Sartorial

Legal

Privacy Policy

Last updated: February 2026

Effective date: February 2026

1. Introduction

Sartorial (“we,” “us,” or “our”) operates the Sartorial platform, a fashion discovery service available at sartorial-design.com. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service.

We are committed to transparency about our data practices. If you have questions about this policy, please contact us at contact@sartorial-design.com.

Effective date: February 2026

Last updated: March 2026

2. Information We Collect

2.1 Information You Provide to Us

  • Account registration: Email address and full name. Passwords are stored as cryptographic hashes - we never store your password in plain text.
  • Google Sign-In: If you sign in with Google, we receive your email address, display name, and profile picture from Google. We do not receive your Google password.
  • Style quiz responses: Your answers to our style quiz, including style archetypes, colour preferences, fit preferences, occasion preferences, lifestyle tags, budget ranges, gender, and age range.
  • Digital Wardrobe: Products you mark as owned, along with any notes you choose to add.
  • Wishlist: Products you save for later.
  • Contact form: Your name, email address, and message when you reach out to us.

2.2 Information Collected Automatically

  • Interaction events: We record which products you view, save to your wishlist, or add to your wardrobe, as well as products shown to you in your personalised feed. Each event includes the area of the app where it occurred.
  • Session identifier: A temporary random identifier stored in your browser's session storage, used to group your actions within a single browsing session. It is automatically deleted when you close the tab and is never shared with third parties.
  • Authentication cookies: Two HTTP-only, secure cookies (accessToken and refreshToken) maintain your logged-in session. These are strictly functional cookies necessary for the service to work.
  • Affiliate tracking data: Our affiliate partner CJ Affiliate uses cookies, tracking pixels, and scripts on this site to record click and impression data, referring URLs, and transaction information. CJ may also collect your IP address, browser and device information, and cookie identifiers. See Sections 5 and 7 for full details.
  • Analytics data: With your consent, we use Google Analytics 4 (operated by Google LLC) to collect aggregate usage statistics. GA4 records pages visited, events (such as product views and searches), device type, browser, and approximate location (city/region level). IP addresses are anonymised by default. See Sections 5.2 and 7 for full details.

2.3 Information We Do Not Collect

  • Payment card numbers or banking information - purchases happen on the brand's own website
  • Precise geolocation data
  • Device fingerprints
  • Data from advertising networks or data brokers for the purpose of targeted advertising

3. How We Use Your Information

The table below sets out each purpose for which we use your data, what information is involved, and the legal basis under GDPR.

PurposeData UsedLegal Basis (GDPR)
Creating and managing your accountEmail, name, avatarContract performance
Authenticating your sessionsAuth cookies, refresh tokensContract performance
Providing wardrobe and wishlist featuresProduct selections, notesContract performance
Generating personalised recommendationsQuiz responses, interaction events, derived preference vectorsLegitimate interests
Building and updating your style profileQuiz responses, behavioural dataLegitimate interests
A/B testing to improve recommendation qualityInteraction events, experiment assignmentsLegitimate interests
Responding to contact form messagesName, email, message contentLegitimate interests
Security and fraud preventionAuthentication logs, session dataLegitimate interests
Analytics – understanding how visitors use the site to improve the experience (via Google Analytics 4)Pages visited, events, device type, browser, approximate location, anonymised IPConsent
Affiliate tracking and purchase attribution (via CJ Affiliate)IP address, browser/device info, cookie IDs, click/impression data, referring URLs, transaction dataConsent

4. Automated Profiling and Personalised Recommendations

Sartorial uses two forms of automated processing to tailor your experience:

1. Quiz-based personalisation

Your style quiz answers are used to build a preference profile covering your preferred styles, colours, fits, occasions, and budget. This profile influences which products appear on your For You page and in what order.

2. Behavioural personalisation

When you are signed in, your browsing patterns and wishlist activity are analysed to identify trends in the styles, colours, brands, and price points you engage with. The system derives a weighted preference profile that refines your recommendations over time. Actions that express stronger intent - such as saving an item - carry more weight than passive browsing.

