US Privacy Policy

Stitch Fix, Inc. (“Stitch Fix”, “we”, “us”, or “our”) is committed to protecting your privacy. Stitch Fix is a fashion retailer that blends expert styling, proprietary technology and unique product to deliver an easy, enjoyable, personalized shopping experience. We have prepared this Privacy Policy (“Privacy Policy”) to describe our practices regarding the personal information we collect from users on our website, located at www.stitchfix.com (the “Site”), our mobile application entitled “Stitch Fix” (the “App”) and the services offered through the Site and App, and any orders that you place (collectively, the “Services”).

Questions; Contacting Stitch Fix; Reporting Violations

If you have any questions, concerns or complaints about our Privacy Policy, our data collection or processing practices, or if you want to report any security violations to us, please contact us at hello@stitchfix.com or 1 Montgomery Street, Suite 1500, San Francisco, CA 94104.

Information Collected

Information You Provide to Us.

When you sign up for an account for our Services (an “Account”), you provide us your name, email address, password, and zip code to register with us or connect to the Service via a Social Networking Site, or “SNS” (defined below). In addition, we collect information as part of your Style Profile, such as your date of birth, as well as sizing, fit and style preference information. If you post a photo to your Account, we will collect that photo.

When you receive a shipment, we record what you keep and what you return.

If you provide us feedback or contact us via email, we will collect your name and email address, as well as any other content included in the email, in order to send you a reply.

When you place an order for the Services or when you order products through the Services, we or our third-party payment processor will collect payment, shipping and billing information in order to process the transaction.

When you post content (text, images, photographs, videos, messages, comments or any other kind of content) on our Services, the information contained in your posting will be stored in our servers and other users of the Services will be able to see it if you post it in an area made public, such as comments on our blogs.

We retain information on your behalf, such as messages you send (including the content of the message and the recipient data) using your Account.

When you participate in one of our surveys, we may collect additional profile information.

We may collect the unique device ID number of the mobile device on which you use the App.

If you participate in a sweepstakes, contest or giveaway on our Services, we may ask you for your email address and/or home phone number to notify you if you win. We may also ask for first and last names, and sometimes post office addresses to verify your identity. In some situations we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes, contests, and giveaways are voluntary.

We may also collect personal information at other points in our Services that state that personal information is being collected.

For online payments, we use the payment services of Braintree (https://www.braintreepayments.com/). We do not process, record or maintain your credit card or bank account information. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Information Collected from Third Party Companies.

We may receive information about you from other sources. We may add this information to the information we have already collected from you via our Services in order to improve the Services.

Information Collected from Social Networking Sites.

The Services allow users to share information with us via social networking sites, such as Facebook, Facebook Messenger, Instagram, Pinterest, LinkedIn or Twitter (each an “SNS”). In some cases, you can sign-in to the Services using your SNS account information. By sharing your SNS profile, you are allowing us, including your stylist to access some of your SNS information depending on your SNS settings or as allowed by you (such as profile information and profile photo). We may receive that information from your SNS profile and that information may be imported to the Services. Our Services also allow you to share information via such SNS profiles, such as referral links. You acknowledge and agree that you are solely responsible for your use of SNSs and that it is your responsibility to review the terms of use and privacy policy of the third party provider of such SNSs. We will not be responsible or liable for: (i) the availability or accuracy of such SNSs; (ii) the content, products or services on or availability of such SNSs; or (iii) your use of any such SNSs. You can remove your SNS profile information via your Account Settings or Style Profile, as applicable, at any time. If you disconnect an SNS account that you have previously connected, the SNS public profile data and SNS-provided-email will be deleted from our active databases.

Information Collected Automatically

Generally.

When you use our Services, some information is automatically collected. For example, when you use our Services, your geographic location, how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“UDID”), and your browser type, operating system, Internet Protocol (IP) address, and domain name are all collected. This information is generally used to help us deliver the most relevant information to you and administer and improve the Services. In addition, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App.

Log Files.

As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to maintain and improve the performance of the Services.

Cookies.

Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We and some third parties may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services and to market the Services or other products.

Marketing Companies.

We work with a number of companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you, on our sites and apps and those of third parties. While not a comprehensive list, some of these companies we work with are Facebook, Twitter, Pinterest, Google AdWords, Microsoft, Oath, Kenshoo, and Data + Math. If you would like more information about this practice, including the Self Regulatory Principles for Online Behavioral Advertising, to which we adhere, and to exercise your choices about not having this information used for behavioral advertising, visit http://www.aboutads.info/choices and/or http://optout.networkadvertising.org/. We also work with affiliate marketing companies, including Impact. To better understand how these companies use your information, please see the privacy policies available on their respective websites.

