Legal CenterTerms & ConditionsPrivacy PolicySecurity PolicyCookie PolicyAI DisclaimerSatisfaction Guarantee

    Security & Data Protection Policy

    Effective Date: August 15, 2025

    Company: BespokeWearAI Pte Ltd ("BespokeWearAI", "we", "us", "our")

    BespokeWearAI is committed to safeguarding the privacy, confidentiality, and integrity of your personal data. This Security & Data Protection Policy outlines the measures we implement to protect user data and maintain compliance with applicable laws, including Singapore's PDPA, the EU GDPR, and other relevant international standards.

    1. Data We Protect

    We apply strict security controls to protect the following categories of data:

    • Personal identifiers (e.g., name, email, contact details, preferences)
    • Uploaded photos and user-generated content (e.g., body measurements, style inputs)
    • Payment and subscription information (processed securely via third-party providers)
    • AI interaction data and usage history

    2. Infrastructure Security

    Our infrastructure is designed with multiple layers of protection, including:

    • End-to-end encryption for data in transit (SSL/TLS)
    • Encryption at rest using industry-grade standards (AES-256)
    • Cloud-based firewalls and intrusion detection systems
    • Hosting on secure, internationally certified cloud platforms (e.g., AWS, Google Cloud)

    3. Access Control

    We limit access to personal and sensitive data using:

    • Role-based access control (RBAC) for all systems
    • Mandatory two-factor authentication (2FA) for administrative tools
    • Strict internal permissioning for staff and contractors
    • Continuous access logging and periodic auditing

    4. Data Minimization & Retention

    • We collect only the data necessary to deliver our services.
    • User photos and AI inputs are stored temporarily, unless you choose to retain them for future use.
    • Outdated or unused personal data is anonymized or securely deleted in accordance with our retention policy.

    5. Incident Response Plan

    In the event of a suspected or actual data breach:

    • Affected users will be notified within 72 hours where legally required (in line with GDPR standards).
    • Relevant regulatory authorities will be informed in compliance with applicable laws.
    • A detailed investigation and remediation plan will be executed, and updates provided to affected users.

    6. User Controls & Rights

    You have the right to:

    • Request a copy of the personal data we hold about you
    • Delete your account and associated personal data
    • Withdraw or revoke previously granted consent
    • Report any suspected breaches directly to our legal team

    7. Third-Party Processors

    We only work with trusted third-party service providers who comply with:

    • International standards such as ISO 27001 and SOC 2
    • Data Processing Agreements (DPAs) aligned with GDPR/CCPA requirements
    • Applicable laws for secure cross-border data transfer

    8. Children's Data

    • We do not knowingly collect data from children under 13.
    • In jurisdictions where parental consent is required for minors, we will seek verified consent before processing such data.

    9. Policy Reviews & Updates

    This Policy is reviewed annually or whenever significant changes to our infrastructure, services, or legal requirements occur.

    10. Contact Information

    If you have questions or concerns about this Security & Data Protection Policy, or wish to exercise your data rights, please contact our Data Protection Officer (DPO):

    BespokeWearAI Pte Ltd

    📧 Email: legal@bespokewear.ai