Doris - Return to home
Join waitlist
iOS App
Android App soon
Privacy PolicyTerms of UseContact
Doris - Return to home
Join waitlist

Privacy and Personal Data Protection - Doris App

Last update: January 2026 - Version 8

Introduction

This Privacy and Personal Data Protection Policy (“Policy”) describes how Doris.Mobi collects, uses, stores, and protects Users’ Personal Data. We also explain Your rights regarding this data and how You can exercise them.

Our commitment is to ensure transparency and security in the processing of Your information, in accordance with applicable data protection laws, such as the Brazilian General Data Protection Law (LGPD) and the General Data Protection Regulation (GDPR).

1. Meaning of terms used in this policy

Government Authority: Any government, governmental entity, regulatory agency, public prosecutor, tax authority (including, without limitation, the Brazilian Federal Revenue Service and state and municipal tax authorities), commission, board, council, stock exchange, and any court, arbitral tribunal, or judge, domestic or foreign, with jurisdiction over Doris.Mobi and/or Users. Includes, but is not limited to, the Brazilian National Data Protection Authority (ANPD) and supervisory authorities under GDPR in the European Economic Area (EEA), such as the European Data Protection Board (EDPB).

Database: A structured set of Personal Data, stored physically and/or electronically, generated from activities carried out by Users through Doris.Mobi services.

Consent: A free, informed, unequivocal, and specific manifestation by the data subject, expressed through a clear affirmative action, agreeing to the processing of their Personal Data. Consent may be revoked at any time without affecting the legality of prior processing.

Controller: The natural or legal person, public or private, responsible for decisions regarding the Processing of Personal Data. Doris.Mobi acts as the Controller and is responsible for decisions related to Users’ Personal Data.

Anonymized Data: Any data relating to a data subject that cannot be identified, considering reasonable and available technical means at the time of processing.

Personal Data: Any information relating to an identified or identifiable natural person, directly or indirectly, including identifiers such as numbers, images, location data, electronic identifiers, IP addresses, or any data that, alone or combined, allows behavioral profiling.

Sensitive Personal Data: Any Personal Data concerning racial or ethnic origin, religious belief, political opinion, union membership, health or sexual life, genetic or biometric data linked to a natural person.

Doris.Mobi: Refers to DORIS.MOBI TECNOLOGIA S.A., headquartered in São Paulo, Brazil, at Avenida Brigadeiro Faria Lima, nº 2.092, 10th floor, rooms E102 and E104, Jardim Paulistano, ZIP 01451-905, registered under CNPJ nº 19.782.186/0001-06.

DPO – Data Protection Officer: Doris.Mobi’s representative responsible for communication between Doris.Mobi, data subjects, and the National Data Protection Authority.

Deletion: Removal of Personal Data or sets of Personal Data stored in a Database, regardless of the procedure used.

GDPR: General Data Protection Regulation, which governs data processing within the EU and EEA.

Applicable Law: Any law, code, decree, regulation, rule, or judicial/administrative decision from a Government Authority, including LGPD and GDPR.

LGPD: Brazilian Law nº 13.709/2018 and its regulations.

International Data Transfer: Transfer of Personal Data from the Controller’s territory to a foreign country or international organization.

Processing: Any operation performed on Personal Data, including collection, storage, sharing, modification, and deletion.

User: Any natural person who uses or registers on Doris.Mobi.

You: The natural person agreeing to this Policy, who must have legal capacity, provide accurate information, and comply with Applicable Law.

2. How do we process your data?

Doris.Mobi processes Your Personal Data through technological solutions aimed at transforming the fashion experience by integrating online and physical environments using artificial intelligence and hyper-personalization.

Our tools analyze images and information provided to recommend clothing combinations (looks), simulate visuals of the user wearing suggested items, suggest ideal sizes, and indicate where to purchase these items.

3. What data do we collect?

The data collected varies according to the functionality used and may include:

●    Identification Data: Name, email, phone, age, weight, height, image, and gender;
●    Geolocation Data: Approximate latitude and longitude;
●    Browsing Data: IP address, device model and brand, operating system, and usage preferences;
●    Fashion Preferences: Styles, patterns, colors, preferred and disliked fits;
●    Other Data: Additional information may be requested depending on the service, respecting legal bases.

