Stitch Fix, Inc. (“Stitch Fix”, “we”, “us”, or “our”) is committed to protecting your privacy. Stitch Fix is a fashion retailer that blends expert styling, proprietary technology and unique product to deliver an easy, enjoyable, personalized shopping experience. We have prepared this Privacy Policy (“Privacy Policy”) to describe to you our practices regarding the personal information we collect from users or our website, located at www.stitchfix.com (the “Site”), our mobile application entitled “Stitch Fix” (the “App”) and the services offered through the Site and App, and any orders that you place (collectively, the “Services”).

QUESTIONS; CONTACTING STITCH FIX; REPORTING VIOLATIONS

If you have any questions, concerns or complaints about our Privacy Policy, our data collection or processing practices, or if you want to report any security violations to us, please contact us at hello@stitchfix.com, or One Montgomery Tower Suite 1500, San Francisco, CA 94104.

Information You Provide to Us.

When you sign up for an account for our Services (an “Account”), you provide us your name, email address, password, and zip code to register with us or connect to the Service via an SNS (defined below). In addition, we collect information as part of your Style Profile, such as your date of birth, as well as sizing, fit and style preference information. If you post a photo to your Account, we will collect that photo.

When you receive a shipment, we record what you keep and what you return.

If you provide us feedback or contact us via e-mail, we will collect your name and e-mail address, as well as any other content included in the e-mail, in order to send you a reply.

When you sign up for the Services or when you order products through the Services, we or our third party payment provider will collect payment, shipping and billing information in order to process the transaction.

When you post content (text, images, photographs, videos, messages, comments or any other kind of content that is not your e-mail address) on our Services, the information contained in your posting will be stored in our servers and other users of the Services will be able to see it, along with any other information that you choose to make public.

We retain information on your behalf, such as messages you send (including the content of the message and the recipient data) using your Account.

When you post messages on public areas of our Services, the information contained in your posting will be stored on our servers and other users will be able to see it.

When you participate in one of our surveys, we may collect additional profile information.

We may collect the unique device id number of the mobile device on which you use the App.

If you participate in a sweepstakes, contest or giveaway on our Services, we may ask you for your e-mail address and/or home number (to notify you if you win or not). We may also ask for first and last names, and sometimes post office addresses to verify your identity. In some situations we may need additional information as a part of the entry process, such as a prize selection choice. These sweepstakes and contests are voluntary.

We may also collect personal information at other points in our Services that state that personal information is being collected.

For online payments, we use the payment services of Braintree (https://www.braintreepayments.com/). We do not process, record or maintain your credit card or bank account information. For more information on how payments are handled, or to understand the data security and privacy afforded such information, please refer to https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Information Collected from Third Party Companies. We may receive information about you from other sources. We may add this information to the information we have already collected from you via our Services in order to improve the Services.

Information Collected from Social Networking Sites. The Services allow users to connect with various social networking sites, such as Pinterest, LinkedIn or Twitter (each a “SNS”). You can sign-in to the Services using your SNS account information. In addition, you can share your SNS information via the Services. By sharing your SNS profile, you are allowing the Services and your stylist to access certain of your SNS information as allowed by you (such as profile information). We may receive information from your SNS profile and that information may be imported to the Services. Our Services allow you to share information via such SNS profiles, such as referral links. You acknowledge and agree that you are solely responsible for your use of SNSs and that it is your responsibility to review the terms of use and privacy policy of the third party provider of such SNSs. We will not be responsible or liable for: (i) the availability or accuracy of such SNSs; (ii) the content, products or services on or availability of such SNSs; or (iii) your use of any such SNSs. You can remove your SNS profile information via your AccountStyle Profile at any time. When you disconnect your SNS account, the SNS public profile data and SNS-provided-email will be deleted from our active databases.

