Privacy Policy
Your privacy matters to us. This Privacy Policy explains how oco.fit collects, uses, stores, and protects personal data when you visit our website, contact us, request a demo, or use our services.
This policy applies to https://oco.fit/, our demo environments, and related business communications. It is intended for an international audience and is designed to align with generally accepted privacy standards, including the principles of the General Data Protection Regulation (GDPR), where applicable.
This policy is effective as of 6 April 2026.
Who we are
Oco Fit Ltd., a company registered in Cyprus, with its registered address at Artas 2, EVITA COURT, Office 31, Germasogeia, Limassol, Cyprus, acts as the data controller for the personal data described in this Privacy Policy.
Oco Fit Ltd. provides virtual try-on technology and related software services for eyewear brands, retailers, and partners.
What personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
• contact details such as your name, work email address, phone number, company name, country, and job-related information;
• inquiry and demo data, including the content of messages, forms, support requests, meeting notes, and commercial requirements you share with us;
• technical and usage data, such as IP address, browser type, device information, pages viewed, timestamps, referring pages, and similar analytics data;
• business relationship data, such as CRM records, communication history, and contract-related information.
We do not intentionally collect sensitive personal data through the website unless you choose to send it to us, and we ask that you do not submit unnecessary sensitive information.
How we collect data
We collect personal data when you submit forms, contact us by email or phone, request a demo, interact with our team, or browse our website. Some data is provided directly by you, and some is collected automatically through cookies, analytics tools, server logs, and similar technologies.
Why we use personal data
We use personal data to:
• respond to your inquiries and provide requested information or demos;
• assess potential business relationships and manage sales communications;
• provide, maintain, secure, and improve our website, products, and services;
• understand website traffic, usage trends, and campaign performance;
• keep records of business communications and contractual matters;
• comply with legal, regulatory, tax, accounting, and security obligations;
• protect our rights, systems, users, and legitimate business interests.
Legal bases for processing
Where applicable under privacy law, we rely on one or more of the following legal bases:
• your consent, including for non-essential cookies and analytics technologies where consent is required;
• taking steps at your request before entering into a contract or performing a contract with you;
• our legitimate interests, including operating, securing, and improving our business, responding to business inquiries, keeping internal records, and using strictly necessary cookies required for the website to function;
• compliance with legal obligations.
Where we rely on legitimate interests, we perform an assessment of necessity and proportionality and ensure that our legitimate interests are not overridden by your rights and freedoms.
How long we keep data
We keep personal data only for as long as necessary for the purposes described in this policy, including to manage our relationship with you, maintain business records, resolve disputes, enforce agreements, and comply with legal obligations. When data is no longer needed, we delete it or anonymize it where reasonably possible.
Typical retention periods include:
• inquiry and demo request data: up to 24 months after the last meaningful contact;
• contract, billing, and business records: up to 7 years where required for legal, tax, or accounting purposes;
• analytics data: typically up to 14 months, depending on the relevant analytics tool settings.
Sharing personal data
We do not sell personal data. We may share personal data with trusted service providers that support our operations, such as hosting providers, analytics tools, CRM systems, cloud infrastructure providers, communication platforms, and professional advisers, but only to the extent reasonably necessary for the relevant purpose. We may also disclose personal data where required by law, legal process, regulatory request, or to protect our rights and security.
International data transfers
Because we work with international service providers and customers, personal data may be processed in countries other than the country where you are located. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), together with supplementary measures where appropriate, to protect personal data transferred internationally.
Cookies and analytics
We use cookies and similar technologies to operate the website, remember preferences, measure traffic, understand how visitors use the website, and improve performance. Strictly necessary cookies may be used on the basis of our legitimate interests in operating and securing the website. We use non-essential cookies only with your consent via a cookie banner. For more detail, please see our Cookies Policy.
Security
We use commercially reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, or misuse. These measures may include encryption in transit where appropriate, access controls, authentication measures, system monitoring, and role-based restrictions on internal access. However, no internet transmission or storage system can be guaranteed to be completely secure, so we cannot guarantee absolute security.
Your rights
Depending on your location and applicable law, you may have the right to request access to personal data, correction of inaccurate data, deletion, restriction of processing, objection to certain processing, withdrawal of consent, and data portability. You may also have the right to complain to a competent supervisory authority, including the authority in your country of habitual residence, place of work, or place of the alleged infringement, where applicable.
To exercise your rights, contact us at info@oco.fit. We may need to verify your identity before completing your request.
Use of face data in the iOS app
Our iOS app may use Apple TrueDepth or similar device capabilities to support virtual try-on. Face data used for this feature is processed locally on the device in real time to render the experience. We do not use this face data to identify users, and we do not store or transfer it to our servers unless explicitly stated in a separate product agreement or technical documentation for a specific deployment.
Children
Our website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps.
Third-party sites
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices separately.
Data Protection Officer and contact
We do not have a designated Data Protection Officer. However, you may contact us with any privacy-related questions, requests, or complaints at info@oco.fit or by post at Artas 2, EVITA COURT, Office 31, Germasogeia, Limassol, Cyprus.