4. What is the lega basis for processing?

We process Personal Data based on specific legal grounds, as established by Applicable Law:
●    Contract execution: when processing is necessary to provide our services to You;
●    Compliance with legal obligations: to meet regulatory, tax, or legal requirements.
●    Legitimate interest: to improve our services, always ensuring that Your rights and freedoms are respected;
●    Consent: when necessary, we will request Your explicit authorization to process your data;

5. With whom do we share Your data?

To ensure the quality and efficiency of our services, we may share Your Personal Data under the following circumstances:

●    Service providers: Companies that assist us in providing services (e.g., cloud storage, technical support);
●    Business partners: When necessary for the execution of contracted services;
●    Regulatory authorities: When required by law, upon valid legal request.

6. How long do we retin Your Personal Data?

The retention period varies according to the purpose of processing and the service used. In general, Personal Data is stored for as long as necessary to fulfill the stated purposes, unless there is a legal requirement for longer retention periods. For specific information, please refer to the annexes of this policy.

7. What are Your rights?

Under LGPD and GDPR, you, as the holder of Your Personal Data, have the following rights:

●    Confirmation and access: You may request confirmation of the existence of processing of Your Personal Data and access Your personal information processed by Doris.Mobi;
●    Correction: If Your Personal Data is incomplete, outdated, or incorrect, You may request its rectification;
●    Anonymization, blocking, or deletion: You may request anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed Personal Data;
●    Data deletion: You may request the deletion of Your Personal Data processed based on Consent, except when retention is required to comply with Applicable Law;
●    Portability: When applicable, You may request the transfer of Your Personal Data to another service or product provider;
●    Information about sharing: You have the right to know which public or private entities we share Your Personal Data with;
●    Withdrawal of consent: If You have given Your Consent for Personal Data processing, You may withdraw it at any time, without affecting the legality of processing prior to withdrawal;
●    Objection to processing: You may contest the processing of Your Personal Data if it is not being carried out in accordance with Applicable Law;
●    Review of automated decisions: You have the right to request a review of decisions made solely based on automated processing of Your Personal Data that affect Your interests;

8. How to exercise Your rights?

o exercise any of these rights or clarify doubts, contact us through our Privacy Portal. Our team is available to handle your request within the timeframes established by Applicable Law. Privacy Portal.Our team is available to handle your request within the timeframes established by Applicable Law.

9. How do we process Personal Data of children and adolescents?

Doris.Mobi respects and protects the privacy of children and adolescents, ensuring that the processing of their Personal Data occurs responsibly and in accordance with Applicable Law.

For the use of services provided by Doris.Mobi, Personal Data of individuals under 18 (eighteen) years will only be accepted if provided by their legal representatives. The use of Doris.Mobi services is exclusively for individuals who have the legal capacity to agree to the Terms of Use and this Policy.

10. Use of cookies and tracking technologies

Doris.Mobi uses cookies or similar technologies to enhance Your experience in our environments. When accessing our website, a cookie banner is displayed on the first visit and reappears periodically (according to the internally defined interval). During this period, the User may review and change their Consent preferences, maintaining control over the Personal Data they wish to share.

You can also configure your browser to refuse or delete cookies, according to the available settings.Disabling cookies may impact your experience regarding the functionalities of our website. We recommend enabling cookies for a complete experience in our environments.

11. How do we protect Your Personal Data?

Doris.Mobi adopts strict measures to ensure the security of Your Personal Data, protecting it against unauthorized access, loss, improper alterations, or any inadequate processing, as required by LGPD and GDPR.

We implement technical and administrative controls to ensure the integrity and confidentiality of Personal Data, including:

●    Access control: Only authorized individuals are allowed to access Your Personal Data, according to defined privilege levels;
●    Enhanced authentication: We use mechanisms such as multi-factor authentication to ensure that only authorized users access records;
●    Monitoring and auditing: We maintain detailed records of access and activities performed in our systems to prevent and detect possible incidents;
●    Secure environment: We store Your Personal Data on protected servers that are continuously monitored.

