Legal · COORD Ltd.

Privacy policy.

At COORD (“we,” “us,” or “our”), your privacy is important to us. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you interact with our website, app, and associated services (collectively, the “Services”). By accessing or using COORD, you agree to the practices described in this policy.

Effective date
6 March 2026
ICO registration
ZC096755
Jurisdiction
England & Wales
Questions
contact@coord.ltd

Information we collect

We collect different types of information from users to provide and improve our Services:

a. Information you provide voluntarily

When you sign up, contact us, or interact with our Services, we may collect:

  • Full name
  • Email address
  • Phone number
  • Clothing images and related descriptions
  • Feedback, survey responses, or support inquiries

If you choose to sign up through service providers such as Apple or Google, we will only receive data permitted by those providers (typically your name and email address).

b. Automatically collected information

When you access or use our Services, we may automatically collect:

  • IP address
  • Device information (model, operating system, browser type, unique device identifiers)
  • Usage data (page views, features used, interaction timestamps, app performance data)
  • Cookies and tracking technology data (as described in Section 13 below)

Location information: We collect approximate location data when you use COORD. This is used to provide accurate weather data for outfit suggestions and to improve location-based features. You can disable location access in your device settings, though this may affect app performance and the quality of recommendations.

c. Photos and camera access

We request access to your device camera and photo library to allow you to upload clothing images to your wardrobe and images of your likeness for the virtual try-on feature.

How we handle your images

  • Wardrobe images: uploaded to our servers (hosted by Supabase) and stored securely for as long as you maintain your account.
  • Virtual try-on images: processed on our own systems to generate visualisations, then deleted from processing servers within 24 hours.
  • Background removal: processed on our own systems to isolate clothing items from photos, then deleted from processing servers once complete.
  • Temporary processing: some images may be temporarily cached on our servers during AI processing but are automatically deleted once processing is complete.

You can manage camera and photo permissions in your device settings. You can also delete individual images or your entire wardrobe at any time through the app settings.

d. Third-party and social features

If you choose to share outfits or interact with other users through social features, we may collect:

  • Public profile information you choose to share
  • Outfit images and descriptions you make public
  • Interactions with other users (likes, comments, shares)

Important: If you set your account to private (the default), your content is only visible to you. If you make your account or specific content public, other users may view, save, or share it. Once shared outside COORD, we cannot control how others use your content.

Your content and our use of it

Content you own

You retain full ownership of all clothing images, outfit photos, and other content you upload to COORD (“Your Content”).

Licence you grant us

By uploading content to COORD, you grant us a non-exclusive, worldwide, royalty-free licence to:

  • Store and display your content to provide Services to you.
  • Process your content through our AI systems to generate outfit recommendations and styling suggestions.
  • Use anonymised, non-identifiable versions of your content to train and improve our AI models.
  • Display your content if you choose to make your profile or outfits public.

Anonymisation for AI training

If and when we use your content to improve our AI models, we first remove all identifying information. For example, we may use anonymised data about clothing categories, colours, and styles, but not data that could identify you personally.

Control over your content

  • You can delete individual items or your entire wardrobe at any time.
  • You can change your account from public to private at any time.
  • If you make content public and others save or share it, we cannot control or delete those copies.

How we use your information

We use the information we collect for the following purposes:

  • To register and manage your account.
  • To deliver core functionality like wardrobe creation, outfit suggestions, and virtual try-on experiences.
  • To personalise your content and user experience based on your preferences and behaviour.
  • To communicate updates, marketing messages (with your consent), and service-related information.
  • To understand user behaviour and improve our Services through analytics.
  • To detect, investigate, and prevent fraudulent or illegal activity.
  • To provide customer support and respond to your inquiries.
  • To comply with legal obligations or respond to lawful requests from public authorities.
  • To enforce our Terms & Conditions.

AI and machine learning processing

COORD uses artificial intelligence and machine learning to provide features such as outfit suggestions, virtual try-on, background removal, and personalised styling recommendations.

How AI uses your data

Our AI systems analyse:

  • Your clothing images to identify garments, colours, styles, patterns, and potential fit.
  • Your usage patterns to understand your preferences.
  • Your outfit combinations to learn your personal style.
  • Your interaction with recommendations to improve suggestions.

