← Back

Kora Privacy Policy

Last updated: February 24th, 2026

1. Introduction

Thesimus Limited ("we," "us," or "our") provides a Virtual Try-On technology that allows users to visualize products on themselves. This Privacy Notice describes how we collect, use, and protect the personal and biometric information processed through this specific feature.

This Notice applies globally, prioritizing compliance with the following frameworks:

  • European Union: General Data Protection Regulation (GDPR).
  • United States: Illinois Biometric Information Privacy Act (BIPA) and California Consumer Privacy Act (CCPA).
  • Australia: Privacy Act 1988 (Cth).
  • South Africa: Protection of Personal Information Act (POPIA).

2. What We Collect

To provide the Virtual Try-On simulation and manage your access, we process the following data:

  • User-Uploaded Image: The photograph you voluntarily upload to the widget.
  • Biometric Data: To map the product onto your body, our technology analyzes the facial geometry and body measurements within your uploaded image. Under laws such as GDPR (EU) and BIPA (Illinois), this technical analysis is classified as "Biometric Information" or "Special Category Data."
  • Contact Information: Your email address (if you choose to provide it).
  • Device Data: Limited technical logs (such as IP address and device type) to ensure the security and stability of the service.

3. How We Use Your Data (Purpose)

We use your data for the following specific purposes:

  • Visualization: To generate a real-time simulation of a product on your photo.
  • Communication: If you provide your email, we use it to send you your generated images, updates about our service, or marketing offers (subject to your consent).
  • Separation of Data: We strictly separate your Email from your Biometric Data. We do not use your email to build a searchable database of faces.

We strictly adhere to the following limitations:

  • No Training: We do not use your image or biometric data to train Artificial Intelligence (AI) models.
  • No Identification: We do not use your biometric data to identify you in other contexts.
  • No Sale: We do not sell, lease, trade, or profit from your biometric data.

4. Data Retention (Zero-Retention Policy)

We operate on a "Stateless" basis regarding your physical likeness.

  • Biometric Data (Server-Side): Your original photo and the generated "try-on" image are processed in real-time. Immediately after the image is returned to your device, all biometric data and images are permanently deleted from our servers.
  • Contact Data: If you provide your email, we retain it securely until you unsubscribe or request deletion.
  • Client-Side (Your Device): If you use the "Saved Looks" or "History" feature, these images are stored locally on your own device (using your browser's Local Storage). We do not have access to this local history.

Retention Schedule (Compliance with BIPA & GDPR):

Biometric identifiers and biometric information are permanently destroyed immediately upon the completion of the initial transaction (the generation of the image).

5. Email Marketing & Communications

If you opt-in to receive communications from us:

  • Consent: We will only send you marketing emails if you have expressly consented (e.g., by ticking a box or entering your email).
  • Opt-Out:You can unsubscribe at any time by clicking the "Unsubscribe" link at the bottom of any email or by contacting us.

6. Data Sharing & International Transfers

To provide this service, your encrypted data is processed by our secure cloud infrastructure partner:

  • Processor: Google Cloud Platform (Enterprise Tier).
  • Location: United States of America.

Notice for European, Australian & South African Users: By using this tool, you explicitly consent to the transfer of your personal and biometric information to the United States for processing. We ensure your data is protected through strict enterprise-grade security contracts (Standard Contractual Clauses) that meet international standards for data protection required by the GDPR and POPIA.

7. Your Rights

Depending on your location, you have rights regarding your data:

  • Right to Access/Delete: You effectively control your biometric data. Since the only copy of your "Saved Looks" exists on your own device, you can "delete" your biometric data by simply clearing your browser history. You may request the deletion of your email address by contacting us.
  • Right to Withdraw Consent: You may withdraw your consent at any time by stopping your use of the Virtual Try-On feature or unsubscribing from emails.

8. Security Measures

We use industry-standard encryption (TLS/SSL) to protect your image while it is in transit between your device and our processing servers. Once processed, the biometric data is wiped from memory.

9. Children's Privacy

This feature is not intended for users under the age of 16. We do not knowingly collect biometric data from children. If you are a minor, do not use this feature without the express permission and supervision of a parent or guardian. If we discover that we have inadvertently processed data from a minor without parental consent, we will delete it immediately.

10. Changes to This Notice

We may update this Privacy Notice to reflect changes in our technology or legal requirements. The "Last Updated" date at the top of this page indicates when the latest changes were made. Your continued use of the Virtual Try-On feature after any changes constitutes your acceptance of the new terms.

11. Governing Law

This Notice is governed by the laws of Ireland. Any disputes arising from the use of this feature shall be resolved exclusively in the courts of Ireland.

12. Contact Us

If you have questions about this specific feature or our privacy practices, please contact us at: privacy@kora.fashion