Stitch Fix, Inc. (“Stitch Fix”, “we”, “us”, or “our”) is committed to protecting your privacy. Stitch Fix is a fashion retailer that blends expert styling, proprietary technology and unique product to deliver an easy, enjoyable, personalized shopping experience. We have prepared this Privacy Policy (“Privacy Policy”) to describe to you our practices regarding the personal information we collect from users on our website, located at www.stitchfix.com (the “Site”), our mobile application entitled “Stitch Fix” (the “App”) and the services offered through the Site and App, and any orders that you place (collectively, the “Services”).

QUESTIONS; CONTACTING STITCH FIX; REPORTING VIOLATIONS

If you have any questions, concerns or complaints about our Privacy Policy, our data collection or processing practices, or if you want to report any security violations to us, please contact us at hello@stitchfix.com, or 1 Montgomery Street 1500, San Francisco, CA 94104.

Information You Provide to Us.

When you sign up for an account for our Services (an “Account”), you provide us your name, email address, password, and zip code to register with us or connect to the Service via a Social Networking Site, or “SNS” (defined below). In addition, we collect information as part of your Style Profile, such as your date of birth, as well as sizing, fit and style preference information. If you post a photo to your Account, we will collect that photo.

When you receive a shipment, we record what you keep and what you return. If you provide us feedback or contact us via e-mail or through the Services, we will collect your name and e-mail address, as well as any other content included in the message.

If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply.

When you place an order for the Services or when you order products through the Services, we or our third party payment provider will collect payment, shipping and billing information in order to process the transaction.

When you post content (text, images, photographs, videos, messages, comments or any other kind of content) on our Services, the information contained in your posting will be stored in our servers and other users of the Services will be able to see it if you post it in an area made public, such as comments on our blogs.

We retain information on your behalf, such as messages you send (including the content of the message and the recipient data) using your Account.

When you participate in one of our surveys, we may collect additional profile information.

We may collect the unique device id number of the mobile device on which you use the App.

If you participate in a sweepstakes, contest or giveaway on our Services, we may ask you for your e-mail address and/or home phone number,to notify you if you win. We may also ask for first and last names, and sometimes post office addresses to verify your identity. In some situations we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary.

We may also collect personal information at other points in our Services that state that personal information is being collected.

For online payments, we use the payment services of Braintree (https://www.braintreepayments.com/). We do not process, record or maintain your credit card or bank account information. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Information Collected from Third Party Companies. We may receive information about you from other sources. We may add this information to the information we have already collected from you via our Services in order to improve the Services.

Information Collected from Social Networking Sites. The Services allow users to share information with us via social networking sites, such as Facebook, Facebook Messenger, Instagram, Pinterest, LinkedIn or Twitter (each an “SNS”). In some cases, you can sign-in to the Services using your SNS account information. By sharing your SNS profile, you are allowing us, including your stylist to access some of your SNS information as allowed by you (such as profile information and profile photo). We may receive that information from your SNS profile and that information may be imported to the Services. Our Services also allow you to share information via such SNS profiles, such as referral links. You acknowledge and agree that you are solely responsible for your use of SNSs and that it is your responsibility to review the terms of use and privacy policy of the third party provider of such SNSs. We will not be responsible or liable for: (i) the availability or accuracy of such SNSs; (ii) the content, products or services on or availability of such SNSs; or (iii) your use of any such SNSs. You can remove your SNS profile information via your Account Settings or Style Profile, as applicable, at any time. If you disconnect an SNS account that you have previously connected, the SNS public profile data and SNS-provided-email will be deleted from our active databases.

Generally. When you use our Services, some information is automatically collected. For example, when you use our Services, your geographic location, how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“UDID”), and your browser type, operating system, Internet Protocol (IP) address, and domain name are all collected. This information is generally used to help us deliver the most relevant information to you and administer and improve the Services. In addition, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App.

Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to maintain and improve the performance of the Services.

Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We and some third parties may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services and to market the Services or other products.

Marketing Companies. We work with a number of companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you, on our sites and apps and those of third parties. While not a comprehensive list, some of these companies we work with are Conversant, Facebook, Twitter, Pinterest, Google AdWords, Yahoo, Outbrain, Taboola, and Kenshoo. If you would like more information about this practice, including the Self Regulatory Principles for Online Behavioral Advertising, to which we adhere, and to exercise your choices about not having this information used for behavioral advertising, visit www.aboutads.info/choices and/or optout.networkadvertising.org. We also work with affiliate marketing companies, including CJ Affiliate. To better understand how these companies use your information, please see the privacy policies available on their respective websites.

Analytics Companies. We work with a number of third party analytics companies that collect information anonymously and report website trends without identifying individual visitors. These services allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. Currently, we work with the following analytics companies: Dynamic Yield, New Relic, Adjust and Google Analytics. This is not intended to be a comprehensive list and we may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their respective websites.