Analytics Companies.

We work with a number of third-party analytics companies that collect information anonymously and report website trends without identifying individual visitors. These services allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. Currently, we work with the following analytics companies: Dynamic Yield, New Relic, Adjust and Google Analytics. This is not intended to be a comprehensive list and we may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their respective websites.

Use of Your Personal information

General Use.

In general, personal information you submit to us is used either to respond to requests that you make, aid us in serving you better, or market our Services. We use your personal information in the following ways:

  • to choose and deliver your shipment;
  • respond to comments, requests and questions and provide customer service;
  • facilitate the creation of and secure your Account on our network;
  • identify you as a user in our system;
  • provide, process and deliver the Services you request;
  • improve the quality of experience when you interact with our Services, including the testing of different page designs to see which performs better;
  • send you administrative email notifications, such as security or support and maintenance advisories;
  • resolve disputes and/or troubleshoot problems;
  • develop, improve, and deliver marketing and advertising for the Services;
  • process and deliver orders;
  • respond to your inquiries related to employment opportunities or other requests; and
  • send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes.

We may store and process your personal information in the United States and other countries.

User Feedback.

We may post user feedback on the Services from time to time. If you make any comments on a blog, SNS wall or forum associated with the Service, you should be aware that any information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs and forums.

Creation of Anonymous Data.

We may create anonymous data records from personal information by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.

Disclosure of Your Personal Information

We disclose your personal information as described below and elsewhere in this Privacy Policy.

Third Parties Designated by You.

When you use the Services, the personal information you provide will be shared with the third parties that you authorize to receive such information.

Third Party Service Providers.

We may share your personal information with third party service providers to: provide you with the Services that we offer you through our Services; conduct quality assurance testing; facilitate creation of accounts; to provide technical support; market the Services; and/or to provide other services to Stitch Fix.

Business Partners.

In order to facilitate your purchase of items from third party partners, we may disclose certain Personal Information about you when you ask us to do so.

Corporate Restructuring.

We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

Other Disclosures

Regardless of any choices you make regarding your personal information (as described below), Stitch Fix may disclose personal information if it believes in good faith that such disclosure is necessary: (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served on Stitch Fix; (iii) to protect or defend the rights or property of Stitch Fix or users of the Services; and/or (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.

The California Consumer Privacy Act (“CCPA”) sets forth certain obligations for businesses that “sell” personal information (as sell is defined under CCPA and under current guidance). We do not engage in such activity and have not engaged in such activity in the past twelve months.

Referrals

The Services allow you to invite your friends to sign up for the Services by sharing a referral link via an SNS, email or other means, or by sending invitations through Stitch Fix’s referral page on the App or websites. If you choose to upload your contacts to the Service, we will receive and store those contacts’ information and use it to send invitations on your behalf when you choose to do so. When you refer someone via our App or Site, your referral will include your name and, if shared with us, your photo.

Third Party Websites

Our Site or App may contain links to third party websites. When you click on a link to any other website or location, you will leave our Site, App or Services and go to another site, and another entity may collect personal information or anonymous data from you. We have no control over, do not review, and are not responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of your personal information after you click on links to such outside websites. We encourage you to read the privacy policies of every website and App you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

Your Choices Regarding Information

You have several choices regarding the use of information on our Services:

Choices.

We offer you choices regarding the collection, use, and sharing of your personal information. We will periodically send you newsletters and emails that directly promote the use of our Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the email you receive or by contacting us directly (please see contact information below). Despite your indicated email preferences, we may send you service related communications, including notices of any updates to our Terms of Use or Privacy Policy.

Cookies.

If you decide at any time that you no longer wish to accept cookies from our Services for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all portions of the Services or all functionality of the Services. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided below.

Changes to Personal Information.

You may change your personal information in your Account by editing your profile within your Account. You may request that we delete your personal information in your Account, but please note that we may be required to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may retain your information for fraud prevention or similar purposes.

While we and others give you the choices to control the information collected and used as described in this Privacy Policy, there are many web browser signals and other similar mechanisms that can indicate your choice to disable tracking, and we may not be aware of or honor every mechanism.

Information Disclosed to Third Parties.

This Privacy Policy addresses only our use and disclosure of information we collect from and/or about you on the Services. If you disclose information to others, or authorize us to do the same under this Privacy Policy, the use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.

Access and Deletion Requests.

