Kitted Privacy Policy
Last updated: December 14, 2025
The Short Version (TL;DR)
- Local-First: Kitted is designed so your personal content lives primarily on your phone, not our servers.
- You Own Your Data: Your wardrobe items, outfits, and photos are yours.
- Optional Cloud: We only store content in the cloud if you create an account to sync across devices.
- No Data Sales: We do not sell your personal data. We make money from the app, not your information.
- AI Privacy: We use Google Gemini for outfit suggestions, configured so that your data is not used to train their models.
1. Who We Are (Data Controller)
The data controller responsible for your information is:
- Company: Nordfoundry AB Org. nr: [559523-1829]
- Location: Stockholm, Sweden
- Contact: privacy@nordfoundry.se
Legal Basis for Processing:
- Performance of Contract: To provide the core features of the app (e.g., syncing your wardrobe if you choose to enable sync).
- Legitimate Interest: To analyze anonymous usage trends to improve the app stability.
- Consent: When accessing sensitive device permissions (like Camera or Location) or opting into analytics.
2. Where Your Data Lives
Local-First Architecture
When you add a shirt, create an outfit, or log a trip, that content is saved directly to your device’s local storage. If you do not create an account, your photos and wardrobe details never leave your device.
Cloud Sync (Optional)
If you choose to create an account, we sync your data to the cloud to facilitate cross-device access and backup.
- Storage Location: We store this data in the European Union (EU) via Supabase (hosted in Germany).
- Security: Your data is encrypted in transit (HTTPS/TLS) and at rest.
Anonymous Usage Data
We collect anonymous telemetry (e.g., “App launched,” “Crash detected”) to fix bugs. This data is aggregated and does not identify you personally or contain your user-generated content.
3. Third-Party Services
We rely on trusted partners to run Kitted. We have Data Processing Agreements (DPAs) in place with all partners.
| Partner | Service | Purpose | Data Visibility |
|---|---|---|---|
| Supabase | Backend/Database | Auth & Sync | Encrypted user content (if account exists). |
| PostHog | Analytics | Usage Trends | Pseudonymized events (e.g., “Button Clicked”). IP addresses are masked. |
| Sentry | Crash Reporting | Bug Fixing | Stack traces if the app crashes. No personal photos. |
| Google (Gemini) | AI Models | Intelligence | Text/Image inputs sent only when you request AI analysis. |
| OpenWeather | Weather API | Forecasts | Coordinates (Latitude/Longitude) to fetch weather. |
International Transfers: Where partners are located outside the EEA (e.g., Google), we rely on the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs) to ensure your data remains protected to GDPR standards.
4. How We Use Artificial Intelligence (Gemini)
Kitted uses Google’s Gemini API to provide outfit suggestions.
- On-Demand Only: We only send data to the AI when you explicitly tap a button to request a suggestion (e.g., “Generate Outfit”).
- No Training: We use the API in a configuration where Google agrees not to use your inputs or outputs to train their foundation models.
- Data Retention: Data sent to the AI is transient and is not retained by the AI provider after the response is generated.
- Limitation of Liability: AI suggestions are generated by a machine and may be inaccurate or “hallucinate.” Please use discretion; Kitted is not responsible for fashion faux pas or unsuitable clothing advice.
5. Device Permissions
We request access to specific device features. You can grant or revoke these permissions in your OS Settings at any time.
- 📸 Camera: To take photos of your clothes.
- 🖼️ Photo Library: To import existing photos.
- 📍 Location: Used only to fetch local weather forecasts for outfit planning. We do not track your movement or store your location history. You may select “Approximate Location” instead of “Precise Location” if your device supports it.
- 📅 Calendar: To display your events within the app context.
Revoking Permissions: If you revoke permissions, the app will continue to function, but features relying on those permissions (e.g., weather-based suggestions) will be disabled.
6. Data Retention
- Local Data: Retained on your device until you delete the app or manually delete items.
- Cloud Data: Retained as long as your account is active.
- Deletion: If you request account deletion, your data is removed from our production database immediately. Backups may retain encrypted fragments for up to 30 days before being permanently overwritten.
7. Security
We use industry-standard encryption (AES-256 and TLS 1.2+) to protect your data. While we implement robust security measures, no method of transmission over the internet is 100% secure. You are responsible for keeping your account credentials confidential.
8. Children’s Privacy
Kitted is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal data from children. If we discover we have collected data from a minor without parental consent, we will delete it immediately.
9. Cookies & Tracking (Website Only)
For information about how we use cookies on our website, please see our Cookie Policy.
10. Analytics & Tracking (App Details)
We use PostHog to understand how people use Kitted (e.g., “Do users prefer the Calendar view or the List view?”).
- Pseudonymization: This data is pseudonymized. We see “User 123 clicked button A,” not “John Doe clicked button A.”
- Opt-Out: You can opt-out of this entirely in Settings → Privacy & Data.
11. Your Rights (GDPR & CCPA)
Regardless of where you live, you have control over your data:
- Right to Access & Portability: You can export your data via Settings > Privacy > Export Data.
- Right to Correction: You can edit your wardrobe and profile directly in the app.
- Right to Delete (Account Deletion): You may delete your account and all associated cloud data directly within the app via Settings > Privacy > Delete Account. This action is irreversible.
- Right to Opt-Out: You can opt-out of anonymous analytics tracking in the app settings.
If you are an EU resident and feel your rights have been violated, you have the right to lodge a complaint with your supervisory authority (in Sweden: Integritetsskyddsmyndigheten - IMY).
12. Contact Us
If you have questions about this policy or your data:
- Email: privacy@nordfoundry.se
- Address: Nordfoundry AB, Stockholm, Sweden