Controller
Name: Knightify FlexCo
Address: Kelsenstrasse, 1030 Vienna, Austria
Email: [email protected]
Regulatory framing
Effective date: April 10, 2026
Primary legal framework: GDPR and applicable Austrian law
Primary supervisory authority: Austrian Data Protection Authority (Datenschutzbehörde)
Consumer market assumption: Austria and the wider EEA
1. Core privacy principles
We process personal data only to the extent required to operate, secure, improve, support, and lawfully monetize ClosOn. We aim to keep processing proportionate to the feature you use, avoid collecting data that the feature does not need, and give users practical controls for review, export, deletion, and account security.
Because ClosOn includes AI-supported imports and recommendations, we distinguish between data that is needed to perform the service you request and data that is processed for reliability, moderation, support, legal compliance, and fraud prevention. Where device permissions or non-essential processing would require consent, the relevant processing should only happen once that consent is given.
2. Feature-by-feature processing overview
Account creation, login, password reset, email verification, and two-factor authentication
Data used
Identity data, login credentials, hashed password, session identifiers, email-verification records, recovery-code material, IP address, device/browser metadata, and security logs.
Why we use it
To create and secure your account, authenticate you, prevent abuse, and keep the app available only to authorized users.
Legal basis
Art. 6(1)(b) GDPR for account delivery and Art. 6(1)(f) GDPR for fraud prevention and service security.
Profile, preferences, sizes, style preferences, disliked colors, and notification settings
Data used
Profile fields, clothing sizes, fit and color preferences, timezone, locale, notification choices, and privacy settings.
Why we use it
To personalize your app experience, recommendation logic, communication preferences, and account defaults.
Legal basis
Art. 6(1)(b) GDPR.
Wardrobe, perfume, and accessory management
Data used
Titles, categories, colors, materials, seasons, formality, brand information, notes, uploaded images, wear history, favorites, and user corrections.
Why we use it
To maintain your digital wardrobe, render item pages, generate analytics, and power recommendation and styling features.
Legal basis
Art. 6(1)(b) GDPR.
Manual image uploads, product-link imports, and AI tagging
Data used
Uploaded or linked product images, URLs, extraction prompts, model outputs, confidence scores, normalized metadata, review flags, and override history.
Why we use it
To classify fashion items, prefill wardrobe records, and help you avoid manual data entry.
Legal basis
Art. 6(1)(b) GDPR, plus Art. 6(1)(f) GDPR for quality control and model-operations review.
Receipt-import flow and inbound email processing
Data used
Inbound receipt email alias, sender/subject metadata, merchant details, receipt content, extracted order lines, failed-import diagnostics, and redaction status.
Why we use it
To turn purchase receipts into wardrobe drafts and to diagnose receipt-processing failures.
Legal basis
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR for service reliability and abuse prevention.
Public contact and support requests
Data used
Name, email address, optional company name, topic, message content, privacy-policy acknowledgement timestamp, source page, IP address, and user-agent data.
Why we use it
To answer incoming inquiries, document the request context, and protect the contact flow against abuse or spam.
Legal basis
Art. 6(1)(b) GDPR for pre-contractual or support communication you initiate and Art. 6(1)(f) GDPR for service security and abuse prevention.
Daily looks, recommendations, outfit saves, and Plotforge builds
Data used
Wardrobe combinations, weather context, recommendation scores, saved outfits, outfit ratings, affinity signals, build state, and regeneration counters.
Why we use it
To generate grounded outfit suggestions using your stored wardrobe and your recent feedback.
Legal basis
Art. 6(1)(b) GDPR.
Private stylist chat and other premium AI interactions
Data used
Prompts, chat messages, contextual wardrobe snapshots, preferences, mood or event details you enter, output messages, and provider metadata.
Why we use it
To provide conversational styling help and premium AI support grounded in your own wardrobe.
Legal basis
Art. 6(1)(b) GDPR.
Insights and wardrobe analytics
Data used
Wardrobe counts, category coverage, review backlog, wear history, recently worn signals, recommendation feedback, and premium-access state.
