Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Drezily Inc. (“Drezily,” “we,” “us,” or “our”) collects, uses, shares, and protects information in connection with the Drezily website (drezily.com), our mobile website, our mobile applications, our AI Stylist (“Zily”), and any related services (collectively, the “Services”). This Privacy Policy applies to anyone who visits, registers with, or otherwise interacts with the Services.

By using the Services, you acknowledge that you have read this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Services.

1. Information We Collect

a. Information You Provide to Us

• Account & identifiers: first and last name, username, email address, password (hashed), and (optionally) WhatsApp number, when you register or sign in via email, Google, Facebook, Apple, or passkey.
• AI Stylist inputs: answers to our questionnaires (the visual questionnaire, the chat-based questionnaire with Zily, and the “Describe Yourself” flow), including style preferences, body shape, sizing, coloring, lifestyle, occasions, brand preferences, budget, and any free-text descriptions you provide.
• Photos: face selfies, full-body photos, and style-inspiration images you choose to upload to receive personalised analysis (color analysis, silhouette, style direction). Uploading photos is optional.
• Wishlist & activity: products you save, share, or interact with, feedback you submit, and content you post.
• Referral and marketing data: referral codes, invited contacts, and any opt-in messaging preferences (including SMS/WhatsApp where applicable).
• Communications: messages you send to us via email, contact forms, or chat support.

b. Information Collected Automatically

• Device & technical identifiers: IP address, device or session IDs, operating system and version, browser type, network and carrier, and other configuration data.
• Usage data: pages and products viewed, searches, clicks, click-stream data, referrer URLs, and timestamps associated with your activity on the Services.
• Approximate geolocation: derived from your IP address. We do not collect precise GPS location.
• Cookies and similar technologies: see “Cookies & Tracking Technologies” below.

c. Information from Third Parties

• Social sign-on: if you sign in with Google (including Google One Tap), Facebook, or Apple, we receive basic profile information (name, email, profile photo) from that provider. Use of Google data is governed by the Google Privacy Policy.
• Affiliate / retailer partners: when you click an affiliate link to a partner store, the retailer may share back limited transaction data (e.g., that a purchase occurred) for commission tracking. We do not receive your payment card details from retailers.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, secure, and improve the Services, including running our AI Stylist and personalizing recommendations to you;
• Create, authenticate, and maintain your account, including sending one-time codes (OTP) for sign-in and account verification;
• Generate your style profile, color palette, body/silhouette analysis, and outfit recommendations from your questionnaire answers and (if uploaded) photos;
• Send transactional emails (account verification, password resets, security notices, order or referral confirmations);
• Send marketing and promotional emails about new features, recommendations, products, and offers — see Section 4;
• Respond to your inquiries and provide customer support;
• Detect, investigate, and prevent fraud, abuse, and security incidents;
• Comply with legal obligations and enforce our Terms of Service.

3. Legal Bases (where applicable)

Where required by law (for example, under the EU/UK GDPR), we rely on the following legal bases: performance of a contract with you (to deliver the Services), your consent (for marketing communications and optional features), our legitimate interests (to operate, secure, and improve the Services), and compliance with legal obligations.

4. Marketing Emails & Klaviyo

We use Klaviyo, a third-party email and marketing-automation platform, to send marketing and promotional emails. When you create an account with Drezily — whether through our standard sign-up flow, the AI Stylist questionnaire, the chat questionnaire with Zily, the “Describe Yourself” flow, the AI Stylist waitlist, or any other email-collection point on our Services — you will be enrolled to receive marketing emails from Drezily, sent via Klaviyo, by default. These messages may include product recommendations, new features, style content, partner promotions, and special offers.

To deliver these emails, we share the following with Klaviyo: your email address, name, and limited engagement data (e.g., which emails you opened or clicked, products you have viewed or saved). Klaviyo processes this data on our behalf as a service provider; their use of your information is governed by their own privacy practices.

You can opt out of marketing emails at any time by clicking the “unsubscribe” link at the bottom of any marketing email, by emailing us at contact@drezily.com, or by adjusting your preferences in your account settings. Opting out of marketing will not stop transactional emails (such as sign-in codes, security notices, or account-related messages), which are necessary to operate your account.

5. Cookies & Tracking Technologies

We and our service providers use cookies, local storage, pixels, and similar technologies to authenticate users, remember preferences, measure performance, and analyze usage. We use Google Analytics and PostHog for product analytics. You can control cookies through your browser settings. Some features of the Services may not function properly without cookies.

6. How We Share Information

We do not sell your personal information for money. We share information only as described below:

• Service providers: hosting and database providers, authentication providers, AI/ML infrastructure, email and marketing automation (Klaviyo), payment processors (Stripe), analytics (Google Analytics, PostHog), CDN and image-hosting (AWS S3, Azure CDN), customer support tools, and similar vendors who process information on our behalf under contractual confidentiality and security obligations.
• Affiliate & retailer partners: when you click out to a retailer through a Drezily affiliate link, the retailer may receive standard referral parameters (e.g., affiliate ID, click ID). The retailer’s site is governed by its own privacy policy.
• Social login providers: when you choose to sign in with Google, Facebook, or Apple, the provider receives a request from us to authenticate you.
• Legal and safety: we may disclose information if required by law, subpoena, or court order, or where we believe disclosure is necessary to investigate fraud, protect our rights, or protect the safety of any person.
• Business transfers: in connection with a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred, subject to standard confidentiality protections.

