← LegalHome
Legal

Privacy Policy

Last updated: March 29, 2026

This Privacy Policy explains how Cruxnd Haze, Inc. (doing business as Haze Couture) and its affiliates ("Haze", "we", "our", "us") collect, use, disclose, and protect personal information across our websites, mobile applications, administrative tools, and supporting 3D/AI services.

Your use of our services is also governed by our Terms of Use.

Table of Contents

1. Scope Of This Privacy Policy2. Who We Are And How To Contact Us3. Categories Of Personal Information We Collect4. Face And Body Scan Data (Including Face Scan Images)5. Sources Of Personal Information6. How And Why We Use Personal Information7. Lawful Bases For Processing (EEA/UK)8. Cookies, Similar Technologies, And Analytics9. Payments, Billing, And Transaction Data10. How We Share Personal Information11. International Data Transfers12. Data Retention13. Data Security And Safeguards14. Your Privacy Rights And Choices15. Additional California Privacy Notice16. Children And Teen Privacy17. Automated Processing And Profiling18. Third-Party Links And Services19. Changes To This Policy20. Contacting Us And Complaints

1. Scope Of This Privacy Policy

This Privacy Policy applies to information processed in connection with:

  • our public website and waitlist pages, including payment flows;
  • our mobile applications and related account, social, chat, try-on, and shopping features;
  • our admin and operations interfaces used by authorized personnel and partners;
  • our 3D/body model and garment simulation tools and related collaboration services; and
  • communications with us, including support and legal inquiries.

This policy does not apply to third-party sites, apps, and services that we do not control, even if they are linked from our services.

2. Who We Are And How To Contact Us

Data Controller: Cruxnd Haze, Inc. (doing business as Haze Couture)
Address: 1111B, S Governors Ave STE 48063, Dover, Delaware, US. 19904
Legal contact: legal@hazecouture.com
Privacy/support contact: support@hazecouture.com

3. Categories Of Personal Information We Collect

Depending on how you interact with Haze, we may collect the following categories:

  • Account and identity data: name, username, email, phone number, account identifiers, profile details, and authentication/session identifiers.
  • Body and fit data: measurements, body model metadata, garment/fit parameters, scan images (including front, side, and back body scans), optional face scan images, and model files used to power try-on and fit experiences. Face scan images may be treated as sensitive or biometric-related information under applicable law—see Section 4 for how we use and retain face and body scan data.
  • Content and communications: messages, chat metadata, uploads, social interactions, support requests, and related interaction records.
  • Transaction and commercial data: waitlist submissions, order details, shipping data, subscription/payment status, and billing-related records.
  • Device and technical data: IP-derived context, user agent, app/browser characteristics, logs, diagnostics, and security events.
  • Usage and analytics data: product and feature usage metrics, performance events, interactions with pages or features, and aggregated analytics outputs.
  • Potentially sensitive information: body measurements, face and body scan images, and model-derived data may be considered sensitive (including biometric-related information) under certain privacy laws. Section 4 describes our use of face scan data in detail.

4. Face And Body Scan Data (Including Face Scan Images)

When you use our body scan or virtual try-on features, we may collect and process images and related metadata from your device. Depending on the flow, this can include:

Face and body scan images are transmitted to and processed on Haze's secure servers to generate your 3D and AI mannequin. Images are not processed solely on-device. Once your mannequin is generated, raw scan images are retained under the retention rules described below. You may request deletion of raw scan images at any time, subject to the fraud prevention exception described in this section.

  • Body scans (typically required for a full body scan): front, side, and back images (sometimes labeled in our systems as front_scan, side_scan, and back_scan).
  • Face scan (optional in some flows): a face image where you choose to provide it (e.g. for try-on or personalization), sometimes labeled as face_scan.
  • Related metadata: for example, image or device metadata (such as EXIF fields where available) combined with your scan, along with measurements and profile fields you provide (such as height, weight, age, and gender) used to generate 3D and AI outputs.

How we use face and body scan data (dual purposes). We use this information for:

  • Product functionality and personalization: to create and improve personalized 3D and AI mannequins, virtual try-on, fit-related features, and related shopping experiences tied to your account.
  • Fraud prevention and account security: to help detect and investigate unauthorized account access, identity misuse, abuse, or disputes—for example, by retaining scan-related data as needed to review security incidents or verify account activity when permitted by law.

