DOUBL|Privacy Policy

DOUBL Manufacturing Ltd

Privacy Policy

Last Updated: February 2026

Introduction

DOUBL Manufacturing Ltd (“we,” “us,” or “DOUBL”) is the developer and operator of the DOUBL app (the “App”), a 3D body scanning and fit technology platform. We are committed to protecting your personal information and being transparent about how we collect, use, and disclose it.

This Privacy Policy (this “Policy”) applies to your use of the DOUBL app and any related websites, products, or services that link to this Policy (collectively, the “Services”).

We are subject to Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Where our Services are used by residents of the United States, this Policy also addresses applicable U.S. state privacy laws, including the California Consumer Privacy Act (CCPA) as amended by the CPRA. As we expand into the European Economic Area (EEA), we are also committed to compliance with the General Data Protection Regulation (GDPR).

Our Role: Controller and Processor

Depending on the context in which your personal information is collected, DOUBL may act in different capacities:

As a Controller: When you interact directly with the DOUBL App — for example, by creating an account, undergoing a body scan, or contacting us — DOUBL determines the purposes and means of processing your personal information and is acting as the “controller” (or “organization responsible for personal information” under PIPEDA).

As a Processor: DOUBL also provides its technology to business customers (“Customers”) such as retailers, fitness studios, and other organizations. When a Customer uses our technology to collect or process your personal information on their behalf, that Customer is the controller and DOUBL acts as the processor. In these cases, you should review that Customer's privacy policy to understand how your information is used. If you wish to exercise your privacy rights in connection with information collected by a Customer, please contact that Customer directly.

Where both DOUBL and a Customer have collected your information, both may be acting as controllers, and this Policy governs DOUBL's use of that information.

What Personal Information We Collect

Depending on how you use our Services, we may collect the following types of personal information:

  • Identity and contact information: name, email address, phone number, date of birth, and gender.
  • Body and biometric data: 3D body scan data, body measurements, shape and contour data generated through infrared sensors, photographs, or other scanning technologies ("body data"). This is sensitive personal information and is treated accordingly.
  • Health and physical characteristics: height, weight, body composition, and related fitness data.
  • Account information: username, password, and preferences.
  • Transaction and commercial information: records of products or services purchased or requested through the App.
  • Technical and usage data: IP address, device identifiers, browser or operating system information, pages visited, and interactions with our Services, collected through cookies and similar technologies.
  • Inferences: clothing size estimates, fit recommendations, and other inferences derived from your body data.

If you provide us with personal information about another individual, you confirm that you have the authority to do so and that the individual has consented to the disclosure.

How We Collect Personal Information

We collect personal information:

  • Directly from you, when you register for an account, use the App, complete a body scan, contact our support team, or communicate with us.
  • From our Customers, when a Customer uses our technology in connection with a service they are providing to you.
  • Automatically, through cookies, pixel tags, web beacons, and analytics tools such as Google Analytics, when you use our Services.

Why We Collect and Use Personal Information

We collect and use your personal information only for the purposes for which it was gathered or for a consistent purpose, including:

  • Providing the Services: processing your body scan, generating fit and size recommendations, and delivering results to you or to a Customer at your direction.
  • Account management: creating and managing your account and verifying your identity.
  • Customer support: responding to your inquiries and troubleshooting issues.
  • Product and service improvement: developing, testing, and improving the App and related technologies, including training and refining our 3D body scanning and fit models. Where your data is used for model improvement, it is handled securely and your individual personal information is never sold or disclosed to third parties for this purpose. We may use de-identified or aggregated data derived from your information to improve the accuracy and performance of our models.
  • Marketing communications: sending you information about our Services or those of our partners, where you have consented or where permitted by law. You may withdraw consent to marketing at any time (see "Your Choices" below).
  • Legal compliance and security: meeting our legal obligations, preventing fraud, enforcing our terms of use, and protecting the rights and safety of our users and DOUBL.
  • Business transactions: in connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality obligations.

We will not use your personal information for a purpose that is materially different from those described above without first obtaining your consent or as otherwise permitted by law.

Legal Basis for Processing (GDPR — EEA Users)

For users in the European Economic Area, our legal bases for processing your personal information include:

  • Performance of a contract: to provide the Services you have requested.
  • Consent: for body data, biometric information, and direct marketing. You may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Legitimate interests: for fraud prevention, security, and improving our Services, where these interests are not overridden by your rights.
  • Legal obligation: where processing is required to comply with applicable law.

How We Share Your Personal Information

We do not sell your personal information. We share personal information only in the following circumstances:

  • With Customers: We may share body data and other personal information with a Customer where you have a relationship with that Customer and have directed us to do so, or as required to fulfill our contractual obligations to that Customer. Unless you specifically instruct otherwise, photographs from the App will not be shared with Customers.
  • With service providers: We engage trusted third parties to help us operate the App (e.g., cloud hosting, analytics, customer support). These parties are authorized to use your information only as necessary to perform services for us and are bound by confidentiality obligations.
  • For legal or safety reasons: We may disclose personal information in response to a lawful request by public authorities, court order, or applicable law, or where necessary to protect the rights, property, or safety of DOUBL, our users, or others.
  • In a business transaction: If DOUBL is acquired by or merges with another company, your personal information may be transferred as part of that transaction. We will provide reasonable notice before your information is subject to a materially different privacy policy.
  • With affiliates and development partners: for the purpose of improving and developing our Services, under obligations no less protective than this Policy.
  • Aggregated or de-identified data: We may share statistical or aggregated data that has been stripped of all identifying information and cannot reasonably be used to identify you, for general business, research, and development purposes. We will never sell or share your personal information — data that could identify you as an individual — with any third party for commercial purposes.

