Privacy Policy

Last updated: 21 May 2026, 21:36 AEST

Sartano is operated by Gloco Group Pty Ltd (ABN 54 696 251 304), an Australian company ("Sartano", "we", "us" or "our"). This Privacy Policy explains how we collect, hold, use and disclose personal information when you use the Sartano mobile app, the sartano.app website, our support channels, email communications, and related services (together, the "Service"). Our postal address for notices is Suite 255, 17 High Street, Berwick VIC 3806, Australia.

We wrote this policy to reflect the way Sartano actually works: account sign-in, AI-assisted fashion discovery, swipe-based recommendations, shopping profiles, affiliate retailer links, optional advertising, campaign attribution and app event measurement, subscriptions, push notifications, performance monitoring, and account deletion.

In short: we collect the information needed to run Sartano, improve recommendations, process subscriptions, diagnose problems, send opted-in notifications and emails, and respond to support requests. We do not sell personal information as personal information. We may create, sell, license, publish, or share aggregated or de-identified insights that do not identify you personally and are protected against re-identification. You can delete your account in the app or request deletion from the website.

Who this policy applies to

This policy applies to:

  • people who use the Sartano app;
  • people who browse sartano.app or read Sartano content;
  • people who contact us for support, privacy, or account help;
  • people who join a waitlist, mailing list, beta, or feedback flow.

Information we collect

Depending on how you use Sartano, we may collect and hold:

  • Account and sign-in information: Firebase user ID, email address, display name if supplied by an authentication provider, sign-in provider, authentication state, and account creation/update timestamps.
  • Guest account information: anonymous Firebase identifiers and the same app activity described below, if you choose to continue as a guest.
  • Shopping profile information: profile names, departments such as women, men, kids or unisex, declared age brackets, occasions, style preferences, size preferences, budgets, and per-profile swipe counts.
  • Search, feed, and AI chat information: search filters, natural-language prompts, AI chat messages, generated shopping intents, saved Looks, pinned Looks, feed-run identifiers, and generated outfit metadata.
  • Product interaction information: swipes, liked and loved products, saved outfits, retailer clicks, cart or checkout actions recorded in the app, product IDs, search IDs, profile IDs, and related metadata such as promoted-placement context.
  • Subscription information: RevenueCat app user ID, active entitlement, subscription tier, expiry/renewal status, purchase/restore events, and subscription lifecycle updates from RevenueCat. We do not receive or store full card numbers.
  • Notifications information: push notification token, platform, notification preferences, and price-drop notification delivery state if you enable these features.
  • Marketing email information: email subscription status, consent source and timestamp, unsubscribe status, campaign keys, personalised recommendation inputs, delivery records, opens, clicks, bounces, and suppression records where collected by our email systems.
  • Device, diagnostics, and performance information: device type, operating system, app version, screen context, crash reports, non-fatal errors, API latency, request status codes, feature timing, approximate region/market including approximate location inferred from IP address or platform/network signals, and analytics events.
  • Advertising and promoted-content information: if ads, affiliate attribution, campaign attribution, or sponsored placements are enabled, Google Mobile Ads/AdMob, TikTok App Events, Meta App Events/Facebook SDK, and other ad networks or partners may process advertising and app event data such as ad placement identifiers, app installs, app launches, selected in-app events, ad load and display events, native/feed ad impressions, promoted impressions, ad interactions, clicks, saves, affiliate click records, campaign identifiers, device identifiers, advertising identifiers where permitted, approximate location inferred from IP address, diagnostics, performance data, and consent or privacy choices, subject to platform consent rules. Display ads and promoted placements may be disabled even though supporting code or infrastructure exists.
  • Website and support information: email address, message content, waitlist submissions, feedback, browser/device information, page views, referrers, and performance data collected by website analytics and speed-insight tools.

Please do not enter sensitive information into Sartano unless it is genuinely needed for the feature you are using. Sartano is a fashion discovery app; it is not designed for health, financial, government ID or other highly sensitive records.

