Terms and Conditions
Privacy at a Glance
This section is a plain-English summary. The full policy below is the legally binding document.
Who we are: Cloud Couture Ltd, a B2B fashion technology platform connecting brands and suppliers.
What we collect: Account details, business information, usage data, payment data, and content you create on the platform.
Why we collect it: To provide and improve our services, process payments, keep the platform secure, and comply with the law.
Who we share it with: Payment processors, AI providers (including OpenAI), cloud infrastructure providers, and analytics tools. We do not sell your data.
AI and your content: We use third-party AI providers (OpenAI API) to power AI features. API data is not used to train OpenAI models under their standard API terms. Cloud Couture trains its own models only on anonymised, aggregated platform data — never on your individual designs or brand assets.
Your rights: Access, correct, delete, port, or restrict your data at any time. Contact privacy@cloudcouture.com.
Cookies: We use cookies for functionality, security, and analytics. You can manage preferences in your account settings.
1. Who We Are and How to Contact Us [cite: 4, 21]
Cloud Couture Ltd (“Cloud Couture”, “we”, “us”, or “our”) is the data controller responsible for your personal data collected through the Cloud Couture platform (the “Platform”). [cite: 22]
| Entity | Cloud Couture Ltd [cite: 23] |
| Registered Address | [Registered Address], [City, Postcode, Country] [cite: 23] |
| Company Number | [TBC] [cite: 23] |
| Data Protection Contact | privacy@cloudcouture.com [cite: 23] |
| General Enquiries | hello@cloudcouture.com [cite: 23] |
| Website | cloudcouture.com [cite: 23] |
Where Cloud Couture is required to appoint a Data Protection Officer (DPO) or EU representative under applicable law, those details will be published at cloudcouture.com/privacy and updated as required. [cite: 24]
2. Scope of This Policy [cite: 5, 25]
This Privacy Policy explains how Cloud Couture collects, uses, stores, shares, and protects personal data in connection with: [cite: 26]
- The Cloud Couture website at cloudcouture.com and all subdomains; [cite: 27]
- The Cloud Couture web application, mobile application, and desktop tools; [cite: 28]
- All platform features including the Design Studio, Tech Pack tools, Supplier Portal, RFQ management, Invoice management, and AI Features; [cite: 29]
- Communications between Cloud Couture and Users via email, WhatsApp, phone, or other channels; [cite: 30]
- Marketing and outreach activities conducted by Cloud Couture. [cite: 31]
This Policy applies to all Users of the Platform, including Brands, Suppliers, Founding Suppliers, and visitors to the Platform who have not created an account. [cite: 32]
This Policy does not apply to the data practices of third-party websites, services, or applications that may be linked to or integrated with the Platform. [cite: 33] We encourage you to review the privacy policies of any third parties you interact with. [cite: 34]
3. Data We Collect [cite: 6, 35]
We collect data in the following categories, depending on how you use the Platform: [cite: 36]
3.1 Data You Provide to Us [cite: 37]
| Data Category [cite: 38] | Details [cite: 38] | Legal Basis [cite: 38] |
|---|---|---|
| Account Registration | Name, email address, password, job title, company name, country, phone number | Contract; Legitimate interests |
| Business Profile | Company description, production capabilities, MOQs, certifications, product categories, images, compliance documents | Contract; Legitimate interests |
| Payment Information | Billing address, payment method details (processed by our payment provider — we do not store full card numbers) | Contract; Legal obligation |
| Communications | Messages sent via the Platform, emails, WhatsApp messages, support tickets, and call notes | Contract; Legitimate interests |
| Content & Designs | Designs, tech packs, brand assets, product images, specifications, and files uploaded to the Platform | Contract |
| RFQ & Order Data | Requests for quotation, quotes, order details, sample requests, production timelines | Contract |
| Invoice Data | Invoice details, amounts, payment terms, transaction records | Contract; Legal obligation |
| Survey & Feedback | Responses to surveys, product feedback, and feature requests | Legitimate interests; Consent |
3.2 Data We Collect Automatically [cite: 39]
| Data Category [cite: 40] | Details [cite: 40] | Legal Basis [cite: 40] |
|---|---|---|
| Usage Data | Pages visited, features used, search queries, time spent, clicks, and navigation patterns | Legitimate interests |
| Device & Technical Data | IP address, browser type and version, operating system, device identifiers, screen resolution | Legitimate interests; Security |
| Log Data | Server logs, error reports, API request logs, and access timestamps | Legitimate interests; Legal obligation |
| Cookie Data | Session cookies, preference cookies, analytics cookies (see Section 10) | Consent; Legitimate interests |
| Location Data | Country and region inferred from IP address. We do not collect precise GPS location. | Legitimate interests |