Why we use it
To show actionable wardrobe analytics and next-step suggestions inside the app.
Legal basis
Art. 6(1)(b) GDPR.
Sharing, private collections, borrowing, invites, comments, and blocked-user controls
Data used
Invitee email addresses, access permissions, accepted-invite records, comments, borrow-request dates and messages, share removals, and block records.
Why we use it
To let users selectively share wardrobe content, coordinate lending and borrowing, and control who can participate.
Legal basis
Art. 6(1)(b) GDPR for the feature you initiate and Art. 6(1)(f) GDPR for safety, moderation, and abuse handling.
Inspiration feed, style posts, comments, likes, boards, and style signatures
Data used
User-posted images, captions, board associations, likes, comments, moderation status, style-signature analysis, and recreation requests.
Why we use it
To operate community-style inspiration features and allow style discovery and recreation support.
Legal basis
Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR for moderation and community safety.
Weather-aware personalization and geolocation-enabled flows
Data used
Manually entered city, optional browser geolocation coordinates, reverse-geocoded labels, and weather forecasts.
Why we use it
To make suggestions weather-aware and show weather-based dashboard context.
Legal basis
Art. 6(1)(b) GDPR for manually entered location data and Art. 6(1)(a) GDPR where device geolocation permission is used.
Premium subscriptions, AI credits, billing, and admin premium overrides
Data used
Stripe customer identifiers, subscription identifiers, price IDs, status and renewal data, invoice references, plan entitlements, AI credit packs, and admin override values.
Why we use it
To sell and manage paid plans, credit purchases, renewals, cancellations, and support adjustments.
Legal basis
Art. 6(1)(b) GDPR and Art. 6(1)(c) GDPR for accounting and tax retention duties.
Admin operations, moderation, review queue, support, and audit logging
Data used
Audit trails, moderation states, failed-job context, low-confidence review markers, account-access actions such as suspension or impersonation, AI incident notifications, support-facing user, billing, receipt-import, wardrobe, and stylist-session records, and account change logs.
Why we use it
To support users, operate billing and moderation workflows, diagnose incidents, investigate abuse, and ensure accountable administration of the service.
Legal basis
Art. 6(1)(f) GDPR and Art. 6(1)(c) GDPR where records must be retained by law.
3. How data enters the app
- Directly from you when you register, upload wardrobe images, add preferences, send stylist prompts, rate outfits, create inspiration posts, share items, or purchase premium access.
- From your mailbox flow when you forward or route purchase receipts to your personal import address.
- From your browser or device when you use session cookies, sign in, or choose to share geolocation for weather-aware features.
- From third-party providers when you use social login, payments, weather lookups, AI-backed processing, or email infrastructure.
- From administrative review actions when support, moderation, or quality-control work is needed.
4. AI processing and human review
ClosOn uses AI to analyze wardrobe photos, prefill imported items, extract receipt information, support stylist chat, generate suggestions, create style signatures, and enrich inspiration or recommendation flows. Depending on the feature, the input may include images, URLs, message content, preferences, weather context, wardrobe metadata, recent wear history, and user feedback.
We do not describe these features as solely automated decision-making with legal or similarly significant effects under Art. 22 GDPR. The implemented product is built around assistance, not final legal or financial decisions. AI output can be wrong, uncertain, or subjective, and the service includes user review, admin review, confidence scoring, requeue tools, override flows, and manual correction paths.
Low-confidence wardrobe items and failed or uncertain receipt imports may be surfaced to authorized administrators inside the admin review queue so the service can be corrected, stabilized, and kept trustworthy.
5. Sharing and visibility rules
Your wardrobe is private by default except where you actively share content or publish community-facing inspiration material. If you create a private shared collection, invite another user, submit a borrow request, or comment within a shared flow, the relevant data becomes visible to the users and administrators who need it for that flow.
If you create style posts, comments, or likes in inspiration areas, that content may be visible within the parts of the product that are designed for social discovery and moderation. Administrators may access this content where necessary for support, abuse handling, moderation, or legal compliance.
