Security and privacy for merchant teams
This page summarizes our security and data-protection approach for initial vendor reviews. More detailed information can be shared on request during a commercial or security review.
Data in scope
Data handled depends on the merchant configuration. It may include integration information, product and size-chart data, declared or estimated measurements, images or captures when virtual try-on is enabled, generated outputs, and technical logs needed for operation, diagnostics, and security.
Risk-based approach
Our approach is proportionate to the risks linked to the data handled and the integration context. We prioritize data minimization, internal access limited by operational need, clear integration responsibility boundaries, and review processes adapted to merchant security teams.
Merchant boundary
FittingMe.ai provides technology that integrates into the merchant website. The merchant remains responsible for its customer journey, user notices, configuration choices, and applicable obligations. We provide the information needed to support that merchant-side analysis.
Vendor review
Procurement, security, compliance, or DPO teams can request additional information on data flows, data categories, integration boundaries, internal access processes, and security contact points.
We do not publish certifications, hosting regions, incident timelines, or specific controls without documentation applicable to your scope.