3.3 Data We Receive from Third Parties [cite: 41]
| Data Category [cite: 42] | Details [cite: 42] | Legal Basis [cite: 42] |
|---|---|---|
| Payment Processors | Transaction confirmation, payment status, fraud signals | Contract; Legal obligation |
| Authentication Providers | If you log in via Google or other SSO, we receive your name, email, and profile picture from the provider | Contract; Consent |
| Marketing & Outreach | Business contact information from trade shows, POPL exports, or CRM tools used by our sales team | Legitimate interests; Consent |
| AI Feature Providers | AI-generated outputs returned from providers such as OpenAI in response to prompts you submit | Contract |
| Analytics Providers | Aggregated usage and performance data from tools such as Google Analytics | Legitimate interests |
4. How and Why We Use Your Data [cite: 7, 43]
We use your personal data for the following purposes: [cite: 44]
5. Legal Bases for Processing (UK/EU GDPR) [cite: 8, 55]
Where the UK GDPR or EU GDPR applies, we rely on the following legal bases to process your personal data: [cite: 56]
5.1 Contract [cite: 57]
Processing is necessary to perform our contract with you — i.e. to provide the Platform and Services you have signed up for. [cite: 58]
This covers account creation, platform access, payment processing, RFQ and order management, and invoice tools. [cite: 59]
5.2 Legitimate Interests [cite: 60]
We process data where it is in our legitimate interests to do so, provided those interests are not overridden by your rights. [cite: 61]
Legitimate interests include: platform security and fraud prevention, improving and developing the Platform, analytics, marketing to existing and prospective business Users, and maintaining records of business communications. [cite: 62] We have conducted legitimate interests assessments for these activities and these are available on request. [cite: 63]
5.3 Legal Obligation [cite: 64]
We process data where we are required to do so by applicable law, including tax and accounting obligations, anti-money laundering regulations, and responding to lawful requests from courts or regulatory authorities. [cite: 65]
5.4 Consent [cite: 66]
Where we rely on consent — for example, for certain marketing communications or non-essential cookies — we will ask for your consent clearly and separately. [cite: 67] You may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal. [cite: 68]
To withdraw consent, contact privacy@cloudcouture.com or use the unsubscribe link in our emails. [cite: 69]
5.5 Vital Interests and Public Task [cite: 70]
In rare circumstances we may process data to protect the vital interests of a person or to assist in tasks in the public interest. [cite: 71]
These grounds are relied upon only where no other basis applies. [cite: 72]
6. AI Features, Third-Party Providers and Training Data [cite: 73]
This section explains in detail how your data is handled in connection with the AI Features on the Platform. [cite: 74] We recognise this is an area of particular importance to our Users. [cite: 75]
6.1 How Our AI Features Work [cite: 76]
Cloud Couture’s AI Features — including AI Design Generation, AI Tech Pack Generation, AI Quote Analysis, Virtual Photoshoots, and Fashion Style Training — operate using two complementary approaches: [cite: 77]
Approach 1 — Third-Party AI Inference (Current) [cite: 78]
For AI inference (generating designs, tech packs, quotes, and other outputs in response to your inputs), Cloud Couture uses third-party AI providers, currently including OpenAI. Your inputs (prompts, design briefs, specifications) are sent to these providers via their API to generate the requested output. [cite: 78]
Approach 2 — Cloud Couture’s Own Models (Ongoing Development) [cite: 78]
Cloud Couture also develops and continuously improves its own AI models. These models are trained exclusively on anonymised, aggregated platform data — such as broad style trends, category patterns, and production characteristics. No individual User’s Content, designs, brand assets, or business information is used in identifiable form for this training. [cite: 78]
6.2 Third-Party AI Provider Data Practices [cite: 79]
- Data submitted via OpenAI’s API is not used to train or improve OpenAI’s models under their standard API terms. [cite: 81]
- This is a key distinction from OpenAI’s consumer-facing products (such as ChatGPT), which may operate under different data terms. [cite: 82]
- Cloud Couture accesses OpenAI’s services via the API and has opted out of data use for model training where such options are available. [cite: 83]
- Notwithstanding the above, Cloud Couture cannot guarantee that third-party provider policies will not change in the future. [cite: 84]
- We will notify Users of any material changes to how AI providers handle data and will update this Policy accordingly. [cite: 85]
- Your data may be processed on servers operated by third-party AI providers, which may be located outside your country of residence. [cite: 86]