Before collecting face scan images, we will request your explicit consent through an in-app prompt that clearly describes how the data will be used. You may withdraw consent at any time by requesting deletion of your scan data as described in Section 14. Withdrawal of consent does not affect processing that occurred prior to withdrawal.

What we do not do with face and body scan data. We do not sell face or body scan data, and we do not provide it to data brokers for their standalone commercial lists or marketing databases. We do not use face or body scan images for third-party advertising or cross-context behavioral advertising as described in this policy. Processing by vendors is limited to operating the Services as described here.

Sharing. Face and body scan data may be processed by service providers (for example, hosting, security, and AI or model-processing partners) solely to provide the Services on our behalf, under contractual obligations appropriate to the data involved. We do not authorize service providers to sell your scan data or to use it for their own independent marketing.

Retention. We retain face and body scan data for at least twelve (12) months or until you delete your account or successfully request deletion of scan data, whichever is longer, so we can operate try-on and body features, respond to support and disputes, and complete fraud or security investigations where applicable. We may retain data longer when required by law, to resolve disputes, or to enforce our agreements. Specific retention can vary by data type and context; contact us if you need detail about your information.

Your choices. You may request access to or deletion of personal information, including scan and face image data, as described in Section 14. We may verify your request before acting. In limited cases—such as when we must complete a good-faith fraud or security review—we may need up to 45 days to complete an active fraud or security review before fulfilling a deletion request. After that period, we will delete or anonymize the data except where retention is required by law.

5. Sources Of Personal Information

We collect personal information from:

  • you directly (for example, account setup, waitlist forms, purchases, uploads, and support contact);
  • your device or app/browser when you use our services;
  • service providers and partners that help us process payments, analytics, hosting, and operations;
  • integrated products and systems used to deliver features (for example, app stores and payment services); and
  • other users or business partners where relevant to collaborative or marketplace functionality.

6. How And Why We Use Personal Information

We use personal information to:

  • provide and maintain Haze services, including account creation, login, and session management;
  • deliver fit personalization, 3D/body-related features, and AI-enabled try-on experiences, including using body and optional face scan images as described in Section 4;
  • protect accounts and our community by using retained scan-related information where appropriate for fraud prevention, security investigations, and dispute resolution, as described in Section 4;
  • process purchases, subscriptions, refunds, order updates, and fraud prevention checks;
  • operate communication, social, and support channels;
  • improve product quality, reliability, accessibility, and user experience;
  • protect security, detect abuse, investigate incidents, and enforce our terms;
  • comply with legal, tax, audit, accounting, and regulatory obligations; and
  • send service communications and, where allowed, updates or marketing communications.

7. Lawful Bases For Processing (EEA/UK)

Where GDPR/UK GDPR applies, our legal bases typically include:

  • Contract: to provide requested services and fulfill transactions.
  • Legitimate interests: to improve services, secure systems, and prevent misuse.
  • Consent: where required (for example, certain optional communications or technologies).
  • Legal obligation: where processing is required by applicable law.

You can withdraw consent at any time where consent is the legal basis, without affecting prior lawful processing.

8. Cookies, Similar Technologies, And Analytics

We use cookies and similar technologies for essential service operation, functionality, performance, analytics, and security. For example, our website uses analytics integrations and operational technologies to understand feature usage and improve performance.

We may use third-party analytics providers to measure traffic and product interactions. You can manage browser cookie settings and certain device-level controls. Some regions may provide additional consent or opt-out options depending on local legal requirements.

9. Payments, Billing, And Transaction Data

Payment processing is handled by payment partners and platform providers (for example, card processor or app store purchase platforms). We do not store full payment card numbers on our own systems when payment processors provide hosted and tokenized payment flows.

We may receive and store transaction status, order/subscription details, billing contact data, and associated identifiers needed for accounting, support, compliance, and fraud prevention.

10. How We Share Personal Information

We may disclose personal information to:

  • service providers that host infrastructure, process payments, provide analytics, and support operations;
  • partners and vendors supporting marketplace, communication, collaboration, and customer workflows;
  • professional advisors (such as legal, audit, and compliance advisors);
  • law enforcement, courts, regulators, or other parties where legally required; and
  • acquiring entities in connection with mergers, acquisitions, financings, or corporate restructuring.

We do not sell personal information in exchange for monetary compensation. If legal definitions of "sale" or "share" under specific laws apply to a particular data flow, we provide rights and controls as required.

Face and body scan data: as stated in Section 4, we do not sell face or body scan data and do not provide it to data brokers. We share scan data only with service providers and parties described above, consistent with Section 4.