3. Visual similarity matching

Our recommendation engine analyses product images to extract visual characteristics (colours, textures, patterns, silhouettes) as numerical representations. These are used to find visually similar items and complementary outfit pairings across different clothing categories.

What this affects

  • The selection and ordering of products on your For You page
  • Outfit pairing suggestions on product pages
  • Curated sections like "Trending in Your Style" and "Your Price Range"

What this does not affect

  • Product pricing - the same price is shown to all users
  • Your ability to access any feature of the service
  • Any legal or financial decisions

Your right to object

You have the right to object to this profiling. You can retake the style quiz from your profile to reset your quiz-based preferences. To request a full reset of your behavioural data or to opt out of personalised recommendations, contact us at contact@sartorial-design.com.

5. Information Sharing and Third Parties

  • We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.
  • We do not share your data with advertising networks or data brokers.
  • Google: When you use Google Sign-In, your authentication is handled by Google's services, governed by Google's Privacy Policy. We receive only your email, name, and profile picture.
  • Hosting and infrastructure: Our servers and database are hosted by Railway, a cloud infrastructure provider based in the United States. Your data is stored securely on their servers.
  • Google Analytics: With your consent, we use Google Analytics 4 (operated by Google LLC) to collect aggregate usage statistics. GA4 uses cookies to distinguish users and sessions. IP addresses are anonymised by default. Google processes this data under its own privacy policy and the Data Processing Amendment we have accepted. See Section 5.2 for details.
  • Affiliate partners: Product links on Sartorial may direct you to brand and retailer websites via our affiliate partner CJ Affiliate (operated by Epsilon International UK Ltd). When you click these links, you leave Sartorial and the destination site's privacy policy applies.
  • Legal requirements: We may disclose your information if required by law, court order, or governmental regulation, or where necessary to protect our rights, property, or safety.

5.1 Third-Party Tracking: CJ Affiliate

Sartorial uses CJ Affiliate (operated by Epsilon International UK Ltd) to manage our affiliate programme. CJ Affiliate places Device Tracking Technologies on this site – including cookies, tracking pixels, and scripts – to attribute purchases to Sartorial and to measure the performance of our affiliate links.

Data collected by CJ Affiliate

  • IP address
  • Browser type, version, and device information
  • Cookie identifiers set by CJ
  • Click and impression data (which links you click and when)
  • Referring URLs (the page you were on before clicking)
  • Transaction data (items purchased, order value) when a purchase is completed on a retailer's site

Data controller relationship

For the personal data processed through CJ's tracking technologies, Sartorial and CJ Affiliate each act as independent data controllers under GDPR. Sartorial is responsible for obtaining your consent to the placement of CJ's tracking technologies on this site. CJ Affiliate is responsible for its own processing of the data it collects. The lawful basis for this processing is your consent, which you may give or withdraw at any time via our cookie consent banner.

For full details on how CJ Affiliate processes personal data, please read the CJ Affiliate Privacy Notice.

5.2 Third-Party Analytics: Google Analytics 4

Sartorial uses Google Analytics 4 (operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to understand how visitors use the site so we can improve the experience. GA4 uses first-party cookies to distinguish users and sessions.

Data collected by Google Analytics

  • Anonymised IP address (GA4 does not store the full IP address)
  • Pages visited and events triggered (e.g. product views, searches, quiz completion)
  • Session duration and engagement metrics
  • Device type, browser, and operating system
  • Approximate location (city/region level, derived from anonymised IP)
  • Referring website or campaign source

Data controller relationship

Sartorial is the data controller for the analytics data collected on this site. Google acts as our data processor under the Google Ads Data Processing Terms (Data Processing Amendment), which we have accepted. Google does not use this data for its own advertising purposes. We have not enabled Google Signals or any advertising features within GA4. The lawful basis for this processing is your consent, which you may give or withdraw at any time via our cookie consent banner.