How we collect information

We collect information:

  • directly from you, such as when you sign in, create a profile, type a prompt, contact support, or join a waitlist;
  • automatically from your use of the app, such as swipes, saves, clicks, diagnostics, and performance events;
  • from authentication providers you choose, including Apple, Google, and Firebase Auth;
  • from RevenueCat, Apple, or Google when subscription state changes;
  • from Google Mobile Ads/AdMob, TikTok App Events, Meta App Events/Facebook SDK, ad networks, attribution partners, or promoted-placement partners when ads, app campaigns, or promoted placements are requested, loaded, shown, installed from, measured, or interacted with;
  • from email providers when marketing or service emails are delivered, opened, clicked, bounced, or unsubscribed from;
  • from retailers or affiliate-link systems when you follow product links, to the extent those systems report click or conversion information to us;
  • from service providers that host, monitor, secure, or analyse the Service.

Why we use information

We use personal information to:

  • create, authenticate, and maintain accounts;
  • provide fashion feeds, product recommendations, AI chat, shopping profiles, saved Looks, and outfit generation;
  • learn from swipes, saves, clicks, and preferences so recommendations become more relevant;
  • remember loved items, purchased/checkout state, notification choices, and account settings;
  • process and verify Sartano+ subscriptions, restore purchases, and manage entitlements;
  • send service messages, password reset emails, support replies, opted-in price-drop notifications, and opted-in personalised weekly product or style emails;
  • show, measure, frequency-cap, and improve ads or promoted placements if these features are enabled;
  • detect, investigate, and fix crashes, outages, latency, abuse, fraud, security issues, and policy violations;
  • measure aggregate product performance and improve the Service;
  • create, use, publish, sell, license, or share aggregated or de-identified insights about shopping trends, product interest, price sensitivity, style preferences, retailer/category performance, and Service usage;
  • comply with legal obligations and enforce our Terms and Conditions.

AI and personalisation

Sartano uses automated systems to parse shopping requests, rank products, build taste vectors from swipes and events, and generate outfit recommendations. These systems affect what products and outfits you see in the app. They do not make decisions about your legal rights, employment, credit, housing, healthcare, insurance, or other similarly significant matters.

In the current app architecture, AI chat prompts and related context are sent from the app to Sartano's backend, not directly from the app to a consumer AI app. Our backend may send your prompt, current search intent, available product facets, shopping profile context, and preference signals to AI infrastructure providers, including Google Cloud Vertex AI or Gemini, to parse requests, generate responses, rank products, enrich product data, or build outfits.

AI outputs can be incomplete or wrong. We use prompts, preferences and interaction history to provide the feature you asked for and to improve reliability, quality and safety. Do not enter sensitive personal information, confidential information, or personal information about another person unless it is lawful and necessary for the feature.

Aggregated and de-identified insights

We may combine, aggregate, de-identify, or anonymise information from the Service to understand shopping trends, product demand, style preferences, price sensitivity, retailer/category performance, geographic or demographic patterns, and how Sartano is used. We may use, publish, sell, license, commercialise, or share these insights with designers, retailers, brands, partners, investors, researchers, or other third parties.

These insights are not personal information when they have been de-identified or aggregated so that you are not reasonably identifiable. They will not include your name, email address, raw account ID, individual AI chat content, or individual-level shopping profile. We take reasonable steps to reduce re-identification risk, apply minimum-threshold and aggregation controls where appropriate, and prohibit recipients from using those insights to try to re-identify individuals.

Subscriptions and payments

Sartano+ subscriptions are processed through Apple App Store or Google Play billing, with RevenueCat used to manage entitlements and purchase state. Apple, Google and RevenueCat may process transaction records, app user identifiers, receipt files, purchase tokens, entitlement status, device/technical information, and related diagnostics. Sartano receives subscription status and entitlement data, not your full card details.

Deleting your Sartano account does not cancel an App Store or Google Play subscription. You must cancel subscriptions through your Apple ID or Google account subscription settings. When account deletion is requested, our backend also makes a best-effort request to delete or disassociate the RevenueCat subscriber record linked to your Sartano user ID.

Advertising, affiliate links, and promoted placements

Sartano may show affiliate product links, retailer links, sponsored placements, and, if enabled, third-party advertising such as Google Mobile Ads/AdMob native feed ads or other ad formats. We may record impressions, clicks, saves, shop-now actions, ad load/display events, placement identifiers, campaign identifiers, app install and app launch signals, ad interaction events, and product metadata so we can operate, measure, bill, frequency-cap and improve these experiences.