11. International Data Transfers

Haze and our service providers may process personal information in countries other than your own. Where required, we use appropriate safeguards for international transfers, including contractual protections and other lawful transfer mechanisms recognized by applicable law.

12. Data Retention

We retain personal information only for as long as reasonably necessary for the purposes described in this policy, including to provide services, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods depend on data type, legal requirements, and operational needs.

Examples:

  • account and profile data: retained while your account remains active and for a limited period after closure;
  • face and body scan images and derived model data: retained under the rules described in Section 4 (including at least twelve months or until account deletion or successful deletion request, whichever is longer, unless a longer period is required by law or for dispute resolution);
  • transaction records: retained for financial, tax, and compliance periods required by law;
  • support and security logs: retained for operational and incident-response windows; and
  • derived analytics: retained in aggregate or de-identified form where feasible.

13. Data Security And Safeguards

We use administrative, technical, and organizational safeguards designed to protect personal information, including access controls, authentication controls, transport security, and operational monitoring. No system is fully secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your account credentials and notifying us promptly if you suspect unauthorized access.

14. Your Privacy Rights And Choices

Depending on your location, you may have rights to:

  • access and receive a copy of personal information we hold about you;
  • request correction of inaccurate personal information;
  • request deletion of personal information, subject to legal exceptions;
  • request deletion or access specifically regarding face scan, body scan, or related model data, consistent with Section 4 and applicable law;
  • object to or restrict certain processing;
  • withdraw consent where processing is consent-based;
  • request portability of certain personal information; and
  • appeal a denial of rights where required by law.

To exercise rights, email legal@hazecouture.com or support@hazecouture.com. We may need to verify your identity and authority before completing requests.

15. Additional California Privacy Notice

This section is provided for California residents and is intended to align with CCPA/CPRA disclosure expectations, including 11 CCR section 7011.

  • Categories collected in the preceding 12 months: identifiers, customer records, commercial information, internet/electronic activity, geolocation-related data, profile/account information, inferences, and certain sensitive information where needed for feature delivery—including, where applicable, biometric information and other sensitive personal information (such as face or body scan images) as described in Sections 3 and 4.
  • Sources: directly from consumers, devices, service providers, integrated systems, and partners.
  • Purposes: service delivery, operations, support, analytics, security, legal compliance, and service improvement—including the dual purposes for scan data described in Section 4 (personalization and fraud prevention).
  • Disclosures for business purposes: we may disclose relevant categories to service providers, contractors, and partners that support the services.
  • Sale/share statement: we do not sell personal information for money. If any activity is considered "sharing" for cross-context behavioral advertising under California law, California residents may exercise applicable opt-out rights.
  • Sensitive personal information: we use sensitive personal information (including biometric or face/body scan data where applicable) only for permissible, disclosed, and proportionate purposes as described in this policy and Section 4, unless and until additional consent or rights flows are required.

California residents may request to Know, Delete, Correct, and receive equal service and pricing without unlawful discrimination for exercising privacy rights. Requests may be submitted by email at legal@hazecouture.com or support@hazecouture.com.

16. Children And Teen Privacy

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without legally required authorization. For users between 13 and 17, we do not knowingly collect biometric or face scan data without verifiable parental or guardian consent where required by applicable law. If you believe a child or teen has provided personal information in violation of applicable law, contact us at support@hazecouture.com and we will take appropriate steps.

17. Automated Processing And Profiling

Some Haze features use algorithmic processing to generate fit, styling, and personalization outputs. These processes are designed to improve service functionality and user experience and are not intended to produce unlawfully discriminatory effects. Where applicable law grants additional rights related to automated decisions, you may contact us to request more information.

18. Third-Party Links And Services

Our services may contain links to third-party websites, social platforms, payment providers, or embedded services. Their privacy practices are governed by their own notices. We encourage you to review those policies before sharing personal information.

19. Changes To This Policy

We may update this Privacy Policy periodically to reflect legal, technical, or business changes. When we do, we will update the "Last updated" date and, where required, provide additional notice.

20. Contacting Us And Complaints

If you have questions, concerns, or requests regarding this policy or our data practices, contact:

Cruxnd Haze, Inc. (doing business as Haze Couture)
1111B, S Governors Ave STE 48063, Dover, Delaware, US. 19904
legal@hazecouture.com
support@hazecouture.com

If you are located in the EEA/UK, you may also have the right to lodge a complaint with your local data protection authority.