Although we adopt advanced security standards, no system is completely immune to risks. If a security incident occurs that compromises Your Personal Data, we will take the necessary measures to mitigate impacts and, when required by Applicable Law, inform You and the Competent Authorities.

12. International data transfer?

Doris.Mobi may store and process Your Personal Data on servers located in Brazil and the United States. Although these countries may have different levels of data protection, we adopt technical, organizational, and contractual measures to ensure security and compliance in processing this information, as required by LGPD and GDPR.

Whenever there is an international data transfer, we ensure that it is carried out based on appropriate legal mechanisms, such as standard contractual clauses and other safeguards required by Applicable Laws, ensuring an adequate level of protection for Your privacy.

13. Updates to this policy?

This Policy may be modified periodically to reflect legal changes, developments in our services, or necessary adjustments to ensure greater transparency about the processing of Your Personal Data. Whenever there are relevant changes, You will be notified through our official channels.

14. How to contact us?

If You have questions, wish to exercise Your rights, or need more information about the processing of Your Personal Data, contact our privacy team through our Privacy Portal. Our team is available to handle Your request within the timeframes established by Applicable Law.

Service Channel: Privacy Portal
E-mail DPO: dpo@doris.ia
Data Protection Officer(DPO): Ricardo Lima Ferla
Deputy Data Protection Officer: Eduardo Sanches Morelli


ANNEX 1 - SPECIFIC INFORMATION - DORIS APP

The DORIS APP is a virtual assistant and social network developed for digital environments. Integrated or not into the shopping journey, it allows You to:

●    Receive fashion tips from Doris.Mobi, specially prepared for You according to Your preferences and interests;
●    Send Images of Yourself or other people (who have authorized the use and submission of such Images by You) to virtually try on Clothing Items suggested by the App based on Your profile;
●    Send Images of Clothing Items so You can try them on and/or find out where to purchase such Clothing Items;
●    Send Images of any people (who have authorized the use and submission of such Image by You) so You can try on their Clothing Items and/or find out where to purchase such Clothing Items;
●    Receive suggestions on which sizes best fit Your body, based on Your submitted Image and size charts of Clothing Items obtained from leading fashion e-commerce platforms;
●    Receive suggestions on where to buy the Clothing Items suggested by the DORIS APP and/or submitted by You;
●    Browse third-party websites that display Clothing Items for sale and virtually try on such Clothing Items;
●    Create a virtual wardrobe from Clothing Items, allowing You to try on such Clothing Items at any time;
●    Provide information for building a Database, which will be used by Doris.Mobi to create Your style profile and present You with suggestions for Clothing Item combinations according to Your preferences and interests;Connect with other members of the Doris Community to interact and exchange experiences, looks, messages, photos, videos, etc.

1.  Porpose of processing

The processing of Personal Data by the DORIS APP aims to:

●    Enable virtual clothing simulation without the need for a physical fitting room;
●    Improve the shopping experience in the digital environment;
●    Build Your style profile and present You with suggestions for Clothing Item combinations based on Your style preferences and the climate of Your approximate location;
●    Collect anonymized statistical data for tool improvement.

2.    Personal data collected

●    Mobile number, name or nickname (mandatory for identification);
●    Gender, age, weight, and height (optional, for size suggestions);
●    Your fashion style preferences (mandatory, for clothing suggestions);
●    Location (optional, for clothing suggestions);
●    Image (mandatory, for virtual simulation);
●    Browsing data, such as IP address, accessed screens, navigation time, and browser type (optional, for security and statistics).

3.  Applicable legal basis

●    Contract execution: to enable the operation of the DORIS APP;
●    Legitimate interest: to ensure the technical functioning of the tool, prevent fraud, maintain digital environment security, and perform statistical analyses aimed at continuous service improvement;
●    Consent: to enable promotional communications and invite Users to participate in surveys.

4.  Retention of personal data

●    Personal Data will be immediately discarded and/or anonymized after account termination by You or by Doris.Mobi under the conditions of the DORIS App Terms of Use or after one year of account inactivity.
●    Technical and statistical data are anonymized and stored for analysis and continuous improvement of the tool.

© 2026 – Doris.ai | São Paulo, Brazil
Privacy Policy          Terms of Use