Google Mobile Ads/AdMob, TikTok App Events, Meta App Events/Facebook SDK, and similar partners may process advertising data, device identifiers, advertising identifiers where permitted, approximate location inferred from IP address, diagnostics, performance data, app install and in-app event signals, ad impressions, ad interactions, and consent or privacy choices to deliver, limit, measure, secure, attribute, and improve ads and app campaigns.

For app event attribution, we may send selected non-sensitive events such as registration, onboarding completion, first swipe, product views, saves, retailer click-outs, searches performed, and filter use to TikTok and Meta. We do not intentionally send raw search text, email addresses, names, phone numbers, AI chat messages, or other directly identifying content in those app event payloads unless we update this policy and have a lawful basis to do so.

As at the date of this policy, the mobile app includes advertising SDK and promoted-placement infrastructure, as well as TikTok and Meta app event attribution SDKs for install and campaign measurement. Display ads and promoted inventory may be switched off by feature flag or have no active campaigns. Affiliate redirect and click-tracking infrastructure may exist before commercial affiliate partnerships are active. We describe these planned or partially enabled features here so users know how data may be handled when they are enabled.

If a platform requires consent for advertising identifiers, tracking, or personalised advertising, we will ask for that consent through the app or platform prompt before using those signals for that purpose, including Apple App Tracking Transparency prompts and Google/AdMob consent or privacy choices where applicable. You can also use the privacy controls provided by iOS, Android, Apple, Google, AdMob, TikTok, Meta, and your browser.

We do not currently sell your personal information for money. If we later enable advertising, analytics, or partner integrations that count as a "sale", "sharing", targeted advertising disclosure, or similar concept under a privacy law that applies to you, we will provide any required notice, consent, and opt-out controls before using your information for that purpose.

When we share information

We share information only where needed for the Service, including with:

  • Google Firebase and Google Cloud, including Vertex AI/Gemini where relevant, for authentication, hosting, Cloud SQL, analytics, performance monitoring, crash reporting, push notifications, backend infrastructure, AI processing and security;
  • RevenueCat for subscription entitlements, purchase state, paywalls, restores, customer centre, and subscription lifecycle events;
  • Apple and Google for app distribution, in-app purchases, authentication, subscriptions, refunds, reviews, and platform compliance;
  • Vercel for website hosting, analytics, and speed insights;
  • Tally or similar form providers if we embed forms or feedback flows on the website;
  • retailers, affiliate networks, Google Mobile Ads/AdMob, TikTok App Events, Meta App Events/Facebook SDK, ad networks, attribution partners, or promoted-placement partners when you install the app from a campaign or interact with links, ads, sponsored placements, or checkout flows;
  • retailers, brands, partners, or other third parties where we share aggregated or de-identified insights that are not intended to identify you personally;
  • email, form, support, logging, security, marketing automation, and operational providers that help us run Sartano;
  • professional advisers, insurers, regulators, courts, law enforcement, or counterparties where required or permitted by law;
  • a buyer, investor, successor, or adviser if we restructure, sell, merge, finance, or transfer all or part of our business, subject to appropriate confidentiality and legal safeguards.

We require service providers to handle personal information only for permitted purposes and with appropriate security and confidentiality measures.

Overseas disclosure and storage

Sartano is operated from Australia, but our service providers may process or store information in other countries, including the United States, Australia, New Zealand, the United Kingdom, Canada, the European Economic Area, and regions where Google, Firebase, Vercel, Tally, RevenueCat, Apple, Google Play, TikTok, Meta, email providers, ad networks, affiliate networks, and infrastructure providers operate. We take reasonable steps to use providers with appropriate privacy, security, confidentiality, and cross-border transfer controls.

If you are in a jurisdiction with specific international transfer rules, such as the UK or EEA, we rely on appropriate safeguards or permitted transfer mechanisms where required, such as adequacy decisions, standard contractual clauses, equivalent contractual terms, consent, or necessity for providing the Service.

Security

We use technical and organisational measures designed to protect personal information, including authenticated API access, Firebase ID tokens, transport encryption, managed cloud infrastructure, access controls, logging, monitoring, and database-level deletion/cascade rules. Some local app data is stored on-device for performance and user experience. No internet service can be guaranteed to be perfectly secure, but security issues are treated seriously.

If we become aware of a data breach that is likely to result in serious harm and the Notifiable Data Breaches scheme or another applicable breach-notification law requires notification, we will assess the incident and notify affected individuals and regulators as required.