Data used for AI training

We may use anonymised and aggregated data from your interactions to improve our AI models. This means we remove all information that could identify you personally before using the data for training. This includes:

  • Clothing item categories and attributes (e.g., “blue jeans,” “formal dress”).
  • General outfit combinations (e.g., “jeans paired with sweaters”).
  • Aggregated styling preferences (e.g., “users with similar profiles prefer X”).
  • Anonymised engagement patterns with recommendations.

Your image data itself (the actual photos you upload) is not used to train publicly available AI models or shared with other users without your explicit consent.

Opting out of AI training

You can opt out of having your anonymised data used for AI training by contacting us at contact@coord.ltd. This will not affect your ability to use COORD’s features, as our AI will still process your data to provide personalised recommendations to you; we simply won’t use your anonymised data to improve the overall system for other users.

AI model provider

Some of our AI features are powered by the following third-party provider:

  • Google Gemini — style analysis, outfit recommendations, and visualisation.

This provider processes your data according to its own policies. We have a data processing agreement in place that requires it to:

  • Process your data only as instructed by us.
  • Implement appropriate security measures.
  • Not use your data for its own purposes.
  • Delete your data when instructed.

However, we do not control how Google operates its AI systems internally. We encourage you to review its privacy policy:

Data sharing and disclosure

We do not sell or rent your personal data to third parties. We may share your data in the following circumstances:

a. Service providers

We work with trusted third-party service providers who support our Services. These providers fall into the following categories of recipients:

  • Authentication and identity providers (for example, sign-in with Apple or Google).
  • Cloud hosting, database, and secure storage infrastructure.
  • AI and machine learning processing (see Section 4 for detail).
  • Application monitoring, crash reporting, and performance tracking.
  • Mobile app distribution and development infrastructure.

These providers have access to your data only to perform specific services on our behalf. We have data processing agreements with each provider that require them to:

  • Keep your data confidential.
  • Use your data only for the purposes we specify.
  • Implement appropriate security measures.
  • Comply with UK GDPR and data protection laws.

Important: When you use our AI-powered style analysis and outfit recommendations, your clothing images and related data are processed by Google Gemini. This processing may occur on servers located outside the UK. We have an agreement in place requiring Google to protect your data, but we do not control its internal operations.

b. App store services

We use services provided by the Apple App Store and Google Play Store, including:

  • App distribution and updates
  • In-app authentication (Sign in with Apple, Google Sign-In)
  • Push notifications
  • App analytics

These platforms may collect data according to their own privacy policies, which we do not control. We encourage you to review:

c. Legal compliance

We may disclose your information if:

  • Required by law, court order, subpoena, or other legal process.
  • Necessary to respond to governmental requests or investigations.
  • Needed to protect our rights, property, or safety, or that of our users or the public.
  • Required to enforce our Terms & Conditions.
  • Necessary to detect, prevent, or address fraud, security, or technical issues.

d. Business transfers

In case of a merger, acquisition, sale of assets, or bankruptcy:

  • We may transfer user data as part of that transaction.
  • The acquiring party will be required to honour this Privacy Policy.
  • You will be notified via email and/or prominent notice on our website of any change in ownership or use of your personal data.
  • You will have the opportunity to delete your account before the transfer if you do not agree.

Marketing and advertising

Marketing communications

With your consent, we may send you:

  • Email newsletters about new features and tips.
  • Promotional offers and special events.
  • Product updates and announcements.

How to opt out

  • Click the “unsubscribe” link in any marketing email.
  • Update your preferences in Settings > Notifications.
  • Contact us at contact@coord.ltd.

Note: Even if you opt out of marketing, we will still send you essential service communications (e.g., account security alerts, changes to Terms & Conditions, service disruptions).

Advertising

We do not currently use third-party advertising networks or sell your data to advertisers. If this changes in the future, we will update this policy and notify you.

Data security

We implement appropriate technical and organisational safeguards to protect your data against unauthorised access, loss, alteration, or disclosure. These include:

Technical measures

  • Encryption of data in transit (HTTPS/TLS) and at rest.
  • Secure authentication and password encryption.
  • Regular security assessments and penetration testing.
  • Automated security monitoring and threat detection.
  • Access controls and authentication requirements for our systems.

Organisational measures

  • Limiting access to personal data to employees who need it for their job.
  • Requiring all employees to sign confidentiality agreements.
  • Regular privacy and security training for staff.
  • Documented security policies and procedures.
  • Incident response and data breach notification procedures.

Your responsibilities

  • Keep your password secure and confidential.
  • Do not share your account with others.
  • Log out of shared devices.
  • Enable two-factor authentication if available.
  • Keep your device and apps updated.

