tuck

Privacy Policy

Effective Date: January 26, 2026

Last Updated: January 26, 2026

Xapien Innovatus Private Limited ("Company," "we," "us," or "our"), operating under the brand name Tuck, is committed to protecting your privacy. We act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act) regarding the processing of your personal data.

1. Corporate Information

  • Legal Entity: Xapien Innovatus Private Limited
  • Corporate Identity Number (CIN): U62090KL2025PTC092495
  • Jurisdiction: India (Kerala)

2. Scope & Consent

By using the Tuck Magic Mirror, Website (tucknow.com), or API services, you act as the Data Principal and explicitly consent to the collection and processing of your personal and sensitive data for the specific purposes outlined below.

  • Consent Manager: For users under 18, consent must be provided by a lawful guardian.
  • Withdrawal of Consent: You may withdraw consent at any time by contacting our Grievance Officer, subject to the deletion protocols in Section 5.

3. Collection of Data

We collect specific data points to facilitate the Virtual Try-On (VTON) and Fit Intelligence experience across our channels:

A. Types of Data Processed (including SPDI)

  • Biometric Data: Raw full-body photographs, facial geometry points, body mesh vectors, and skin tone analysis.
  • Health & Physical Data: Self-declared height, gender, and AI-derived body measurements (e.g., chest, waist, hip, inseam).
  • Usage Data: Garment preferences, try-on history, and size selection.

B. Collection Channels

  • In-Store Kiosk: We capture your full-body image and inputs (Height/Gender) to generate the VTON session.
  • Online Widget: We process images you voluntarily upload or capture via your device camera.
  • Tuck Vault (Optional): If you opt-in, we associate your biometric profile with a unique Tuck ID or mobile number to facilitate one-click logins in the future.

4. Purpose of Processing

We process this data strictly for:

  • Virtual Try-On (VTON): Generating the visual simulation of garments on your body.
  • Fit Intelligence: Analyzing your body metrics to provide size recommendations ("See Your Fit" heatmaps).
  • Authentication: Verifying your identity for "Tuck Vault" access (if opted-in).
  • No AI Training: We do NOT currently use your personally identifiable biometric data or raw photos to re-train or fine-tune our proprietary AI models. Your data is isolated to your specific session. We reserve the right to update this policy in the future with prior notice.

5. Data Retention & Deletion

  • Guest Users: Biometric data is stored in temporary cache memory and is automatically purged within 24 hours of session completion.
  • Tuck Vault Users: Data is retained to facilitate seamless future logins.
  • The "Sunset" Clause: If a Tuck Vault account remains inactive for a continuous period of two (2) years, all associated biometric and personal data is permanently deleted from our servers.
  • Deletion Request: You may request the immediate deletion of your data at any time by contacting us.

6. Sharing of Information

  • Processors: We share data with trusted cloud infrastructure providers (e.g., AWS, GCP) who act as Data Processors. They are contractually bound to process data only on our instructions and maintain security standards equivalent to ours.
  • Law Enforcement: We may disclose data if required by an order under Indian law or by a competent court.
  • No Sale of Data: We do not sell your personal or biometric information to third parties.

7. International Data Transfers (Global Users)

Xapien Innovatus Private Limited is based in India. By using the Platform, you acknowledge that your data will be transferred to, stored, and processed in India or on global cloud servers.

  • For European (EEA/UK) Users: We transfer data based on Standard Contractual Clauses (SCCs) or specific consent derogations under Article 49(1)(a) of the GDPR. By using the service, you explicitly consent to this transfer necessary for the performance of the VTON service.
  • Security: We apply industry-standard encryption (TLS 1.3 in transit, AES-256 at rest) regardless of processing location.

8. Rights of the Data Principal (Regional Rights)

  • India (DPDP Act): Right to Access, Correction, Erasure, and Grievance Redressal.
  • Europe (GDPR): Right to Withdraw Consent, Right to Data Portability, Right to lodge a complaint with a DPA.
  • USA (California - CCPA): Right to Know, Right to Delete, Right to Non-Discrimination.

9. Grievance Officer

In compliance with the IT Rules, 2011 and DPDP Act, 2023, please address privacy grievances to:

  • Designation: The Grievance Officer
  • Company: Xapien Innovatus Private Limited
  • Email: info@xapien.in
  • Phone: +91 8136926111