See Section 8 for details on international transfers. [cite: 87] We encourage you to review OpenAI’s current privacy and usage policies at openai.com/policies. [cite: 88]
6.3 Cloud Couture’s Own AI Training [cite: 89]
Cloud Couture trains its own AI models using anonymised, aggregated data derived from platform activity. [cite: 90] This training data is processed as follows: [cite: 91]
- All personal identifiers, brand identifiers, company names, and proprietary design details are removed or generalised before any data is used for model training. [cite: 92]
- Training data reflects aggregate patterns — for example, commonly requested fabric types, popular silhouette categories, typical MOQ ranges by region — from which no individual User or brand can be identified. [cite: 93]
- Your specific Content — including your designs, tech packs, brand assets, images, and business specifications — is never used in identifiable form to train any Cloud Couture AI model. [cite: 94]
- Cloud Couture will not use your Content for any AI training purpose beyond the anonymised aggregate approach described above without obtaining your explicit written consent. [cite: 95]
6.4 AI Output and Your Data [cite: 96]
AI outputs generated on the Platform are associated with your account and stored in accordance with our data retention terms (Section 9). [cite: 97] You own AI outputs you generate, subject to the intellectual property terms in our Terms and Conditions. [cite: 98] Cloud Couture does not review AI output generated by individual Users unless required for a support request, a reported abuse, or a legal obligation. [cite: 99]
6.5 Sensitive Content and AI Features [cite: 100]
If the confidentiality of your designs, tech packs, or business specifications is of critical commercial importance to your business, we recommend exercising caution when inputting highly sensitive material into AI Features. [cite: 101] While we take all reasonable steps to protect your data, AI processing involves transmission to third-party infrastructure and no digital system is entirely without risk. [cite: 102]
7. Sharing Your Data [cite: 103]
Cloud Couture does not sell your personal data to third parties. We share data only in the following circumstances: [cite: 104]
7.1 With Other Platform Users [cite: 105]
When you use the Platform as a Brand or Supplier, certain information from your profile, RFQs, quotes, tech packs, and messages will be visible to or shared with other Users you engage with. [cite: 106] You control what information you include in your public profile and in communications with other Users. [cite: 107]
7.2 With Service Providers [cite: 108]
We share data with trusted third-party service providers who process data on our behalf, strictly for the purposes of providing services to Cloud Couture. [cite: 109] These include: [cite: 110]
| Category [cite: 111] | Provider [cite: 111] | Purpose [cite: 111] |
|---|---|---|
| AI Inference | OpenAI (and other AI providers as disclosed) | Processing prompts and generating AI outputs |
| Cloud Infrastructure | AWS / Google Cloud / Azure [TBC] | Hosting, storage, and data processing |
| Payment Processing | Stripe / [payment provider TBC] | Subscription billing and transaction processing |
| Email & Communications | SendGrid / Mailchimp [TBC] | Transactional and marketing emails |
| Analytics | Google Analytics, Mixpanel [TBC] | Platform usage analytics and performance monitoring |
| Customer Support | Intercom / Zendesk [TBC] | Support ticketing and live chat |
| CRM & Sales Tools | HubSpot / [CRM TBC] | Lead management and outreach tracking |
| Security & Monitoring | [Provider TBC] | Fraud detection, security monitoring, uptime tracking |
All service providers are bound by data processing agreements and are required to handle data in accordance with applicable data protection law and our instructions. [cite: 112]
7.3 Business Transfers [cite: 113]
In the event of a merger, acquisition, restructuring, or sale of all or part of Cloud Couture’s business or assets, your data may be transferred to the acquiring entity. [cite: 114] We will provide notice of any such transfer and the new entity’s privacy practices before your data is subject to a different privacy policy. [cite: 115]
7.4 Legal Disclosure [cite: 116]
We may disclose your data to law enforcement agencies, courts, regulators, or other public authorities where we are required to do so by applicable law, or where we reasonably believe disclosure is necessary to protect our legal rights, prevent fraud or crime, or protect the safety of our Users or the public. [cite: 117]
7.5 Aggregated and Anonymised Data [cite: 118]
We may share aggregated, anonymised insights and reports derived from platform data with partners, investors, or the public. [cite: 119]
These reports contain no personally identifiable information and cannot be used to identify any individual User or business. [cite: 120]
8. International Data Transfers
Cloud Couture operates globally and your data may be transferred to and processed in countries outside your country of residence, including countries outside the UK, European Economic Area (EEA), or the United States[cite: 121, 122].