Generally. When you use our Services, some information is automatically collected. For example, when you use our Services, your geographic location, how you use the Services, information about the type of device you use, your mobile network information, your Open Device Identification Number (“ODIN”), date/time stamps for your visit, your unique device identifier (“UDID”), and your browser type, operating system, Internet Protocol (IP) address, and domain name are all collected. This information is generally used to help us deliver the most relevant information to you and administer and improve the Services. In addition, in the event our App crashes on your mobile device, we will receive information about your mobile device model software version and device carrier, which allows us to identify and fix bugs and otherwise improve the performance of our App.

Log Files. As is true of most websites, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamp, and clickstream data. We use this information to maintain and improve the performance of the Services.

Cookies. Like many online services, we use cookies to collect information. “Cookies” are small pieces of information that a website sends to your computer’s hard drive while you are viewing the website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Services. This type of information is collected to make the Services more useful to you and to tailor the experience with us to meet your special interests and needs.

Marketing Companies. We work with a number of marketing companies that assist in marketing our services to you on third party websites. These companies may collect information about online activities conducted on a particular computer, browser or device over time and across third-party websites or online services for the purpose of delivering advertising that is likely to be of greater interest to you. While not a comprehensive list, some of these marketing companies we work with are Conversant, Facebook, Google AdWords, and Kenshoo. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here: http://www.aboutads.info/choices. We also work with affiliate marketing companies, including CJ Affiliate. To better understand how they use your information, please see the privacy policies available on their respective websites.

Analytics Companies. We work with a number of third party analytics companies that collect information anonymously and report website trends without identifying individual visitors. These services allow us to view a variety of reports about how visitors interact with the Services so we can improve our website and understand how people find and navigate it. Currently, we work with the following analytics companies: Optimizely, New Relic, Adjust and Google Analytics. This is not intended to be a comprehensive list and we may stop working with these companies and work with others without notice. You can learn more about how these companies collect, use and share information about you by visiting their websites.

General Use. In general, personal information you submit to us is used either to respond to requests that you make, or to aid us in serving you better. We use your personal information in the following ways:

• to choose and deliver your shipment;
• respond to comments, requests and questions and provide customer service;
• facilitate the creation of and secure your Account on our network;
• identify you as a user in our system;
• provide, process and deliver the Services you request;
• improve the quality of experience when you interact with our Services, including the testing of different page designs to see which performs better;
• send you administrative e-mail notifications, such as security or support and maintenance advisories;
• resolve disputes and/or troubleshoot problems;
• develop and improve marketing and advertising for the Services;
• process and deliver orders;
• respond to your inquiries related to employment opportunities or other requests; and
• send newsletters, surveys, offers, and other promotional materials related to our Services and for other marketing purposes.

We may store and process your personal information in the United States and other countries.

User Feedback. We may post user feedback on the Services from time to time. If you make any comments on a blog, wall or forum associated with the Service, you should be aware that any personal information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these blogs and forums.

Creation of Anonymous Data. We may create anonymous data records from personal information by excluding information (such as your name) that makes the data personally identifiable to you. We use this anonymous data to analyze request and usage patterns so that we may enhance the content of our Services and improve Site and App navigation. We reserve the right to use anonymous data for any purpose and disclose anonymous data to third parties in our sole discretion.

We disclose your personal information as described below and as described elsewhere in this Privacy Policy.

Third Parties Designated by You. When you use the Services, the personal information you provide will be shared with the third parties that you authorize to receive such information.

Third Party Service Providers. We may share your personal information with third party service providers to: provide you with the Services that we offer you through our Services; to conduct quality assurance testing; to facilitate creation of accounts; to provide technical support; and/or to provide other services to Stitch Fix.

Business Partners. In order to facilitate your purchase of items from third party partners, we may disclose certain Personal Information about you when you ask us to do so.

Corporate Restructuring. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of insolvency, bankruptcy, or receivership, personal information may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the personal information collected by us and will assume the rights and obligations regarding your personal information as described in this Privacy Policy.

Other Disclosures. Regardless of any choices you make regarding your Personal information (as described below), Stitch Fix may disclose Personal information if it believes in good faith that such disclosure is necessary: (i) in connection with any legal investigation; (ii) to comply with relevant laws or to respond to subpoenas or warrants served on Stitch Fix; (iii) to protect or defend the rights or property of Stitch Fix or users of the Services; and/or (iv) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Use.