Important disclaimer: No method of data transmission or storage is 100% secure. We cannot guarantee absolute security. Any transmission of data is at your own risk. If you believe your account has been compromised, contact us immediately at contact@coord.ltd.

Data breach notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the ICO within 72 hours of becoming aware of the breach (as required by UK GDPR).
  • Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.

Our notification to you will include:

  • A description of the nature of the breach.
  • The categories and approximate number of users affected.
  • The categories and approximate number of records affected.
  • The likely consequences of the breach.
  • Measures we have taken or propose to take to address the breach and mitigate harm.
  • Contact details where you can obtain more information.

Data retention

We retain different types of information for different periods based on legal requirements and business needs:

Account data

  • Active accounts: for as long as your account exists and is active.
  • Deleted accounts: we keep your data for 90 days after deletion in case you change your mind and want to reactivate.
  • After 90 days: all personal data is permanently deleted from our active systems.
  • Backups: may contain data for up to 90 additional days before being overwritten.

Usage and analytics data

  • Performance monitoring: stored for 60 days.
  • After 60 days: automatically deleted unless needed for security investigation.
  • Security incidents: retained until the incident is resolved and for a reasonable time thereafter for legal protection.

AI training data

  • Original images: deleted according to the account data schedule above.
  • Anonymised data: retained indefinitely for AI training (cannot be linked back to you).
  • Processing logs: deleted within 24 hours.

Legal and compliance

  • Transaction records: 7 years (UK tax law requirement when the marketplace launches).
  • Legal disputes: until the dispute is resolved plus the statute of limitations period.
  • Legal obligations: as required by applicable law.

Immediate deletion

If you request immediate deletion (rather than using the 90-day grace period), we will:

  • Delete your data within 30 days of verification of your request.
  • Retain only data we are legally required to keep.
  • Anonymise data used in backups so it cannot identify you.

To request immediate deletion, contact us at contact@coord.ltd.

Your rights and choices

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:

Right to access (subject access request)

Request a copy of all personal data we hold about you, including:

  • What data we collect.
  • Why we collect it.
  • Who we share it with.
  • How long we keep it.

Right to rectification

Correct inaccurate or incomplete data. You can update most information directly in your account settings.

Right to erasure (“right to be forgotten”)

Request deletion of your data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected.
  • You withdraw consent (where processing was based on consent).
  • You object to processing based on legitimate interests.
  • The data was unlawfully processed.
  • Deletion is required to comply with a legal obligation.

Note: We may retain data if required by law or for legal claims.

Right to restrict processing

Limit how we use your data in certain situations:

  • You contest the accuracy of the data.
  • Processing is unlawful but you do not want data deleted.
  • We no longer need the data but you need it for legal claims.
  • You have objected to processing and we are verifying whether our legitimate grounds override yours.

Right to data portability

Receive your data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) to transfer to another service. This applies to data:

  • You provided to us.
  • We process based on consent or contract.
  • Processing is carried out by automated means.

Right to object

Object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we have compelling legitimate grounds that override your interests.

Right to withdraw consent

Withdraw consent at any time where processing is based on consent. This will not affect the lawfulness of processing before you withdrew consent.

Right not to be subject to automated decision-making

Request human review of decisions made solely by automated processing (including profiling) that produce legal or similarly significant effects. Currently, COORD does not make such automated decisions.

How to exercise your rights

  • Via the app: Profile > Delete Account.
  • By email: contact@coord.ltd.
  • By post: COORD Ltd, Data Protection Officer, 57 Lavender Avenue, Mitcham, CR4 3HL, United Kingdom.

Our response process

  • Verification: we may ask you to verify your identity to protect your privacy.
  • Response time: we will respond within 30 days (1 month). If we need more time, we will inform you within the first month and explain why.
  • No cost: exercising your rights is free, unless your request is clearly unfounded, repetitive, or excessive.
  • Refusal: if we refuse your request, we will explain why and inform you of your right to complain to the ICO.

How to make a complaint

If you have concerns about how we handle your data, please contact us first at contact@coord.ltd. We will do our best to resolve your concerns within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Email: casework@ico.org.uk
  • Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, United Kingdom.

Children’s privacy

Our Services are intended for users aged 16 and over. We do not knowingly collect personal data from anyone under 16.

If you are a parent or guardian and believe we have collected data from someone under 16, please contact us immediately at contact@coord.ltd and we will delete it as soon as possible.

