Privacy Policy

Last updated: May 8, 2026

This Privacy Policy describes how Feetlot ("we", "us", or "our") collects, uses, and protects information when you use the Feetlot mobile application for iOS (the "App") and the feetlot.com website (together, the "Service"). By using the Service, you agree to the practices described below.

1. Information we collect

We collect only the information needed to operate the Service:

• Account data. When you sign in, we store your email address and, if you use Sign in with Apple, the anonymous identifier Apple provides. We never receive or store your Apple ID password.
• Sign-in tokens. Short-lived one-time codes (PINs) and authentication tokens are generated to log you into the App. These are tied to your account and expire automatically.
• Wardrobe and fit data. The shoes you add to your wardrobe, the sizes you own, your fit verdicts (true to size / small / large), favorites, and shoe requests you submit. This is the core data the App is built around.
• Technical data. Standard server logs (IP address, user agent, timestamps, request paths) are kept temporarily for security and debugging. They are not used to build advertising profiles.

We do not collect your precise location, contacts, photos, microphone input, health data, or payment information. We do not use third-party advertising or analytics SDKs that track you across other apps and websites.

2. How we use the information

• To create and authenticate your account.
• To save your wardrobe and remember your preferences across devices.
• To compute size recommendations. Your individual fit verdicts are aggregated together with verdicts from other Feetlot users to estimate the true size of each shoe model. Aggregated results are anonymous and cannot be used to identify you.
• To send transactional email (sign-in codes, account notices). We do not send marketing email.
• To prevent abuse, fraud, and to comply with legal obligations.

3. Sharing with third parties

We share data only with infrastructure providers strictly required to run the Service:

• Amazon Web Services (US-East-1) — hosting, database, and image storage.
• Amazon SES — delivery of transactional emails (e.g. sign-in codes).
• Apple — Sign in with Apple authentication (only when you choose this method).
• Cloudflare — DNS and content delivery for feetlot.com.

We do not sell, rent, or trade your personal information. We do not share your data for targeted advertising.

4. Data retention

Account data is retained as long as your account is active. Server logs are retained for up to 90 days. When you delete your account (see Section 6), your email, wardrobe, favorites, fit verdicts, and authentication tokens are removed within 30 days. Aggregated, anonymized sizing statistics derived from your verdicts may persist indefinitely as part of the Feetlot dataset, since they are no longer linked to you.

5. Security

All traffic to and from the Service is encrypted in transit via TLS. Passwords are not used — authentication is handled via single-use email codes or Sign in with Apple, which avoids password reuse risk. Access to production systems is limited to authorized personnel.

6. Your rights and choices

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data (e.g. by updating your wardrobe in the App).
• Delete your account. You can delete your account directly inside the App from the profile screen. You can also request deletion by emailing [email protected].
• Export your data in a portable format on request.
• Withdraw consent at any time by deleting your account.

Residents of the European Economic Area, the United Kingdom, and California have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to object to processing and the right not to be discriminated against for exercising privacy rights. To exercise any of these rights, contact us at the email address below.

7. Children's privacy

Feetlot is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

8. International users

Our servers are located in the United States. By using the Service from outside the United States, you understand that your data will be transferred to and processed in the United States, which may have different data protection laws than your country of residence.

9. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated via the App or by email to your account address.

10. Contact

Questions or requests about this Privacy Policy can be sent to [email protected].