We do not knowingly share your photos, free-text descriptions, or style-profile content with retailers or advertisers.

7. “Sharing” for Cross-Context Behavioral Advertising

Drezily does not knowingly engage in “sales” of personal information for monetary consideration. To the extent that any analytics or advertising cookie qualifies as a “sale” or “sharing” of personal information for cross-context behavioral advertising under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, “CCPA/CPRA”), California residents have the right to opt out (see Section 11).

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Services, comply with our legal obligations, resolve disputes, and enforce our agreements. Photos uploaded for color or style analysis are retained only as long as needed to generate and maintain your style profile, unless you delete them or your account earlier. Klaviyo engagement data is retained for as long as needed for marketing analytics and recordkeeping.

9. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption in transit, hashed passwords, and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

10. Your Choices & Rights

a. Access & Correction

You can review and update your name, email, and style preferences from your account settings or by contacting us at contact@drezily.com.

b. Marketing Opt-Out

You can unsubscribe from marketing emails at any time using the unsubscribe link in any marketing message, or by contacting us. See Section 4.

c. Account Deletion

You can delete your Drezily account at any time. To delete your account:

• Visit drezily.com/account/delete while signed in and follow the on-screen confirmation, or
• Email us at contact@drezily.com from the address associated with your account and request deletion.

When you delete your account we will delete or de-identify your profile (name, email, login credentials), your style-profile data, your wishlist and saved products, your questionnaire answers, and any photos you uploaded. We will also remove your email from our active marketing lists in Klaviyo. We may retain limited records (such as transaction logs, fraud-prevention records, or anonymized analytics) where required by law or for legitimate business purposes.

11. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the CCPA/CPRA gives you the following rights with respect to personal information we collect about you:

• Right to Know / Access: request that we disclose the categories and specific pieces of personal information we have collected about you, the sources, the purposes for collection, and the categories of third parties with whom we share it.
• Right to Delete: request that we delete personal information we have collected from you, subject to certain exceptions.
• Right to Correct: request correction of inaccurate personal information.
• Right to Opt Out of Sale or Sharing: direct us not to “sell” or “share” your personal information for cross-context behavioral advertising. As noted in Section 7, we do not knowingly sell personal information for money; to opt out of any analytics-based sharing, email contact@drezily.com with the subject line “Do Not Sell or Share My Personal Information.”
• Right to Limit Use of Sensitive Personal Information: direct us to limit the use of any sensitive personal information to that which is necessary to provide the Services.
• Right to Non-Discrimination: we will not discriminate against you for exercising any of these rights.

Categories of personal information collected (CCPA categories):

• Identifiers (name, email, IP address, device IDs);
• Customer records (account credentials);
• Commercial information (wishlist activity, referral data);
• Internet or other electronic network activity (browsing, searches, clicks);
• Approximate geolocation (derived from IP);
• Inferences (style profile, preferences, recommendations);
• Sensory information (only if you choose to upload photos);
• Sensitive personal information may include account log-in credentials and, if you upload them, photos of yourself, which we use only to provide the Services and not to infer characteristics about you for marketing.

How to exercise your rights:

Email contact@drezily.com with the subject “California Privacy Request” and describe the right you wish to exercise. We will verify your request using information associated with your account (such as your email address and a confirmation from that address) and respond within the timeframes required by law. You may designate an authorized agent to make a request on your behalf; we may require the agent to provide proof of authorization and verify your identity directly.

Shine the Light:

California Civil Code Section 1798.83 permits California residents to request information about disclosures of personal information to third parties for direct-marketing purposes. Drezily does not disclose your personal information to third parties for their own direct-marketing purposes.

12. Other U.S. State Privacy Rights

Residents of states with comprehensive privacy laws (including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and others, as applicable) may have similar rights to access, correct, delete, and opt out of certain processing of their personal information. Contact contact@drezily.com to exercise these rights.

13. International Users

Drezily is operated from the United States. If you access the Services from outside the U.S., your information will be transferred to, stored, and processed in the United States. Where required, we use appropriate safeguards for international transfers.

14. Children’s Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it. Users between 13 and 18 should use the Services only with the involvement of a parent or guardian.

15. Third-Party Links

The Services contain links to third-party websites and retailers. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party site you visit.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top. Material changes will be communicated through the Services or by email. Your continued use of the Services after the changes take effect constitutes your acceptance of the updated Privacy Policy.

Questions or Concerns

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your privacy rights, please contact us at contact@drezily.com. We will make every effort to resolve your concerns.