Uverest Privacy Policy

1. What this Policy covers

This Policy covers how we handle personal data when you access the Services and/or interact with the Content. It explains what we collect, why we collect it, how we use and share it, where we store it, and the choices and rights available to you.

2. Data we collect

We collect the following categories of information (depending on how you use the Services):

• Identifiers & Contact Details: name, username, email, phone, addresses (billing/shipping), age/date of birth (where permitted/required).
• Account & Profile Data: preferences (size, fit, style, budget), saved items/wishlists, avatars/profile photos, social sign-in identifiers.
• Order & Transaction Data: items viewed/purchased, order IDs, prices, quantities, taxes/duties, returns/exchanges, delivery information. Payment card data is handled by our payment processors and not stored in full by Uverest.
• Device/Technical Data: IP address, device IDs, OS, app version, browser type, SDK logs, diagnostics, crash reports, security signals.
• Usage Data: event logs (clicks, views, searches), session timestamps, referral URLs, cookie IDs/SDK identifiers (see our Cookie Policy).
• Location Data: city/region (derived from IP); where you opt in, coarse or device-level location for localised features.
• User-Generated Content (UGC): reviews, lists, comments, prompts, photos (including try-on images), and any content you upload or generate.
• Communications: emails, in-app messages, support tickets, survey/interview recordings (with notice).
• Inferences: taste/style predictions, size recommendations, scores and segments derived from other data.

3. How we collect data

• Directly from you: account registration, profile setup, checkout, support, surveys/interviews, UGC uploads.
• Automatically: cookies/SDKs, analytics, logs when you browse, search, or interact with the Services.
• From third parties: identity providers (e.g., Apple/Google), payment processors, anti-fraud providers, logistics partners and analytics/advertising partners where necessary to track referrals and attribute sales.

See our separate Cookie Policy for details on cookies, SDKs, and similar technologies.

4. Why we use your data (purposes)

We use personal data to:

• Provide the Services: account creation, product discovery, cart/checkout, order routing, returns assistance.
• Personalise & recommend: curate items and looks based on your style, size, and behaviour; remember settings; show relevant Content.
• Operate Try-On & Sizing: render AR/AI previews; offer fit/size guidance (advisory only).
• Process payments: via third-party processors/wallets; manage authorisations, captures, refunds, chargebacks.
• Communicate: order and service messages, support, technical notices;—with your consent where required—marketing and sale alerts.
• Improve & secure: analytics, debugging, service quality, fraud prevention, abuse detection, security monitoring.
• Research & development: surveys/tests to improve features and models (with safeguards; training on UGC only with opt-in).
• Legal & compliance: recordkeeping, sanctions/export controls, tax and accounting, responding to lawful requests.

5. Legal bases for processing (EEA/UK)

Where GDPR/UK GDPR applies, we process data on the following bases: Contract (to provide the Services and fulfil orders); Legitimate interests (to personalise, secure, prevent fraud, improve the Services); Consent (for certain marketing, cookies/SDKs, precise location, and training on try-on images); Legal obligation (tax, accounting, compliance). You can withdraw consent at any time without affecting prior processing.

6. Sharing & disclosures

We share personal data as follows, using appropriate contractual and technical safeguards:

• Retail/Marketplace Partners (independent controllers): to fulfil your order, manage returns/warranty, verify stock/price, and attribute referrals. Their privacy notices apply to their processing.
• Payment & Risk Providers (processors/controllers): payment gateways, wallets, fraud-prevention and chargeback services.
• Logistics & Customer Support: shipping, returns, label/RMA providers; contact-centre tooling.
• Cloud/IT/Engineering: hosting, content delivery, monitoring, ticketing, email/SMS providers.
• Analytics & Measurement: product analytics, A/B testing, app store measurement.
• Advertising & Marketing: ad networks and platforms for interest-based advertising where permitted; you can opt out (see Your Choices & Rights).
• Social Sign-In & Sharing: if you connect a social account or share Content externally.
• Corporate transactions: merger, financing, acquisition, or sale of assets (subject to continuity of protections).
• Legal & safety: to comply with law, enforce terms, or protect rights, safety, and security.
• With your direction or consent.

