CO.MODE Privacy Policy

Last modified: 14 April 2025

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING CO.MODE SERVICES. You must be 16 years old or older to use our Services.

Protecting your privacy is very important to CO.MODE (“CO.MODE”, “us”, “our” or “we”). This Privacy Policy (“Policy”), together with our Terms of Service and Cookies Policy, explains how we collect, use, disclose and safeguard your personal data when you use our mobile application, website or any related products and services (collectively the “Services”).

By accessing or using our Services you agree to this Policy. If you do not agree, please do not use our Services. For any questions, contact us at privacy@comode.fr.

1. Who we are

The data controller for your personal data is CO.MODE. You can reach our Data Protection Officer at privacy@comode.fr.

2. What personal data we collect, how we collect it and why

We collect data in three main ways:

1. Automatically when you access our Services

   • Device & technical data: unique identifiers, browser type, operating system, hardware, plug-ins.
   • Usage & location data: IP address, URLs visited, referrer, timestamps, response times, interaction data (scrolls, clicks), error reports.
   • Payment info: transaction details if you make purchases (card data handled by third-party processor).
   • Purpose: to provide access to our Services, ensure security and prevent abuse.
   • Legal basis: legitimate interest.
   • Retention: 60 days unless needed to resolve a security incident.

2. When you create a CO.MODE account or use the app

   • Contact & identification data: first name, last name, email, username, gender preference, profile photo, phone number, country, date of birth.
   • Security data: login credentials, passwords.
   • Location & technical data: time and location of registration.
   • Content data: photos of your clothing items, outfits, notes.
   • Purpose: to create and maintain your account, provide wardrobe management and outfit recommendations.
   • Legal basis: contract performance and your consent.
   • Retention: until you delete your account. With your consent, we may retain data for 3 months after account deletion to allow easy reactivation. You may request immediate deletion at privacy@comode.fr.

3. For app functioning, maintenance and improvement

   • Device & technical data: device ID, OS, hardware, crash reports.
   • Usage data: length of visits, interactions, geolocation, timestamps, referrer URL.
   • Content data: clothing photos to train features like automatic tagging.
   • Purpose: ensure proper functioning, maintenance and improvement of our Services and AI features.
   • Legal basis: legitimate interest.
   • Retention: 60 days unless needed for security incident resolution.

4. Social log‑ins (Apple, Google, Facebook)

   • Data: provider user ID and email, login time/date.
   • Purpose: allow you to log in via third‑party providers.
   • Legal basis: legitimate interest.
   • Retention: while your account remains active. Note: Apple, Google and Facebook process their own data; review their policies.

5. Marketing communications

   • Data: name, email, gender preference, device info, usage data.
   • Purpose: send marketing emails or in‑app messages we think may interest you.
   • Legal basis: consent.
   • Retention: until you unsubscribe or withdraw consent.

6. Push notifications

   • Data: name, email.
   • Purpose: send app notifications (reminders, suggestions).
   • Legal basis: consent.
   • Retention: until you revoke consent.

7. Important service messages

   • Data: name, email, gender preference.
   • Purpose: essential communications (service updates, Terms changes, outages).
   • Legal basis: legitimate interest.
   • Retention: until account deletion.

8. Feedback and research

   • Data: name, email, age, gender preference, feedback quotes.
   • Purpose: assess satisfaction and improve the product.
   • Legal basis: consent.
   • Retention: until no longer needed for the specific survey or study.

9. Job applications

   • Data: name, email, phone, location, LinkedIn or other CV details.
   • Purpose: evaluate your suitability and process the application.
   • Legal basis: consent.
   • Retention: 6 months after rejection unless you agree to be kept in our talent pool.

10. Social features (sharing wardrobes, moodboards)

    • Data: items in your wardrobe, moodboards, handles, links, photos.
    • Purpose: provide social features and allow sharing with approved followers.
    • Legal basis: contract performance and consent.
    • Retention: until account deletion (same reactivation option as above).

3. Visibility of your contributions

By default, accounts are Private: only approved followers can view and reuse your uploaded content. You can switch to Public in settings, making your contributions visible to all CO.MODE users. Even with a private account, followers may share your contributions outside the platform; CO.MODE cannot control such external sharing.

4. Where we store your data

We store data on Google Cloud Platform (regions: europe-west2, europe-west1, europe-west4, europe-north1). Processing may involve providers outside the EU; in such cases we use Standard Contractual Clauses and assess risks to your rights.

5. Who we share data with

We never sell your personal data. We share it only:

• With your consent or when necessary to perform a contract.
• With service providers acting as processors under written agreements (some outside the EU with appropriate safeguards).
• In case of mergers, acquisitions or change of control (the successor must respect this Policy).
• When required by law, court orders or legal processes.

Service providers and partners include: Google Cloud Platform, Firebase, MongoDB, Codemagic, Pixyle, Remove.bg, Apple App Store, Google Play Store, Vercel (web hosting), Adjust, Google Analytics, Mixpanel, Braze, Instabug, Builder.io and similar operational providers.

6. Data retention

We keep personal data only as long as necessary for the purposes outlined and in accordance with legal obligations and data‑minimization principles. When data is no longer needed, it is anonymized or securely deleted.

7. How we protect your data

We use appropriate technical and organisational measures, such as:

• Secure servers and HTTPS encryption
• Password protection and access controls
• Employee confidentiality agreements and training
• Continuous monitoring for vulnerabilities and attacks
• Regular reviews of our privacy controls

Despite our efforts, transmission over the internet is never completely secure. Use our Services at your own risk.

8. Your rights under GDPR

You may exercise the following rights by contacting privacy@comode.fr:

• Withdraw consent
• Object to processing
• Access your data
• Request erasure
• Restrict processing
• Data portability
• Rectification of inaccurate data
• Lodge a complaint with the supervisory authority

We may take reasonable steps to verify your identity before responding. We aim to respond within one month.

9. Cookies and tracking

We use cookies and similar technologies to provide a user-friendly experience, remember preferences and analyze performance. See our Cookies Policy for details and manage your preferences.

10. Complaints

If you have concerns about how we handle your data, contact us at privacy@comode.fr. You may also reach the French data protection authority (CNIL) at www.cnil.fr.

11. Information for California residents

Under the California Consumer Privacy Act (CCPA), you have rights to:

• Know what personal information we collect
• Request disclosure or deletion of your personal information
• Opt out of its sale (CO.MODE does not sell personal data)

To exercise these rights, email privacy@comode.fr. We will respond within 45 days.

12. Information for Brazilian residents

Under the Lei Geral de Proteção de Dados (LGPD), Brazilian residents have rights to:

• Confirm the existence of processing
• Access, correct, anonymize or delete data
• Portability and information about shared data
• Revoke consent or lodge a complaint with the ANPD

Data may be transferred outside Brazil when necessary for service provision, legal obligations, public policy or other lawful bases. Requests may be sent to privacy@comode.fr.

13. Changes to this Policy

Any updates will be posted on this page and, where appropriate, notified via email or in-app messages. Continued use of the Services after changes constitutes acceptance.