If you are a resident of California, you may request that we:

  • provide you the categories of personal information we collect, disclose or sell about you, the categories of sources of such information; the business or commercial purpose for collecting or selling your personal information; and the categories of third parties with whom we share personal information. Such information is also set forth in this Privacy Policy;
  • provide access to and/or a copy of certain information we hold about you;
  • delete certain information we have about you; or
  • provide you with information about the financial incentives that we offer to you, if any.

If you sign up as a client of Stitch Fix, you may update or correct your profile information through your account settings, or delete your profile information and preferences at any time by contacting us at hello@stitchfix.com. If you would like further information regarding your legal rights under applicable law or would like to exercise any of them, you may contact us by email at hello@stitchfix.com or visit https://support.stitchfix.com/hc/en-us/requests/new. If you are a California resident, you may designate an agent to exercise your rights under the CCPA. We will take steps to verify the identity of the agent, and that your agent has been authorized to make a request on your behalf. Such steps may include requiring that the agent submit a signed written authorization or a copy of a power of attorney.

Please note your rights and choices vary depending upon your location. Certain information may be exempt from such requests under applicable law. We will take reasonable steps to verify your identity.

Your California Privacy Rights

Shine the Light Disclosure.

The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

California Consumer Protection Act.

The California Consumer Protection Act (“CCPA”) provides California residents with certain rights as described herein and in this Privacy Policy. The terms in this section use the definitions set forth in the CCPA.

The CCPA provides California residents with the right to not be discriminated against (as provided for in applicable law) for exercising rights to access and delete your personal information (as referred to in Access and Deletion Requests, above). Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you or we may need to retain it to comply with our own legal obligations.

Notice of Collection for California Residents.

The CCPA, and its accompanying regulations, specify that we should identify the categories of personal information we collect and purposes for which we may use it and the parties with which we share it. The following information is offered in addition to the disclosures made elsewhere in this Privacy Policy.

Categories of Personal Information We Collect About You

Summarized in the table below are the categories of personal information we may collect about you, depending on how you interact with us. The following table also describes how we collect and use such categories of information.

Categories of information collectedPurposes of use
(see chart below for additional information)
Sources of personal information
Identifiers and Contact Information, e.g., name, email address, postal address, phone number, and password
  • All purposes
  • Directly from you (e.g., through your Style Profile)
Demographic information, e.g., age, employment, and lifestyle information
  • Provide the Services
  • Personalize your experience
  • Directly from you (e.g., through your Style Profile)
Physical Characteristics and Audio Data, e.g., height, weight, and audio recordings when you call customer support
  • Provide the Services
  • Personalize your experience
  • Legal purposes
  • Directly from you (e.g., through your Style Profile and your customer support calls)
Financial and Transactional Information, e.g., payment card information, delivery information, and information about your transactions and purchases with us
  • Provide the Services
  • Legal purposes
  • Directly from you (e.g., what and how you order from us)
User-Generated Content, e.g., photos, videos, any information you submit in public forums or message boards, and feedback or testimonials you provide about our Services
  • Communicate with you
  • Provide the Services
  • Personalize your experience
  • Legal purposes
  • Directly from you (e.g., through your Fix requests and feedback)
Customer Service Information, e.g., questions and other messages you address to us directly through online forms, by email, over the phone, or by post; summaries or voice recordings of your interactions with customer care
  • All purposes
  • Directly from you (e.g., through your customer support messages)
Device Information and Device Identifiers, e.g., IP address; browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, advertising, and app identifiers
  • Provide the Services
  • Personalize your experience
  • Secure our services and users
  • Legal purposes
  • From cookies, pixels, tags, and similar tracking technologies
Usage Data, e.g., information about content viewed or download, domain names, landing pages, browsing activity, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, whether you open an email and your interaction with email content, access times, error logs, and other similar information
  • Provide the Services
  • Secure our services and users
  • Legal purposes
  • Directly from you (e.g. through your use of the Services)
  • From cookies, pixels, tags, and similar tracking technologies
Geolocation, e.g., city, state and ZIP code associated with your IP address
  • Provide the Services
  • Secure our services and users
  • Legal purposes
  • From cookies, pixels, tags, and similar tracking technologies
Other Information, e.g., any other information you you choose to directly provide to us in connection with your use of the Services
  • All purposes
  • Directly from you (e.g., through your customer support messages, survey responses, or social media information)

The following chart provides additional information about the business or commercial purposes for collecting and using your information.

