Privacy Policy

Who we are

Send The Fit ("we", "us") is operated by [Legal entity name, company number], registered in [Country] at [Registered address]. We are the data controller for account holders (production and agency users) and the data processor for supporting-artist data on behalf of the production that invited them.

What we collect

• Account users: name, email, hashed password, authentication tokens.
• Supporting artists: name, email, costume code, uploaded fitting photos, submission timestamps.
• Technical: basic server logs (IP, user-agent, request paths) kept for 30 days for security and debugging.

Why we use it

To run the digital fitting workflow, authenticate users, deliver transactional emails (invites, password resets), and meet legal obligations. We never use personal data for marketing or profiling.

How long we keep it

Supporting-artist data is purged automatically once the production's configured retention window elapses (typically 30 days after wrap). Account data is kept while the account is active and deleted within 30 days of account closure. Server logs roll off after 30 days. Audit logs of deletions are retained for 12 months and contain no personal data.

Who we share it with

Emails and personal details are only visible to agency members through this portal. Photos are visible to the production's costume team. Our sub-processors (Cloudflare for hosting, Supabase for database/auth/storage, Resend for email) handle data only as necessary to run the service. We do not sell data and do not share with advertisers.

Your rights

You can request access, correction, deletion, restriction, portability or object to processing at any time by emailing privacy@sendthefit.com. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk).

Security

Full details of our security posture are at sendthefit.com/trust.

Changes

We will post material updates to this page and notify account holders by email.