Informativa sui cookie
Ultimo aggiornamento: marzo 2026
FittingMe.AI — Virtual Fitting Room Application
Last updated: March 1, 2026 Version: 1.0
1. Introduction
This policy describes the cookies and trackers used by the FittingMe.AI mobile application (hereinafter the "Application") and the associated website, in accordance with the following provisions:
- Article 82 of Law No. 78-17 of January 6, 1978, as amended (Data Protection Act), transposing Article 5(3) of Directive 2002/58/EC (ePrivacy Directive);
- Decision No. 2020-091 of September 17, 2020 of the CNIL adopting guidelines on the application of Article 82 of the Law of January 6, 1978, as amended;
- CNIL Recommendation of September 17, 2020 proposing practical compliance measures.
2. What Is a Cookie or Tracker?
A cookie is a small text file stored on the user's device (smartphone, tablet, computer) when visiting a website or using an application. A tracker more broadly refers to any mechanism that reads or writes information on the user's device, including advertising identifiers, SDKs (Software Development Kits), pixels, and digital fingerprinting.
In the context of a mobile application, trackers typically take the form of SDKs integrated into the application and persistent identifiers stored locally.
3. Inventory of Trackers Used
3.1. Strictly Necessary Trackers (Exempt from Consent)
These trackers are essential to the operation of the Application and cannot be disabled. They do not require user consent in accordance with Article 82 of the Data Protection Act and CNIL guidelines.
| Tracker | Provider | Purpose | Type | Lifespan |
|---|---|---|---|---|
| Firebase Auth Token | Google Ireland Limited (Firebase Authentication) | Authenticate the user and maintain their login session. This token is essential for secure access to the Service. | Authentication token stored locally (SecureStorage / SharedPreferences) | Session duration. Token automatically refreshed (1 hour for the access token). Refresh token: account lifetime. |
| Firebase Installation ID | Google Ireland Limited (Firebase) | Uniquely identify the Application installation for push notification delivery (FCM) and the proper functioning of essential Firebase services. | Installation identifier | Application installation lifetime |
| Isar Database | Local storage (no third party) | Local database enabling offline operation of the Application (wardrobe, garment, and try-on cache). No data is transmitted to third parties. | Local on-device database | Application installation lifetime |
| User Preferences | Local storage (no third party) | Store the user's technical choices (language, display preferences, cookie consent choices). | SharedPreferences / UserDefaults | Application installation lifetime |
3.2. Trackers Subject to User Consent
These trackers are only activated after obtaining the user's free, specific, informed, and unambiguous consent. They are never deployed before the user has made their choice.
3.2.1. Audience Measurement and Analytics
| Tracker | Provider | Purpose | Type | Lifespan |
|---|---|---|---|---|
| PostHog Analytics SDK | PostHog, Inc. | Measure Application audience, understand user journeys, identify the most-used features, and improve user experience. Data collected: interaction events (anonymized), device type, Application version, navigation paths. | Mobile SDK integrated into the Application | Analytics identifier: 25 months from first interaction. Event data: 25 months. |
3.2.2. Session Recording
| Tracker | Provider | Purpose | Type | Lifespan |
|---|---|---|---|---|
| PostHog Session Recording | PostHog, Inc. | Visually record usage sessions to diagnose usability issues and improve the interface. Data collected: visual screen captures, interactions (taps, scrolls), screen-to-screen navigation. | Mobile SDK integrated into the Application (recording component) | Recordings: 90 days |
3.2.3. Feature Flags
| Tracker | Provider | Purpose | Type | Lifespan |
|---|---|---|---|---|
| PostHog Feature Flags | PostHog, Inc. | Determine which features are enabled for the user (progressive rollout, A/B tests). Data collected: user identifier (pseudonymized), feature flag state. | Mobile SDK integrated into the Application | Session lifetime |
4. Consent Mechanism
4.1. Collecting Consent
Upon first use of the Application (or upon the first update including this policy), a consent banner is presented to the user with the following options:
- "Accept All": enables all consent-dependent trackers;
- "Refuse All": refuses all consent-dependent trackers; only strictly necessary trackers remain active;
- "Customize My Choices": allows consenting to or refusing each tracker category individually.