Cookies and Tracking Technologies

We use cookies and similar technologies to manage user sessions, personalize content, and analyze use of our Services. You may configure your browser to refuse cookies, though this may affect certain features of the App. We do not currently recognize or respond to browser-initiated “Do Not Track” (DNT) signals.

Retention of Personal Information

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, or as otherwise permitted by law. Body data and biometric information are retained only for the period necessary to deliver the applicable Services, after which they are deleted or de-identified unless you consent to longer retention or we are required by law to retain them.

Your Choices

  • Marketing: You may opt out of receiving marketing communications from us at any time by following the unsubscribe instructions in our emails or by contacting us directly.
  • Account data: You may update or correct your account information through the App settings.
  • Cookies: You may adjust your browser settings to limit or disable cookies.

Your Privacy Rights

Subject to applicable law, you may have the following rights regarding your personal information:

All users (PIPEDA):

  • The right to access the personal information we hold about you.
  • The right to correct inaccurate or incomplete personal information.
  • The right to withdraw consent to the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions and reasonable notice).
  • The right to challenge our compliance with PIPEDA and to file a complaint with the Office of the Privacy Commissioner of Canada.

California residents (CCPA/CPRA):

  • The right to know what personal information we have collected, used, disclosed, or sold about you.
  • The right to delete your personal information, subject to certain exceptions.
  • The right to correct inaccurate personal information.
  • The right to opt out of the sale or sharing of personal information (we do not sell personal information).
  • The right not to receive discriminatory treatment for exercising your privacy rights.

EEA residents (GDPR):

  • The right of access, rectification, and erasure ("right to be forgotten").
  • The right to restrict or object to processing.
  • The right to data portability.
  • The right not to be subject to automated decision-making that produces legal effects.
  • The right to withdraw consent at any time.
  • The right to lodge a complaint with your local data protection supervisory authority.

To exercise any of these rights, please contact us using the details in the “Contact Us” section below. We will respond within the timeframes required by applicable law (generally 30 days, or up to 60 days where permitted with notice).

Notice to Quebec Residents (Law 25)

Quebec's Act respecting the protection of personal information in the private sector, as modernized by Bill 64 (commonly referred to as “Law 25”), provides additional privacy rights and obligations that apply to Quebec residents.

Privacy Officer: DOUBL has designated a person responsible for the protection of personal information. That individual can be reached using the contact details in the “Contact Us” section below.

Privacy Impact Assessments (PIAs): Where we communicate personal information outside of Quebec, or implement a new technology that presents a risk to privacy, we conduct a privacy impact assessment and take measures to mitigate identified risks before proceeding.

Automated Decision-Making: If we use your personal information to make a decision based exclusively on automated processing that produces legal or significant effects on you, we will inform you of this, and you have the right to request that a person review that decision.

Confidentiality Incidents: In the event of a confidentiality incident (i.e., unauthorized access, use, or disclosure of your personal information) that presents a risk of serious injury, we will notify the Commission d'accès à l'information du Québec (CAI) and affected individuals as required by law.

Additional Rights for Quebec Residents:

  • The right to be informed of the existence of any personal information we hold about you and to access it.
  • The right to have inaccurate, incomplete, or ambiguous personal information corrected.
  • The right to have personal information collected without legal authority, or no longer necessary for its original purpose, deleted.
  • The right to data portability — to receive personal information you have provided to us in a structured, commonly used technological format.
  • The right to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

To exercise your rights under Law 25 or to file a complaint, you may contact us directly or reach the Commission d'accès à l'information du Québec (CAI) at www.cai.gouv.qc.ca.

International Data Transfers

Your personal information may be transferred to and processed in countries other than Canada, including the United States. We take steps to ensure that such transfers are made in accordance with applicable law and that your information receives an adequate level of protection. For transfers from the EEA, we rely on appropriate safeguards such as standard contractual clauses.

Security

We implement reasonable technical, administrative, and physical safeguards to protect your personal information against unauthorized access, use, disclosure, or alteration. All employees with access to personal information receive appropriate privacy and security training. However, no method of transmission or storage is completely secure, and we encourage you to take steps to protect your own information (such as using a strong password and keeping your login credentials confidential).

Children's Privacy

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from anyone under 16. If we become aware that we have collected personal information from a child under 16 without appropriate consent, we will promptly delete that information. If you believe we have inadvertently collected such information, please contact us immediately.

Changes to This Policy

We may update this Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the “Last Updated” date at the top of this Policy. We encourage you to review this Policy periodically. Where changes are material, we will provide more prominent notice, such as an in-app notification.

Contact Us

If you have any questions, concerns, or complaints about this Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us at:

DOUBL Manufacturing Ltd c/o Osler, Hoskin & Harcourt LLP First Canadian Place 100 King St W #6200 Toronto, ON M5X 1B8

Email: support@doubl.ca Phone: 416-362-2111

For Canadian users, you also have the right to contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca if you are unsatisfied with our response.