Where we transfer personal data from the UK or EEA to countries that have not been deemed to provide an adequate level of data protection, we use appropriate safeguards including[cite: 123]:
- Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO[cite: 124];
- Data processing agreements with third-party providers that include appropriate transfer mechanisms[cite: 125];
- The UK International Data Transfer Agreement (IDTA) where applicable[cite: 126].
9. Data Retention
We retain your personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law[cite: 131].
| Data Category | Retention Period | Basis |
|---|---|---|
| Account Data [cite: 133] | Duration of account + 3 years after closure [cite: 133] | Contract; Legal obligation [cite: 133] |
| Transaction & Invoice Records [cite: 133] | 7 years from date of transaction [cite: 133] | Legal obligation [cite: 133] |
| Design & Content Files [cite: 133] | Duration of account (deleted within 90 days of closure) [cite: 133] | Contract [cite: 133] |
| AI Output History [cite: 133] | Varies by Plan (7 to 90 days; Unlimited for Enterprise) [cite: 133] | Contract [cite: 133] |
| Communications & Support [cite: 133] | 3 years from last communication [cite: 133] | Legitimate interests; Legal obligation [cite: 133] |
| Usage & Analytics Data [cite: 133] | Aggregated: Indefinitely; Identifiable logs: 13 months [cite: 133] | Legitimate interests [cite: 133] |
| Marketing Data [cite: 133] | Until unsubscribe/withdrawal + 1 year [cite: 133] | Consent; Legitimate interests [cite: 133] |
| Compliance Documents [cite: 133] | Duration of account + 5 years [cite: 133] | Legal obligation [cite: 133] |
When retention periods expire, data is securely deleted or anonymised[cite: 134]. You may request early deletion subject to legal requirements[cite: 135].
10. Cookies and Tracking Technologies [cite: 357]
10.1 What We Use [cite: 358]
Cloud Couture uses cookies and similar tracking technologies (including pixels, local storage, and session tokens) on the Platform[cite: 359]. These technologies help us:
- Keep you logged in and remember your preferences[cite: 361];
- Ensure the security and integrity of your session[cite: 362];
- Understand how Users navigate and use the Platform[cite: 363];
- Measure the effectiveness of our marketing and outreach[cite: 364];
- Improve Platform performance and personalise your experience[cite: 365].
10.2 Types of Cookies We Use [cite: 366]
| Type | Purpose | Can you opt out? |
|---|---|---|
| Essential / Strictly Necessary | Login sessions, security tokens, load balancing, CSRF protection. Required for the Platform to function. | No — these are necessary for the service [cite: 367] |
| Functional / Preference | Remembering your language, layout preferences, and saved settings. | Yes — via cookie preferences [cite: 367] |
| Analytics | Understanding how Users use the Platform (e.g. Google Analytics, Mixpanel). Data is aggregated. | Yes — via cookie preferences [cite: 367] |
| Marketing & Attribution | Tracking the effectiveness of our marketing campaigns and outreach. Used only if you have consented. | Yes — consent required and withdrawable at any time [cite: 367] |
10.3 Managing Cookies [cite: 368]
You can manage your cookie preferences at any time via the cookie settings panel in your account or in your browser settings[cite: 369].
11. Your Rights
Depending on your location, you have the following rights regarding your personal data[cite: 151]. To exercise any of these rights, contact privacy@cloudcouture.com[cite: 152]. We will respond within 30 days (UK/EU GDPR) or as required by applicable law[cite: 152].
Right of Access
You have the right to request a copy of the personal data we hold about you and information about how we use it[cite: 153].
Right to Rectification
You have the right to request that we correct inaccurate or incomplete personal data about you[cite: 154].
Right to Erasure (“Right to be Forgotten”)
You have the right to request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where we have no legitimate basis to retain it[cite: 155]. This right is subject to legal retention obligations[cite: 155].
Right to Restriction
You have the right to request that we restrict processing of your data in certain circumstances — for example, while a rectification request is being assessed[cite: 156].
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a structured, commonly used, machine-readable format[cite: 157].
Right to Object
You have the right to object to processing based on legitimate interests, including profiling and direct marketing[cite: 158]. We will stop processing unless we can demonstrate compelling legitimate grounds[cite: 158].
Right to Withdraw Consent
Where processing is based on consent, you may withdraw consent at any time[cite: 159]. Withdrawal does not affect the lawfulness of processing prior to withdrawal[cite: 159].
Rights in Relation to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing — including AI-generated outputs — that produce legal or similarly significant effects[cite: 160]. Contact us if you believe a significant decision has been made about you solely by automated means[cite: 160].