For full details on how Google processes data collected via Google Analytics, please read the Google Privacy Policy and Google Analytics data practices.

6. Affiliate Disclosure

This site contains affiliate links. Sartorial may earn a commission on qualifying purchases made through these links, at no extra cost to you.

Sartorial is a discovery platform that links to products on brand and retailer websites. Some of these links are affiliate links managed through CJ Affiliate (operated by Epsilon International UK Ltd). When you click an affiliate link and make a purchase on the destination retailer's website, Sartorial may earn a commission. This commission is paid by the retailer and does not affect the price you pay – you will pay the same price as if you had visited the retailer directly.

Products featured on Sartorial are selected by our editorial judgement and recommendation algorithms – not by whether a product carries an affiliate relationship. Our goal is to surface items we genuinely believe match your style.

CJ Affiliate uses tracking technologies (cookies, pixels, and scripts) to attribute purchases to Sartorial. For details on what data is collected and how to opt out, see Sections 5.1 and 7.

7. Cookies and Storage

Strictly necessary cookies

accessToken

An HTTP-only, secure cookie containing your authentication token. Expires after 15 minutes. Required to verify your identity.

refreshToken

An HTTP-only, secure cookie used to renew your session without requiring you to sign in again. Expires after 7 days or when you sign out.

These cookies are set only when you sign in. They are not used for advertising or cross-site tracking.

Browser session storage

sartorial_session_id

A temporary random identifier stored in your browser's session storage. It groups your activity within a single browsing session for personalisation purposes. It is automatically deleted when you close the tab.

Third-party tracking technologies (CJ Affiliate)

With your consent, CJ Affiliate (Epsilon International UK Ltd) places cookies, tracking pixels, and scripts on this site. These technologies enable CJ to:

  • Track clicks on affiliate links from Sartorial to retailer websites
  • Attribute purchases to the originating click for commission purposes
  • Measure impressions and engagement with affiliate content
  • Record transaction data when a purchase is completed

These technologies are classified as non-essential and are only activated after you give consent through our cookie consent banner, in accordance with the ePrivacy Directive and UK PECR.

How to opt out of CJ Affiliate tracking

You can control or withdraw your consent for CJ Affiliate tracking at any time using any of the following methods:

  • Cookie consent banner: Use the cookie settings accessible from the banner displayed on your first visit, or reopen cookie preferences from the link in the site footer. Declining non-essential cookies will prevent CJ tracking technologies from being placed.
  • Browser settings: Configure your browser to block third-party cookies or clear existing cookies. Note that this may affect functionality on other websites.
  • CJ Affiliate opt-out: You can opt out of CJ's tracking directly via their privacy notice page.

Opting out of CJ tracking does not affect your ability to use Sartorial. Product links will continue to work; however, purchases may not be attributed to Sartorial.

Analytics cookies (Google Analytics 4)

With your consent, Google Analytics 4 sets the following first-party cookies to collect aggregate usage data. These cookies are only placed after you grant analytics consent through our cookie consent banner.

_ga

Distinguishes unique users by assigning a randomly generated identifier. Does not contain any personal information. Expires after 2 years.

_ga_G-YGKCQ92LB8

Maintains session state for Google Analytics 4. Contains a randomly generated identifier and session timestamps. Expires after 2 years.

Google Analytics does not use these cookies for advertising or cross-site tracking. IP addresses are anonymised by default and never stored in full.

How to opt out of Google Analytics

You can control or withdraw your consent for analytics cookies at any time using any of the following methods:

  • Cookie consent banner: Use the cookie settings accessible from the banner displayed on your first visit, or reopen cookie preferences from the link in the site footer. Unticking the Analytics toggle will prevent Google Analytics cookies from being placed.
  • Browser extension: Install the Google Analytics Opt-out Browser Add-on to prevent GA4 from collecting data across all websites.
  • Browser settings: Configure your browser to block cookies or clear existing cookies. Note that this may affect functionality on other websites.