We do not sell personal data for money. Under some U.S. state laws, certain data sharing for cross-context behavioural advertising may be considered a "sale" or "sharing"; you can opt out (see below).

7. International transfers & data location

• Primary storage: We host and store personal data in the United States (primary storage and backups).
• Cross-border transfers: If we transfer personal data to other countries (e.g., to Partners or providers), we use lawful transfer mechanisms, such as Standard Contractual Clauses (SCCs)/UK IDTA, and where applicable, rely on recipients’ participation in an EU-U.S./UK-U.S. Data Privacy Framework. For UAE PDPL transfers, we use adequacy or appropriate safeguards/derogations as permitted by law.
• Local laws: Your data may be subject to access by foreign authorities under their laws.

8. Advertising, cookies & signals

We and partners use cookies/SDKs to operate the Services, remember preferences, measure performance, and deliver ads. See our Cookie Policy for details and choices.

US state choices: We honour applicable Global Privacy Control (GPC) signals for browser-based opt-outs of "sale/share" where required. You can also use in-app/web settings (when available) or email us with the subject line “Do Not Sell or Share My Personal Information”.

9. Retention

We keep personal data only as long as needed for the purposes above, and to comply with legal, tax, and accounting requirements. Typical periods include:

• Account data: retained while your account is active and for up to 24 months after inactivity, then deleted or anonymised unless longer is required.
• Orders & payments: kept for 7 years (or longer as required by tax/accounting laws).
• Logs & analytics: typically 12–24 months.
• Marketing consents & opt-outs: stored to evidence preferences.
• Try-on images: deleted within 30 days unless you save them or explicitly consent to a longer retention (e.g., for your history); cached copies in backup systems roll off per cycle.

10. Security

We implement administrative, technical, and physical safeguards, including encryption in transit, access controls, network segmentation, and monitoring. No system is 100% secure; transmission over the internet carries risk. If you believe your account has been compromised, contact service@mtlab.ai.

11. Your choices & rights

Controls. You can update profile data, manage communications, and adjust cookie/SDK preferences (where available). You can opt out of marketing emails via unsubscribe links; you may still receive transactional messages.

Rights. Depending on your location, you may have rights to access, correct, delete, restrict, object (including to profiling for direct marketing), portability, and withdraw consent. To exercise rights, email service@mtlab.ai (no embedded forms). We may verify your request, and may deny or limit requests as permitted by law. If we decline, you may appeal by replying to our decision within 30 days.

Automated decisions. We use profiling to personalise recommendations and ads but do not make decisions with legal or similarly significant effects without human review.

Do Not Track. We currently do not respond to DNT signals. We honour GPC where required.

12. US state privacy notice (California & others)

If you are a resident of California (CPRA) or other states with similar laws (e.g., CO, CT, VA, UT), you may have additional rights:

• Categories collected: identifiers; commercial info; internet/network activity; geolocation (coarse); UGC; inferences; and, where you provide them, precise location or images used for try-on. We do not intentionally collect government IDs or precise geolocation unless you enable it; we do not collect or use biometric identifiers for identification.
• Purposes: as in Sections 4 and 8.
• Sources: as in Section 3.
• Disclosures: to categories in Section 6.
• Sell/Share: we do not sell for money; some disclosures for cross-context behavioural advertising may be a "sale"/"share" - you can opt out via GPC, in-app/web settings (when available), or by emailing service@mtlab.ai with the subject line above.
• Sensitive personal information: if collected (e.g., precise location), we limit use to permitted purposes and honour requests to limit its use/disclosure.
• Non-discrimination: we will not discriminate against you for exercising your rights.
• Authorized agents: you may designate an agent; we will need proof of authority and verification.

13. Children

The Services are not directed to children under 18 and we do not knowingly collect personal data from them. If you believe a child under 18 has provided data, contact service@mtlab.ai and we will delete it. If local law requires a higher age of consent for certain processing, we will honour that requirement.

14. Changes to this Policy

We may update this Policy from time to time. The latest version will be posted with the "Last revised" date. If a change is material, we will provide reasonable notice (e.g., in-app or by email). Your continued use of the Services after the effective date means