The Services allow you to invite your friends to sign up for the Services by sharing a referral link via an SNS, email or other means.

Our Site or App may contain links to third party websites. When you click on a link to any other website or location, you will leave our Site, App or Services and go to another site, and another entity may collect personal information or anonymous data from you. We have no control over, do not review, and are not responsible for, these outside websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these outside websites or content, or to any collection of your personal information after you click on links to such outside websites. We encourage you to read the privacy policies of every website and App you visit. The links to third party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content or websites.

You have several choices regarding the use of information on our Services:

Choices. We offer you choices regarding the collection, use, and sharing of your personal information. We will periodically send you free newsletters and e-mails that directly promote the use of our Services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving further communications from us and you will have the opportunity to “opt-out” by following the unsubscribe instructions provided in the e-mail you receive or by contacting us directly (please see contact information below). Despite your indicated e-mail preferences, we may send you service related communication, including notices of any updates to our Terms of Use or Privacy Policy.

Cookies. If you decide at any time that you no longer wish to accept cookies from our Services for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. Consult your browser’s technical information. If you do not accept cookies, however, you may not be able to use all portions of the Services or all functionality of the Services. If you have any questions about how to disable or modify cookies, please let us know at the contact information provided below.

Changes to Personal Information. You may change any of your personal information in your Account by editing your profile within your Account. You may request deletion of your personal information by us, but please note that we may be required to keep this information and not delete it (or to keep this information for a certain time, in which case we will comply with your deletion request only after we have fulfilled such requirements). When we delete any information, it will be deleted from the active database, but may remain in our archives. We may retain your information for fraud prevention or similar purposes.

While we and others give you the choices to control the information collected and used as described in this Privacy Policy, there are many web browser signals and other similar mechanisms that can indicate your choice to disable tracking, and we may not be aware of or honor every mechanism.

Information Disclosed to Third Parties. This Privacy Policy addresses only our use and disclosure of information we collect from and/or about you on the Services. If you disclose information to others, or authorize us to do the same under this Privacy Policy, the use and disclosure restrictions contained in this Privacy Policy will not apply to any third party. We do not control the privacy policies of third parties, and you are subject to the privacy policies of those third parties where applicable.

We do not currently respond to “do not track” signals or other mechanisms that might enable consumers to opt out of tracking on our Services.

Our Services are not directed to children under the age of 13 and children under the age of 13 are not eligible to use our Services. We do not collect or maintain personal information from children we actually know are under the age of 13. If a child under 13 submits personal information to us and we learn that the personal information is the personal information of a child under 13, we will take steps to remove the personal information from our databases. If you believe that we might have any personal information from a child under 13, please contact us at hello@stitchfix.com.

If you are a non U.S. user of the Services, by using the Services and/or providing us with information, you acknowledge and agree that your personal information may be processed for the purposes identified in this Privacy Policy. In addition, your personal information may be processed in the country in which it was collected and in other countries, including the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. By providing your information, you consent to such transfer.

We welcome your comments or questions about this Privacy Policy. You may contact us at hello@stitchfix.com.

This Privacy Policy is subject to occasional revision, and if we make any material changes in the way we use your personal information, we will notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on the Services and updating the “Last Updated” date above. Any changes to this Privacy Policy will be effective upon the earlier of thirty (30) calendar days following our dispatch of an e-mail notice to you or thirty (30) calendar days following our posting of notice of the changes on the Services. These changes will be effective immediately for new users of our Service. Please note that at all times you are responsible for updating your personal information to provide us with your most current e-mail address. In the event that the last e-mail address that you have provided us is not valid, or for any reason is not capable of delivering to you the notice described above, our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. If you do not wish to permit changes in our use of your personal information, you must notify us prior to the effective date of the changes that you wish to deactivate your Account with us. Continued use of our Services, following notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes.

Last Updated: May 24, 2016