General Use. In general, personal information you submit to us is used either to respond to requests that you make, aid us in serving you better, or market our Services. We use your personal information in the following ways:

• to choose and deliver your shipment;
• respond to comments, requests and questions and provide customer service;
• facilitate the creation of and secure your Account on our network;
• identify you as a user in our system;
• provide, process and deliver the Services you request;
• improve the quality of experience when you interact with our Services, including the testing of different page designs to see which performs better;
• send you administrative e-mail notifications, such as security or support and maintenance advisories;
• resolve disputes and/or troubleshoot problems;
develop, improve, and deliver marketing and advertising for the Services; process and deliver orders; respond to your inquiries related to employment opportunities or other requests; and
• send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes.

We may store and process your personal information in the United States and other countries.

User Feedback. We may post user feedback on the Services from time to time. If you make any comments on a blog, SNS wall or forum associated with the Service, you should be aware that any information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the information you choose to submit in these blogs and forums.

Creation of Anonymous Data. We may create anonymous data records from personal information by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.

We disclose your personal information as described below and as described elsewhere in this Privacy Policy.

Third Parties Designated by You. When you use the Services, the personal information you provide will be shared with the third parties that you authorize to receive such information.

Third Party Service Providers. We may share your personal information with third party service providers to: provide you with the Services that we offer you through our Services; conduct quality assurance testing; facilitate creation of accounts; to provide technical support; market the Services; and/or to provide other services to Stitch Fix.

Business Partners. In order to facilitate your purchase of items from third party partners, we may disclose certain Personal Information about you when you ask us to do so.

Corporate Restructuring. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

Other Disclosures. Regardless of any choices you make regarding your Personal information (as described below), Stitch Fix may disclose Personal information if it believes in good faith that such disclosure is necessary: (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served on Stitch Fix; (iii) to protect or defend the rights or property of Stitch Fix or users of the Services; and/or (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.

The Services allow you to invite your friends to sign up for the Services by sharing a referral link via an SNS, email or other means, or by sending invitations through Stitch Fix’s referral page on the App or websites. If you choose to upload your contacts to the Service, we will receive and store those contacts’ information and use it to send invitations on your behalf when you choose to do so. When you refer someone via our App or Site, your referral will include your name and, if shared with us, your photo.

Our Site or App may contain links to third party websites. When you click on a link to any other website or location, you will leave our Site, App or Services and go to another site, and another entity may collect personal information or anonymous data from you. We have no control over, do not review, and are not responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of your personal information after you click on links to such outside websites. We encourage you to read the privacy policies of every website and App you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

You have several choices regarding the use of information on our Services:

Choices. We offer you choices regarding the collection, use, and sharing of your personal information. We will periodically send you newsletters and e-mails that directly promote the use of our Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information below). Despite your indicated e-mail preferences, we may send you service related communications, including notices of any updates to our Terms of Use or Privacy Policy.

Cookies. If you decide at any time that you no longer wish to accept cookies from our Services for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all portions of the Services or all functionality of the Services. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided below.

Changes to Personal Information. You may change your personal information in your Account by editing your profile within your Account. You may request that we delete your personal information in your Account, but please note that we may be required to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may retain your information for fraud prevention or similar purposes.

While we and others give you the choices to control the information collected and used as described in this Privacy Policy, there are many web browser signals and other similar mechanisms that can indicate your choice to disable tracking, and we may not be aware of or honor every mechanism.

Information Disclosed to Third Parties. This Privacy Policy addresses only our use and disclosure of information we collect from and/or about you on the Services. If you disclose information to others, or authorize us to do the same under this Privacy Policy, the use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.

We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Services.

Our Services are not directed to children under the age of 13 and children under the age of 13 are not eligible to use our Services. We do not collect or maintain personal information from children we actually know are under the age of 13. If a child under 13 submits personal information to us and we learn that the personal information is the personal information of a child under 13, we will take steps to remove the personal information from our databases. If you believe that we might have any personal information from a child under 13, please contact us at hello@stitchfix.com.

If you are a non U.S. user of the Services, by using the Services and/or providing us with information, you acknowledge and agree that your personal information may be processed for the purposes identified in this Privacy Policy. In addition, your personal information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your information, you consent to such transfer.

We welcome your comments or questions about this Privacy Policy. You may contact us at hello@stitchfix.com.

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your personal information, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on the Services and updating the “Last Updated” date above. Any changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you or thirty (30) calendar days following our posting of notice of the changes on the Services. These changes will be effective immediately for new users of our Service. Please note that at all times you are responsible for updating your personal information to provide us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. If you do not wish to permit changes in our use of your personal information, you must notify us prior to the effective date of the changes that you wish to deactivate your Account with us. Continued use of our Services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Last Updated: August 30, 2017