GDPR – Privacy Policy – Kleep

Last updated: 15/09/2025

Kleep, a simplified joint-stock company registered with the Paris Trade and Companies Register under number 904 780 335, with its registered office at 23 rue Blondel, 75002 Paris, operates a service that allows users to obtain personalized size recommendations for their clothing and footwear purchases.

As part of this service, Kleep processes personal data on behalf of its client brands (the “Data Controllers”) and, in some cases, as an independent data controller for the improvement of its services.



This privacy policy explains what data we collect, why we collect it, how we use it, and what rights you have.

  1. Who is responsible for the processing?
    The identity of the data controller depends on the type of processing:

    1.1. Size recommendation on the brand’s website
    The Data Controller is the brand whose website you are browsing and where you make your purchases.
    Kleep acts as a processor, strictly following the instructions of the brand.

    1.2. Improvement and development of Kleep’s services
    Kleep acts as a subsequent (independent) data controller, based on the contractual authorization granted by the brand.



  2. What data do we collect?
    When you use Kleep to obtain a size recommendation, we may collect the following categories of data:

    2.1. Information you provide:
    - age, weight, height, gender
    - answers to the morphology questionnaire
    - optionally, body photos (if you choose to upload them)

    2.2. Information related to your shopping experience (provided by the brand):
    - purchases and returns

    2.3. Technical data:
    - a technical identifier generated by Kleep (local token, subject to your consent)
    - browsing data required for the operation of the service.

    No sensitive data is collected.


  1. Purposes of processing
    Your data is used for the following purposes:

    3.1. Primary purpose – Size recommendation
    - To provide you with a personalized size recommendation
    - To automatically display this recommendation when you browse other product pages on the brand’s website

    3.2. Secondary purpose – Service improvement (contractual authorization)
    Kleep may reuse data, in pseudonymized form, to:
    - improve its size recommendation algorithm
    - develop new features and services
    - conduct internal statistical analyses



  2. Legal basis for processing
    - Performance of a contract / pre-contractual measures: providing the size recommendation you request
    - Legitimate interest: continuous improvement of the algorithm in accordance with the GDPR
    - Consent: storage of the local token that allows your recommendation to be remembered between visits.



  3. How long is your data stored?
    - Size recommendation on the brand’s website: for the duration of the contract between Kleep and the brand
    - Local token: according to the duration specified in the brand’s consent module
    - Pseudonymized data used to improve the algorithm: up to 3 years maximum



  4. Who can access your data?
    - The brand acting as the Data Controller
    - Kleep’s strictly authorized technical team
    - Kleep’s cloud service provider: Amazon Web Services (AWS – Dublin, Ireland)

    No other third party has access to your data.


  5. Transfers outside the European Union
    Data is primarily hosted within the European Economic Area (Dublin, Ireland). If a transfer outside the EEA were to occur, Kleep would:
    - request prior written authorization from the brand concerned.
    - implement appropriate safeguards (standard contractual clauses, supplementary measures)



  6. Data security
    Kleep implements strong technical and organizational security measures, including:
    - pseudonymization and encryption of personal data
    - strict access controls
    - security logging and monitoring
    - regular testing and audits
    - business continuity procedures



  7. Your rights
    You have the following rights:
    - right of access
    - right of rectification
    - right of erasure
    - right to object
    - right to restriction of processing
    - right to data portability
    - right not to be subject to automated decision-making

    To exercise these rights, you must contact the brand’s customer service, as they are your primary Data Controller.
    Any request mistakenly sent to Kleep will be immediately forwarded to the relevant brand.


  1. . Data breaches
    In the event of a personal data breach, Kleep will inform the concerned brand within a maximum of 48 hours after becoming aware of it.



  2. Contact

    For any questions related to data protection:

    Data Controller (the brand)
    Refer to the privacy policy of the website where you are using Kleep.

    Kleep (subsequent processing)
    dpo@kleep.ai

    23 rue Blondel, 75002 Paris, France

    Supervisory Authority
    CNIL – www.cnil.fr
    You have the right to lodge a complaint at any time.



  3. Changes to this privacy policy
    Kleep may update this privacy policy to reflect legal, technical, or operational changes. The update date will always be indicated at the top of the document.