Retention

We keep personal information only for as long as reasonably needed for the purposes in this policy, unless a longer period is required or permitted by law. In general:

  • active account, profile, search, swipe, event, saved item, saved outfit, subscription mirror, and notification-token data is retained while your account is active;
  • support messages and privacy requests are retained as needed to handle the matter and keep reasonable records;
  • marketing consent, unsubscribe, suppression, and email delivery records are retained as needed to honour opt-outs, prove consent, manage campaigns, and comply with law;
  • transaction, tax, refund, dispute, fraud-prevention, and compliance records may be retained for up to seven years, or longer if legally required;
  • crash, diagnostic, security, and operational logs are retained for limited operational periods unless needed to investigate an issue;
  • backups may contain residual copies until they rotate out of the backup lifecycle;
  • aggregated or de-identified analytics and insights may be retained indefinitely where they no longer identify you.

Account deletion

You can delete your account inside the Sartano app from Profile > Delete account, or request deletion from sartano.app/delete-account. You can also email hello@sartano.app.

In-app deletion removes the Cloud SQL user record and cascades to associated searches, swipes, events, saved Looks, shopping profiles, push tokens, and related backend data. The app also clears user-scoped local data such as loved products, liked products, swipe counts, and onboarding state. The backend attempts to delete or disassociate the Firebase Auth user and RevenueCat subscriber record.

Some information may remain where required for legal, tax, dispute, security, fraud-prevention, backup, or platform reasons, and some de-identified or aggregated analytics and insights may remain because they no longer identify you.

Access, correction, and privacy requests

You may request access to, correction of, or deletion of personal information we hold about you. Depending on where you live, you may also have rights to object to or restrict processing, withdraw consent, request portability, opt out of targeted advertising or sale/sharing of personal information, appeal a refusal, or complain to a privacy regulator. Contact us at hello@sartano.app. We may need to verify your identity before acting on a request. We will respond within a reasonable time and, where the Australian Privacy Principles apply, generally within 30 days.

For users in the UK or EEA, our usual legal bases are contract necessity to provide account and subscription features; consent for optional marketing, certain cookies or tracking, and some notifications; legitimate interests for security, diagnostics, analytics, product improvement, fraud prevention, and aggregated or de-identified insights; and legal obligation where we must keep records or respond to lawful requests.

Marketing communications

If you join a waitlist, mailing list, beta, promotional campaign, or opt in during sign-up or policy acceptance, we may email you about Sartano. This may include personalised weekly product picks, style tips, product updates, offers, and early access based on your preferences, shopping profiles, swipes, saves, clicks, budgets, and other recommendation signals.

We keep records of marketing consent and unsubscribe status. Every commercial email we send should identify Sartano or Gloco Group Pty Ltd as the sender and include an unsubscribe method. You can opt out using any unsubscribe link we provide or by emailing us. We do not use your app account email for third-party marketing campaigns unless you have consented or the law otherwise permits it.

Children

Sartano is not directed to children under 16, and users under 16 must not use the Service. Shopping profiles may include broad age brackets or department choices such as kids, but those are shopping-context preferences, not child accounts. Do not submit a child's contact details or other personal information unless you are authorised to do so and it is genuinely needed for the feature.

Third-party websites and retailers

Sartano links to retailer, affiliate, App Store, Google Play, support, and other third-party websites or services. Once you leave Sartano, those third parties control their own collection, use, pricing, fulfilment, returns, payment, cookies, and privacy practices. Review their policies before giving them information or making a purchase.

Complaints

If you have a privacy concern, contact us first at hello@sartano.app and include enough detail for us to investigate. We aim to respond within 30 days. If you are not satisfied with our response and the Australian Privacy Act applies, you may contact the Office of the Australian Information Commissioner at oaic.gov.au.

Changes to this policy

We may update this policy as Sartano changes. The updated version will be posted on this page with a new "Last updated" date. If a change is material, we will take reasonable steps to tell users, such as through the app, website, or email where appropriate.

Contact

Privacy contact: Gloco Group Pty Ltd (ABN 54 696 251 304), hello@sartano.app

Support page: sartano.app/support

Postal address for notices: Suite 255, 17 High Street, Berwick VIC 3806, Australia.