If you are under 16, please do not use COORD or provide any personal information to us.

Cookies and tracking

We use cookies and similar technologies to enhance your experience, provide functionality, and analyse usage patterns.

What are cookies?

Cookies are small text files stored on your device when you visit our website or use our app. They help us recognise your device on future visits.

Essential cookies (required)

These cookies are necessary for the Services to function and cannot be disabled:

  • Session cookies: keep you logged in during your session.
  • Security cookies: prevent unauthorised access and fraud.
  • Preference cookies: remember your settings (e.g., language, display preferences).

Analytics cookies

These cookies help us understand how you use COORD so we can improve it:

  • Sentry: monitors app performance, tracks errors and crashes.

We only use analytics cookies with your consent. You can withdraw consent at any time.

Authentication cookies

When you sign in with Google or Apple, these services may set their own cookies on our authentication pages. We do not control these cookies. Review their privacy policies:

How to manage cookies

Browser cookies (website):

  • Adjust your browser settings to block or delete cookies.
  • Most browsers allow you to refuse all cookies or accept only certain cookies.
  • Blocking essential cookies will prevent you from using certain features.

In-app tracking (mobile app):

  • iOS: Settings > Privacy > Tracking > COORD.
  • Android: Settings > Google > Ads.
  • In COORD: Settings > Privacy > Analytics.

Note: Disabling analytics cookies will not affect your ability to use COORD, but disabling essential cookies will prevent you from logging in and using the Services.

Similar technologies

We also use similar technologies such as:

  • Local storage: stores data locally on your device for faster performance.
  • SDKs (software development kits): third-party code that helps us provide features (e.g., authentication, error tracking).

These are covered by the same controls as cookies.

International data transfers

COORD is based in the United Kingdom. Your data may be transferred to and processed in:

Countries where we operate

  • United Kingdom (our primary servers and headquarters).

Countries where our service providers operate

  • United States: AI processing, monitoring, and app distribution providers.
  • European Union: database hosting infrastructure (servers in Belgium, the Netherlands, and Finland).

Safeguards for international transfers

When we transfer your data outside the UK, we ensure adequate protection through:

1. Adequacy decisions

  • Transfers to countries the UK has deemed to provide adequate data protection.

2. Standard Contractual Clauses (SCCs)

  • For transfers to countries without adequacy decisions (e.g., United States).
  • We use the UK International Data Transfer Agreement (IDTA) or Standard Contractual Clauses.
  • These are legally binding contracts that require the recipient to protect your data.

3. Additional safeguards

  • Data processing agreements with all third-party providers.
  • Technical measures such as encryption.
  • Organisational measures such as access controls.
  • Regular audits of third-party compliance.

You can request a copy of the safeguards we have in place for international transfers by contacting us at contact@coord.ltd.

Changes to this privacy policy

We may update this policy occasionally to reflect:

  • Changes in law or regulatory guidance.
  • Changes to our Services or business practices.
  • Improvements to our data protection practices.
  • New features or functionality.

How we notify you

If we make material changes, we will notify you by:

  • Sending an email to the address associated with your account (at least 30 days before changes take effect).
  • Displaying an in-app notification when you next use COORD.
  • Posting a prominent notice on our website at coord.world.

What constitutes material changes

  • Changes to the purposes for which we use your data.
  • New categories of data we collect.
  • Sharing data with new categories of third parties.
  • Changes that reduce your rights or protections.

For non-material changes

  • We will update the “Effective date” at the top of this policy.
  • Continued use of COORD after the effective date constitutes acceptance.

Reviewing changes

We encourage you to review this policy periodically. You can always find the current version at:

If you disagree with changes

If you do not agree to changes, you must:

  • Stop using COORD.
  • Delete your account before the changes take effect.
  • Contact us to request immediate data deletion.

If you continue using COORD after changes take effect, you will be deemed to have accepted the revised policy.

Contact us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

  • Email: contact@coord.ltd (preferred method for data subject requests).
  • Post: COORD Ltd, Data Protection Officer, 57 Lavender Avenue, Mitcham, CR4 3HL.
  • Phone: +44 7360 174661.

Response time: We aim to respond to all inquiries within 5 business days. For formal data subject requests (e.g., access requests, deletion requests), we will respond within 30 days as required by UK GDPR.

COORD Ltd
57 Lavender Avenue, Mitcham, CR4 3HL, United Kingdom
Registered in England & Wales · ICO registration ZC096755