Opting out of analytics does not affect your ability to use Sartorial. All features work identically regardless of your analytics consent choice.

8. Data Retention

We retain your data only as long as necessary for the purposes described in this policy.

DataRetention Period
Account informationUntil you delete your account
Style quiz responsesUntil you delete your account or reset preferences
Wishlist and wardrobe entriesUntil you remove them or delete your account
Behavioural preference profilesUntil you delete your account
Authentication tokens7 days (automatically expired)
Google Analytics event data14 months (configured in GA4; aggregated reports retained indefinitely)
Cached data (Redis)5-60 minutes (automatically expired)
Interaction events12 months (automatically deleted)
Style profile snapshotsUntil you delete your account
Contact form messages12 months (automatically deleted)
A/B experiment assignments6 months (automatically deleted)

When you delete your account, all associated personal data is permanently removed from our database.

9. Your Rights

For all users

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Update or correct inaccurate information through your profile settings or by contacting us.
  • Deletion (erasure): Delete your account and all associated personal data. You may also request erasure of specific data categories.
  • Portability: Receive your data in a structured, commonly used, machine-readable format (e.g. JSON or CSV).
  • Object to profiling: Opt out of personalised recommendations at any time.
  • Withdraw consent: Where processing is based on consent (e.g. Google Analytics, CJ Affiliate tracking), withdraw your consent at any time via the cookie consent banner. Withdrawal does not affect the lawfulness of processing carried out before you withdrew.

Additional rights for EU/EEA users (GDPR)

  • Right to restrict processing of your data
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent for non-essential tracking (e.g. Google Analytics, CJ Affiliate cookies) at any time via the cookie consent banner
  • Right to lodge a complaint with your national data protection supervisory authority (for UK residents, this is the Information Commissioner's Office at ico.org.uk)

Additional rights for California residents (CCPA/CPRA)

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information - Sartorial does not sell or share your personal information
  • Right to limit the use of sensitive personal information
  • Right to non-discrimination for exercising your privacy rights

How to exercise your rights

You can exercise your data rights in the following ways:

We will acknowledge your request within 10 business days and respond within the legally required timeframe (30 days under GDPR, 45 days under CCPA). We may need to verify your identity before processing your request.

10. Children's Privacy

Sartorial is not directed at children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal data, please contact us at contact@sartorial-design.com.

11. Data Security

We implement commercially reasonable technical and organisational measures to protect your personal information, including:

  • Authentication tokens stored as HTTP-only, secure cookies inaccessible to client-side scripts
  • Refresh tokens stored as cryptographic hashes in our database
  • Passwords hashed using industry-standard algorithms - never stored in plain text
  • All data transmitted over HTTPS encryption
  • Cached data subject to automatic expiry
  • Administrative access restricted by role-based authentication

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

12. International Data Transfers

Sartorial is operated from the United Kingdom. The applicable jurisdiction for this service is England and Wales. If you access our service from outside this jurisdiction, your data may be transferred to and processed in a country whose data protection laws may differ from those in your country.

For users in the EU/EEA, we ensure appropriate safeguards are in place for any transfer of personal data outside the European Economic Area, in accordance with GDPR requirements. The UK has an adequacy decision from the European Commission, meaning transfers between the EU/EEA and the UK are permitted without additional safeguards. For transfers to the United States (where our hosting provider Railway and Google LLC operate), we rely on standard contractual clauses. Google processes analytics data under the Data Processing Amendment and its standard contractual clauses for international transfers. CJ Affiliate (Epsilon International UK Ltd) processes data under its own privacy notice and applicable UK/EU data protection law.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy with a new "Last updated" date
  • For significant changes, notify registered users by email

Your continued use of Sartorial after changes are posted constitutes acceptance of the updated policy. We encourage you to review this page periodically.

Questions about this policy? Contact us at contact@sartorial-design.com