Purposes of Use
Communicate with you, for example, to:
  • Process and deliver orders;
  • Respond to comments, requests and questions and to provide customer service;
  • Send you administrative email notifications, such as security or support and maintenance advisories;
  • Send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes; and
  • Respond to your inquiries related to employment opportunities or other requests.
Provide the Services, for example, to:
  • Provide, process and deliver the Services you request;
  • Choose the items for and to deliver your shipment; and
  • Improve the quality of experience when you and others interact with our Services, including the testing of different page designs to see which performs better.
Personalize your experience, for example, to:
  • Identify you as a user in our system;
  • Personalize your experience with our Services; and
  • Develop, improve, and deliver marketing and advertising for the Services.
Secure our Services and Users, for example, to:
  • Resolve disputes and/or troubleshoot problems;
  • Monitoring, preventing, and detecting fraud, such as through verifying your identity
  • Combatting spam or other malware or security risks
  • Detecting security incidents
  • Debugging to identify and repair errors that impair existing intended functionality
  • Monitoring, enforcing, and improving the security of our Services
Defending our legal rights and compliance with the law, for example, to:
  • Comply with any applicable procedures, laws, or regulations and to protect our legitimate interests or those of others
  • Protect or exercise our legal rights or those of others (e.g., to enforce compliance with our Terms of Use, Privacy Policies, or to protect our Services, Users, or others)

How we Share and Disclose Your Information

We may share all the categories of personal information identified in this California Privacy Notice or elsewhere in this Privacy Policy for our operational or business purposes where the use of such personal information is reasonably necessary and proportionate to achieve the purpose for which it was collected or for another operational or business purpose that is compatible with the context in which the personal information was collected. We may share such information with the following categories of entities and third parties:

  • Service Providers.
  • Third parties designated by you.
  • An entity that is part of corporate restructuring, including a successor-in-interest or assign.
  • Governmental entities.
  • Third parties who are involved in a legal investigation or in protecting or defending the rights or property of Stitch Fix or users of the Services; and/or investigating or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.

Privacy Information for Nevada Residents

Under Nevada law, certain Nevada consumers may opt out of the “sale” of “personally identifiable information” as such terms are defined under Nevada law. We do not engage in such activity; however, if you are a Nevada resident who has purchased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by contacting us at hello@stitchfix.com. Once verified, we will maintain your request in the event our practices change.

Verification

To protect your privacy and security, we take reasonable steps to verify your identity and requests before granting the rights above, including account access or making corrections to your information. You are solely responsible for maintaining the secrecy of your unique password and account information at all times.

How we Respond to Do Not Track Signals

We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Services.

A Note About Children

Our Services are not directed to children under the age of 13 and children under the age of 13 are not eligible to use our Services. We do not collect or maintain personal information from children we actually know are under the age of 13. If a child under 13 submits personal information to us and we learn that the personal information is the personal information of a child under 13, we will take steps to remove the personal information from our databases. If you believe that a child under 13 provided us with personal information, please contact us at hello@stitchfix.com.

For minors over the age of 13, we may collect information from them. As with any personal information we collect from our users, we do not “sell” that information as defined under the CCPA.

The children’s products we offer via our Services are intended for purchase by adults. We collect some limited personal information about children from the adults purchasing children’s products via our Services. Information about children that we collect from adults and store includes name, birth date, height, weight and style preferences.

If you provide us information about a child and you are not the parent or legal guardian of that child, please obtain the parent or legal guardian’s consent to provide us such information.

Users Outside of the United States

If you are using the Services in the United Kingdom, please see our UK Privacy Policy at www.stitchfix.co.uk/privacy. If you are a non-U.S. user of the Services outside of the US and UK, by using the Services and/or providing us with information, you acknowledge and agree that your personal information may be processed for the purposes identified in this Privacy Policy. In addition, your personal information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your information, you consent to such transfer.

Contact Information

We welcome your comments or questions about this Privacy Policy. You may contact us at hello@stitchfix.com.

Changes to this Privacy Policy

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your personal information, we will notify you by sending you an email to the last email address you provided to us and/or by prominently posting notice of the changes on the Services and updating the “Last Updated” date below. Any changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an email notice to you or thirty (30) calendar days following our posting of notice of the changes on the Services. These changes will be effective immediately for new users of our Service. Please note that at all times you are responsible for updating your personal information to provide us with your most current email address. In the event that the last email address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice. If you do not wish to permit changes in our use of your personal information, you must notify us prior to the effective date of the changes that you wish to deactivate your Account with us. Continued use of our Services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Last Updated: December 23, 2019