6. Recipients and processors
We may share personal data with the following categories of recipients when needed to operate ClosOn. Where a third-party processes personal data on our behalf as a data processor under Art. 28 GDPR, we maintain a Data Processing Agreement (DPA) or rely on the processor's standard contractual terms incorporating the EU Standard Contractual Clauses (SCCs) adopted under Commission Decision (EU) 2021/914.
Stripe – Payment processing
Stripe, Inc. (USA) and Stripe Payments Europe, Ltd. (Ireland) process billing data for checkout, subscription management, renewal billing, invoice generation, and fraud prevention. Data shared: Stripe customer identifiers, subscription and payment method metadata, and invoice references. Transfer mechanism: adequacy decision for EEA entity; SCCs for US entity. Stripe Privacy Policy.
Hosting and storage infrastructure
ClosOn stores application data and uploaded media on the hosting and storage infrastructure configured for the live deployment. In this codebase, Laravel local and public filesystem disks are the default storage backends, and an S3-compatible object store may optionally be configured in production.
Anthropic – AI language model processing
Anthropic PBC (USA) provides AI language model services used for private stylist chat, outfit refinement, style-signature analysis, and related premium AI features. Data sent to Anthropic may include wardrobe metadata, user preferences, chat messages, and contextual information you provide during AI-assisted sessions. Transfer mechanism: SCCs. Prompt and response content is not used by Anthropic to train their models under our API agreement. Anthropic Privacy Policy.
OpenAI – AI language model processing
OpenAI, LLC (USA) provides AI language model services used for receipt extraction, wardrobe image tagging, and related import features. Data sent to OpenAI may include receipt content, product images, and extracted metadata. Transfer mechanism: SCCs. API usage data is not used by OpenAI to train their models under our API agreement. OpenAI Privacy Policy.
Postmark / ActiveCampaign – Email delivery and receipt processing
Postmark (ActiveCampaign, LLC, USA) handles transactional email delivery (account, security, and product emails) and processes inbound receipt emails forwarded to your personal import address. Inbound email content is transmitted to our application for processing. Transfer mechanism: SCCs. Postmark Privacy Policy.
Sentry – Error monitoring
Sentry (Functional Software, Inc. dba Sentry, USA) may receive technical error reports and performance traces to help us diagnose and fix application failures. We have configured Sentry with default PII transmission disabled (send_default_pii=false), but exception messages, logs, or technical breadcrumbs can still contain limited identifiers or contextual data if the application itself emits them. Transfer mechanism: SCCs. Sentry Privacy Policy.
Open-Meteo – Weather data
Open-Meteo (Switzerland) provides weather forecast and geocoding data for weather-aware outfit suggestions. Where you enable weather features, your city name or approximate coordinates are sent to Open-Meteo's public API. No ClosOn account credentials are sent for that lookup. Switzerland benefits from an EU adequacy decision for personal-data transfers. Open-Meteo Terms.
Google / Apple – Social sign-in (optional)
If you choose to register or log in via Google or Apple, those providers supply a user identifier, name, and email address to our application under their respective OAuth flows. We do not request additional scopes beyond basic profile and email. Transfer mechanisms: Google LLC (USA) and Apple Inc. (USA) both rely on SCCs for EEA transfers. Google Privacy Policy / Apple Privacy Policy.
Other users
Data you intentionally reveal through sharing, borrowing requests, comments, invites, or inspiration features is visible to those users as part of the feature you initiate.
Authorized administrators
Authorized employees or contractors may access personal data where needed for support, moderation, quality review, billing administration, incident response, legal compliance, or account-safety interventions. In the current admin panel this can include user records, wardrobe records, receipt-import records, payment and subscription status, AI session content, and limited account actions such as suspension, restoration, or administrator impersonation for support purposes. Access is intended to be limited to what is necessary for the specific task.
