
•Legal Compliance: To comply with applicable laws, regulations, and legal processes.

4. How AI Styling Recommendations Use Your Data

Our AI stylist uses your style preferences, browsing history, saved items, swipe data, and chat interactions to generate personalised product recommendations. This processing is based on your consent and our legitimate interest in providing a personalised shopping experience.

AI recommendations are generated in real time and are not used to make automated decisions that have legal or similarly significant effects on you. You can reset your style preferences or delete your interaction history at any time through your profile settings.

5. Legal Basis for Processing

We process your personal data on the following legal bases under the UK GDPR:

•Consent (Article 6(1)(a)): For marketing communications, non-essential cookies, and processing uploaded images.
•Contract (Article 6(1)(b)): To provide the Service, manage your account, and deliver personalised recommendations.
•Legitimate Interest (Article 6(1)(f)): For analytics, service improvement, fraud prevention, and affiliate tracking.
•Legal Obligation (Article 6(1)(c)): Where required by law.

6. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. For full details on the cookies we use, how to manage them, and your choices, please see our Cookies Policy.

Our session cookies are set on the .so-me-app.com domain, which means they are shared across our subdomains (auth.so-me-app.com, shop.so-me-app.com, and admin.so-me-app.com). This allows you to remain signed in as you move between different parts of the Service without needing to re-authenticate.

7. Third-Party Sharing

We share your personal data with the following categories of third parties:

•Affiliate Networks (AWIN & Sovrn): We source products from affiliate partners including AWIN. When you click through to a retailer, affiliate tracking links are used to attribute commission. We also use Sovrn's VigLink service for affiliate link monetisation. These services may set cookies on your device for tracking purposes.
•Analytics Providers (Google Analytics): We use Google Analytics 4 to understand how users interact with the Service. Google may process your data in accordance with its own privacy policy.
•Cloud Infrastructure (AWS): Your data is stored and processed on Amazon Web Services infrastructure located in the United Kingdom (eu-west-2 region). We use AWS Bedrock for AI styling recommendations — your chat prompts are processed transiently and not retained by the AI service.
•Authentication (Google OAuth): If you sign in with Google, your authentication is processed through Google's OAuth service.

We do not sell your personal data to third parties. We only share data as described above and where necessary to operate the Service.

8. International Data Transfers

Your data is primarily stored and processed in the United Kingdom. Where data is transferred outside the UK (for example, to Google or AWS services), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK Government.

9. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

Data Type	Retention Period
Account information	Until you delete your account
Style preferences and onboarding data	Until you delete your account or reset preferences
Browsing and interaction data (page views)	90 days from collection (automatically cleaned)
Session records (including IP address and User-Agent)	Until session expires (automatically cleaned up by our data retention process)
AI chat conversations	Until you delete your account
Uploaded images	Stored temporarily until account deletion
Analytics data	14 months (configured in Google Analytics)
Cookie data	See our Cookies Policy

When data is no longer needed, it is securely deleted or anonymised. We may retain anonymised, aggregated data indefinitely for analytical purposes.

10. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

•Right of Access: You can request a copy of the personal data we hold about you.
•Right to Rectification: You can ask us to correct inaccurate or incomplete data.
•Right to Erasure: You can request that we delete your personal data, subject to any legal obligations we may have to retain it.
•Right to Restrict Processing: You can ask us to limit how we use your data in certain circumstances.
•Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format and have it transferred to another controller.
•Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes.
•Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at hello@so-me-app.com. We will respond within one month of receiving your request, as required by law.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS/SSL), secure credential storage via AWS Secrets Manager, access controls, and regular security reviews. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will take steps to delete it.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of significant changes via email or an in-app notification. The "Effective Date" at the top of this page indicates the most recent revision.

14. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office

Wycliffe House, Water Lane

Wilmslow, Cheshire SK9 5AF

ico.org.uk

15. Contact Us

If you have any questions about this Privacy Policy or your personal data, contact:

SO-ME APP LTD

Toward Studio, Cambrian Buildings

Cardiff CF10 5FL

hello@so-me-app.com