Privacy Policy

Last updated May 9 2026

Looqko is a B2B virtual try on service that enables online stores to offer their customers a virtual fitting room experience using just a single photo. This policy outlines how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR - EU 2016/679) and French data protection laws.

1. Data Controller Identity

Looqko, virtual try on SaaS
Email: contact@looqko.com
Website: https://looqko.com

2. Data collected

2.1. Data provided by retailers

• Identity: first and last name, business name, store URL
• Contact Information: business email, phone number (optional)
• Authentication: password (bcrypt hashed, never stored in plain text)
• Billing Information: processed securety by Stripe (we never store card numbers)
• API Usage Logs: API keys, request volume, status

“For Shopify merchants, the app accesses order amounts to attribute sales driven by virtual try on; no personal customer data (name, email, address) is ever accessed or stored.”

2.2. Data provided by end users (shoppers)

• Photos: headshots and body images provided via the store widget to generate the virtual try on
• Body measurements: height and weight for size recommendations
• Technical data: IP address, session ID, browser type

Photos may contain biometric data. Processing is based on the explicit consent collected via the store widget. No persistent facial recognition systems are used.

2.3. Data Collected Automatically

• Technical logs (security, debugging, performance)
• Session cookies (authentication, language preferences)
• Anonymous analytics (heatmaps, conversion rates without personal data)

3. Purpose of processing and legal basis

• Providing the virtual try on service: Legal basis contract performance (GDPR Art. 6.1.b)
• Invoicing and subscription management: Contract performance
• Service security and fraud detection: Legitimate interest (Art. 6.1.f)
• Customer support: Contract performance
• Marketing communications and newsletters: Consent (Art. 6.1.a), withdrawable at any time
• Anonymous audience measurement: Legitimate interest
• Processing of photographs (biometric data): Explicit consent (Art. 9.2.a)
• Legal obligations (accounting, fraud, GDPR): Legal obligation (Art. 6.1.c)

4. Who We Share Data With

We work with technical service providers to keep the service running smoothly, particularly for:

  • payments

  • hosting

  • AI image generation

  • secure data storage

  • sending transactional emails

Some of these providers may be located outside the European Union (specifically in the United States). In such cases, we implement the necessary safeguards in compliance with GDPR, including the Standard Contractual Clauses of the European Commission.

5. Data Retention

• Active merchant account: contract duration + 3 years post termination (contractual evidence)
• End user photographs: 30 days maximum post generation, followed by automatic and irreversible deletion
• Generated try on videos: 30 days, followed by automatic deletion
• Technical logs: 12 months
• Billing data: 10 years (legal accounting obligation)
• Cookies: 13 months maximum

6. Security

We implement the following technical and organizational security measures:
• TLS 1.3 encryption across all communications
• Encryption at rest (AES-256) for R2 storage
• Password hashing with bcrypt (high labor factor)
• Encrypted daily backups
• Regular security audits and penetration tests
• Personal data access restricted by the principle of least privilege
• Automated incident detection and alerts


In the event of a personal data breach, we commit to notifying the CNIL within 72 hours and the affected individuals without undue delay, in accordance with Articles 33 and 34 of the GDPR.

Your Rights Under GDPR

You have the following rights regarding your personal data:
• Right of access (Art. 15): obtain a copy of your data
• Right to rectification (Art. 16): correct inaccurate data
• Right to erasure (Art. 17): "right to be forgotten"
• Right to restriction of processing (Art. 18)
• Right to data portability (Art. 20): receive your data in a structured format
• Right to object (Art. 21): specifically to profiling and marketing
• Right to withdraw your consent at any time
• Right to set post mortem directives on how your data is processed


To exercise these rights, send your request to contact@looqko.com and include a copy of your ID. We will respond within a maximum of 30 days (1 month, extendable by 2 months in complex cases).
Complaints: you can file a complaint with the CNIL (www.cnil.fr) if you feel your rights are not being respected.

Cookies and Tracking

We use the following types of cookies:
• Strictly necessary cookies: authentication, security, load balancing deployed without consent (CNIL exemption)
• Anonymized audience measurement cookies: without prior consent in accordance with CNIL recommendations
• Marketing and advertising cookies: only after your explicit consent
You can manage your cookie preferences at any time using the "Manage Cookies" button at the bottom of the page. Withdrawing consent is as simple as giving it.

9. Minors

Our services are not intended for anyone under 16. However, parents or legal guardians may use them for virtual try ons involving minors. We do not knowingly collect personal data from minors without parental consent. Any data shared in error can be deleted upon request at contact@looqko.com

10. Data Transfers Outside the European Union

Some of our subprocessors (FASHN AI, Modal, Google, Resend) are located in the United States. These international data transfers are secured by:
• Standard Contractual Clauses (SCCs) approved by the European Commission (decision 2021/914)
• EU-US Data Privacy Framework certification for participating subprocessors
• Additional technical safeguards (encryption, pseudonymisation, limited retention periods)
You can request a copy of these safeguards at contact@looqko.com

11. Changes to these Terms

We may update this policy to reflect legal, technical, or contractual changes. Active customers will be notified by email of any significant changes at least 30 days before they take effect. You can find the latest update date at the top of this page.

Get in touch

For any questions regarding this policy or the processing of your personal data:
• General Support: contact@looqko.com