In accordance with CNIL guidelines:
- refusing is as simple as accepting (same number of clicks);
- no choice (closing the banner without interaction) is treated as a refusal;
- consent is not a condition for accessing the Service (no cookie wall);
- no consent-dependent tracker is deployed before the user has made their choice.
4.2. Proof of Consent
In accordance with Article 7(1) of the GDPR, FittingMe.AI retains proof of user consent:
- consent timestamp;
- cookie policy version at the time of consent;
- choices made (by tracker category);
- user identifier (or device identifier for non-logged-in users).
This proof is retained for the duration of consent validity (see Section 4.4).
4.3. Modifying Consent
Users can modify their consent choices at any time from:
- Application Settings → Privacy → Cookie and Tracker Management
Consent modifications take effect immediately:
- upon withdrawal of consent for a tracker, data collection by that tracker ceases immediately and the relevant SDK is disabled;
- data already collected under prior consent remains lawfully processed, but no new collection takes place.
4.4. Consent Validity Period
In accordance with CNIL recommendations, user consent is valid for a maximum of six (6) months. Upon expiration, consent is requested again.
Consent refusal is also retained for six (6) months. The user is not asked again during this period, unless there is a substantial change to the cookie policy.
5. Data Transfers
Consent-dependent trackers (PostHog) may result in data transfers outside the European Economic Area. These transfers are governed in accordance with Section 5 of our Privacy Policy.
6. Impact of Refusing Trackers
Refusing consent-dependent trackers has no impact on Application functionality. All Service features remain accessible:
| Tracker Category | Impact of Refusal |
|---|---|
| Strictly necessary trackers | Cannot be refused — essential for operation |
| Audience measurement (PostHog Analytics) | No functional impact. FittingMe.AI will not have anonymized usage data for this user. |
| Session recording (PostHog Recording) | No functional impact. This user's sessions will not be recorded. |
| Feature flags (PostHog) | Minimal impact. The user may receive the default feature configuration instead of a personalized one. |
7. Managing Trackers at the Device Level
In addition to the controls offered within the Application, users can manage trackers at the device level:
7.1. iOS (Apple)
- Settings → Privacy & Security → Tracking: disable "Allow Apps to Request to Track"
- Settings → Privacy & Security → Apple Advertising: enable "Limit Ad Tracking"
7.2. Android (Google)
- Settings → Privacy → Ads: enable "Opt out of Ads Personalization"
- Settings → Privacy → Ads: "Delete advertising ID"
Note: FittingMe.AI does not use advertising identifiers (IDFA/GAID) and does not engage in advertising targeting. The above settings are mentioned for informational purposes.
8. Summary Table
| Tracker | Purpose | Consent Required | Duration | Third Party |
|---|---|---|---|---|
| Firebase Auth Token | Authentication | No (strictly necessary) | Session / Account | |
| Firebase Installation ID | Push notifications | No (strictly necessary) | Installation | |
| Isar Database | Offline operation | No (strictly necessary) | Installation | None |
| User Preferences | Technical settings | No (strictly necessary) | Installation | None |
| PostHog Analytics SDK | Audience measurement | Yes | 25 months | PostHog |
| PostHog Session Recording | UX diagnostics | Yes | 90 days | PostHog |
| PostHog Feature Flags | Progressive rollout | Yes | Session | PostHog |
9. Policy Updates
This policy may be modified at any time, particularly to reflect the addition or removal of trackers. In the event of a substantial modification (addition of a new consent-dependent tracker, change of purpose), user consent will be requested again.
The date of the last update appears at the top of this document.
10. Contact
For any questions regarding cookies and trackers:
FittingMe.AI SAS Email: contact@fittingme.ai — subject: "Cookie Policy"
11. Learn More
- CNIL — Cookies and trackers: what does the law say?: https://www.cnil.fr/fr/cookies-et-autres-traceurs
- Decision No. 2020-091 of September 17, 2020 (guidelines): https://www.cnil.fr/fr/cookies-et-traceurs-que-dit-la-loi
- CNIL cookie recommendation: https://www.cnil.fr/fr/cookies-solutions-pour-les-outils-de-mesure-daudience