12. Children’s Privacy
The Cloud Couture Platform is a business-to-business service intended solely for use by individuals who are 18 years of age or older and who are acting in a professional or commercial capacity[cite: 162].
We do not knowingly collect personal data from anyone under the age of 18[cite: 163].
If we become aware that we have inadvertently collected personal data from a person under 18, we will take prompt steps to delete that data[cite: 164].
If you believe a minor has registered on the Platform, please contact privacy@cloudcouture.com immediately[cite: 165].
13. Security
Cloud Couture implements a range of technical and organisational security measures to protect your personal data against unauthorised access, loss, destruction, or alteration[cite: 167]. These measures include:
- ✓Encryption of data in transit using TLS 1.2 or higher [cite: 169]
- ✓Encryption of sensitive data at rest [cite: 170]
- ✓Access controls and role-based permissions for staff [cite: 171]
- ✓Multi-factor authentication for internal systems [cite: 172]
- ✓Regular security assessments and penetration testing [cite: 173]
- ✓Incident response procedures for data breaches [cite: 174]
- ✓Data processing agreements with all third-party providers [cite: 175]
Despite these measures, no system is completely secure[cite: 176]. You are responsible for maintaining the confidentiality of your account credentials and for promptly notifying us of any suspected unauthorised access at privacy@cloudcouture.com[cite: 176].
14. Third-Party Links and Integrations
The Platform may contain links to third-party websites, and may integrate with third-party tools such as ERP systems, accounting software (e.g. QuickBooks, Xero, SAP), and e-commerce platforms[cite: 179].
These third parties have their own privacy policies and Cloud Couture is not responsible for their data practices[cite: 180].
When you enable a third-party integration, you authorise the sharing of data between Cloud Couture and that third party as necessary for the integration to function[cite: 181]. We recommend reviewing the privacy policy of any third-party tool before enabling it[cite: 182].
Cloud Couture’s inclusion of a third-party link or integration does not constitute an endorsement of that third party or their data practices[cite: 183].
15. US State Privacy Rights
If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or another US state with applicable privacy legislation, you may have additional rights regarding your personal data[cite: 185].
15.1 California (CCPA / CPRA)
California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)[cite: 187]:
- Right to Know:What personal information is collected, used, shared, or sold[cite: 188].
- Right to Delete:Personal information we have collected (subject to exceptions)[cite: 189].
- Right to Opt Out:Of the sale or sharing of personal information. Note: Cloud Couture does not sell personal information[cite: 190].
- Right to Correct:Inaccurate personal information[cite: 191].
- Right to Limit:Use and disclosure of sensitive personal information[cite: 192].
- Right to Non-Discrimination:For exercising your privacy rights[cite: 193].
15.2 Other US States
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with applicable privacy laws have similar rights to those described in Section 11[cite: 196]. To exercise these rights, contact privacy@cloudcouture.com[cite: 196].
Cloud Couture will handle all US privacy requests in accordance with the most protective applicable state law[cite: 197].
16. Changes to This Policy
Cloud Couture may update this Privacy Policy from time to time to reflect changes in our data practices, the Platform, or applicable law[cite: 199].
Material Changes
When we make material changes, we will[cite: 200]:
- Notify you by email to your registered address at least 30 days before the changes take effect[cite: 201];
- Display a prominent notice on the Platform[cite: 202];
- Update the “Effective Date” at the top of this document[cite: 203].
Non-Material Changes
For non-material changes (such as clarifications or updated provider names), we may update this Policy without prior notice[cite: 204]. We encourage you to review this Policy periodically[cite: 205].
Your continued use of the Platform after the effective date of any updated Policy constitutes your acceptance of the changes[cite: 206].
If you do not agree to the updated Policy, you must stop using the Platform and close your account[cite: 207].
Previous versions of this Privacy Policy are available on request from privacy@cloudcouture.com[cite: 208].
17. Contact and Complaints
17.1 Contact Us
For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:
Cloud Couture Ltd — Privacy Team
Email: privacy@cloudcouture.com
Website: cloudcouture.com/privacy
Post: [Registered Address], [City, Postcode, Country]
Response time:We aim to respond to all privacy requests within 5 business days, and will provide a substantive response within the timeframes required by applicable law (30 days under UK/EU GDPR; 45 days under CCPA).
17.2 Supervisory Authority Complaints
If you are located in the UK or EEA and are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority:
We would always prefer the opportunity to address your concern directly before you contact a supervisory authority. Please reach out to us first at privacy@cloudcouture.com.