7. International transfers
Several processors used by ClosOn are based in the United States, including Anthropic, OpenAI, Postmark (ActiveCampaign), and Sentry. Transfers to these processors rely on the EU Standard Contractual Clauses (SCCs) adopted under Commission Decision (EU) 2021/914 as the lawful transfer mechanism under Chapter V GDPR. Stripe processes payments through its EEA entity (Stripe Payments Europe, Ltd.) where possible. Weather requests may be sent to Open-Meteo in Switzerland, which benefits from an EU adequacy decision.
Where a processor's transfer mechanism changes or a new international processor is added, this policy will be updated accordingly. You can request further information about transfer mechanisms for specific processors by contacting us using the details in the Controller section.
8. Cookies, session storage, and Austrian telecom rules
ClosOn uses technical cookies and related storage mechanisms for login sessions, CSRF protection, request integrity, and authenticated app use. These are necessary to provide the service requested by the user and to keep the app secure.
The app also supports a progressive-web-app shell and may interact with browser storage or a service worker to provide offline-ready behavior. Optional geolocation is only used when the user enables it through the browser permission flow.
We have not identified advertising cookies or marketing trackers in the current codebase. If non-essential cookies, analytics, or marketing technologies are introduced later, they should be activated only in a manner that complies with the GDPR and the Austrian telecom rules governing access to or storage of information on a user device.
9. Retention
Account, wardrobe, saved looks, preferences, and sharing records
Usually until you delete them or close your account, unless a shorter technical retention applies or a longer retention is required for legal claims.
AI interaction logs, stylist sessions, and agent memory
Stored to provide AI-supported features, preserve conversation continuity, enforce usage limits, and support debugging or incident review. In the current codebase these records are generally retained until account deletion or earlier manual cleanup, unless a shorter retention is introduced in a future release or a longer retention is needed for legal claims or abuse handling.
Receipt-import content and raw email material
Processed receipt content is reduced where possible after import, and raw receipt content is designed to be redacted after the processing flow finishes. Extracted order metadata is retained as part of your wardrobe records until you delete it or close your account.
Contact submissions and support correspondence
Retained for as long as needed to answer the request, document the support history, and defend against related claims, unless a longer statutory retention period applies.
Billing and accounting records
Retained for statutory accounting, tax, fraud-prevention, and support-accountability periods required by applicable law, typically 7 years under Austrian accounting rules (§ 212 UGB).
Sessions, caches, temporary upload state, and security telemetry
Retained according to technical configuration and cleanup cycles, typically much shorter than primary account records.
Audit logs and admin review metadata
Kept only as long as necessary for accountability, abuse prevention, dispute handling, and legal defense, with user links minimized where possible after deletion.
10. Your rights
Access to your personal data and information about how we process it.
Rectification of inaccurate or incomplete data.
Erasure, subject to statutory retention duties or overriding legal grounds.
Restriction of processing in the situations described by the GDPR.
Data portability for data processed on the basis of contract or consent by automated means.
Objection to processing based on legitimate interests, including objection to direct marketing if ever introduced.
Withdrawal of consent at any time for future processing where consent is the legal basis.
Complaint rights before a supervisory authority, including the Austrian Data Protection Authority.
The app already includes self-service privacy features for account deletion and export of core account, wardrobe, stylist, and related content from the authenticated settings area. If you need access to billing records, contact submissions, or other support and compliance records that are not currently part of that self-service export, you can also contact us directly using the controller contact details above.
11. Complaints and supervisory authority
If you believe that the processing of your personal data violates data-protection law, you may lodge a complaint with a supervisory authority. In Austria, this is the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna, Austria, telephone +43 1 52 152-0, email [email protected].
The full mandatory operator disclosure required by Austrian law, including company registration details and the applicable supervisory trade authority, is available in the Impressum.
12. Changes to this policy
We may update this Privacy Policy when features, processing operations, processors, legal requirements, or operational practices change. Material updates should be reflected on this page with a new effective date and, where appropriate, communicated inside the product or by email.
Also see:
Terms & Conditions,
Cookie Policy,
Impressum.