Updates to this policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The updated version will be posted on this page with a revised effective date.
This policy applies to https://oco.fit/, our demo environments, and related business communications. It is intended for an international audience and is designed to align with generally accepted privacy standards, including the principles of the General Data Protection Regulation (GDPR), where applicable.
This policy is effective as of 6 April 2026.
Who we are
Oco Fit Ltd., a company registered in Cyprus, with its registered address at Artas 2, EVITA COURT, Office 31, Germasogeia, Limassol, Cyprus, acts as the data controller for the personal data described in this Privacy Policy.
Oco Fit Ltd. provides virtual try-on technology and related software services for eyewear brands, retailers, and partners.
What personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
• contact details such as your name, work email address, phone number, company name, country, and job-related information;
• inquiry and demo data, including the content of messages, forms, support requests, meeting notes, and commercial requirements you share with us;
• technical and usage data, such as IP address, browser type, device information, pages viewed, timestamps, referring pages, and similar analytics data;
• business relationship data, such as CRM records, communication history, and contract-related information.
We do not intentionally collect sensitive personal data through the website unless you choose to send it to us, and we ask that you do not submit unnecessary sensitive information.
How we collect data
We collect personal data when you submit forms, contact us by email or phone, request a demo, interact with our team, or browse our website. Some data is provided directly by you, and some is collected automatically through cookies, analytics tools, server logs, and similar technologies.
Why we use personal data
We use personal data to:
• respond to your inquiries and provide requested information or demos;
• assess potential business relationships and manage sales communications;
• provide, maintain, secure, and improve our website, products, and services;
• understand website traffic, usage trends, and campaign performance;
• keep records of business communications and contractual matters;
• comply with legal, regulatory, tax, accounting, and security obligations;
• protect our rights, systems, users, and legitimate business interests.
Legal bases for processing
Where applicable under privacy law, we rely on one or more of the following legal bases:
• your consent, including for non-essential cookies and analytics technologies where consent is required;
• taking steps at your request before entering into a contract or performing a contract with you;
• our legitimate interests, including operating, securing, and improving our business, responding to business inquiries, keeping internal records, and using strictly necessary cookies required for the website to function;
• compliance with legal obligations.
Where we rely on legitimate interests, we perform an assessment of necessity and proportionality and ensure that our legitimate interests are not overridden by your rights and freedoms.
How long we keep data
We keep personal data only for as long as necessary for the purposes described in this policy, including to manage our relationship with you, maintain business records, resolve disputes, enforce agreements, and comply with legal obligations. When data is no longer needed, we delete it or anonymize it where reasonably possible.
Typical retention periods include:
• inquiry and demo request data: up to 24 months after the last meaningful contact;
• contract, billing, and business records: up to 7 years where required for legal, tax, or accounting purposes;
• analytics data: typically up to 14 months, depending on the relevant analytics tool settings.
Sharing personal data
We do not sell personal data. We may share personal data with trusted service providers that support our operations, such as hosting providers, analytics tools, CRM systems, cloud infrastructure providers, communication platforms, and professional advisers, but only to the extent reasonably necessary for the relevant purpose. We may also disclose personal data where required by law, legal process, regulatory request, or to protect our rights and security.
International data transfers
Because we work with international service providers and customers, personal data may be processed in countries other than the country where you are located. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), together with supplementary measures where appropriate, to protect personal data transferred internationally.
Cookies and analytics
We use cookies and similar technologies to operate the website, remember preferences, measure traffic, understand how visitors use the website, and improve performance. Strictly necessary cookies may be used on the basis of our legitimate interests in operating and securing the website. We use non-essential cookies only with your consent via a cookie banner. For more detail, please see our Cookies Policy.
Security
We use commercially reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, or misuse. These measures may include encryption in transit where appropriate, access controls, authentication measures, system monitoring, and role-based restrictions on internal access. However, no internet transmission or storage system can be guaranteed to be completely secure, so we cannot guarantee absolute security.
Your rights
Depending on your location and applicable law, you may have the right to request access to personal data, correction of inaccurate data, deletion, restriction of processing, objection to certain processing, withdrawal of consent, and data portability. You may also have the right to complain to a competent supervisory authority, including the authority in your country of habitual residence, place of work, or place of the alleged infringement, where applicable.
To exercise your rights, contact us at info@oco.fit. We may need to verify your identity before completing your request.
Use of face data in the iOS app
Our iOS app may use Apple TrueDepth or similar device capabilities to support virtual try-on. Face data used for this feature is processed locally on the device in real time to render the experience. We do not use this face data to identify users, and we do not store or transfer it to our servers unless explicitly stated in a separate product agreement or technical documentation for a specific deployment.
Children
Our website and services are intended for business users and are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps.
Third-party sites
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties, and we encourage you to review their privacy notices separately.
Data Protection Officer and contact
We do not have a designated Data Protection Officer. However, you may contact us with any privacy-related questions, requests, or complaints at info@oco.fit or by post at Artas 2, EVITA COURT, Office 31, Germasogeia, Limassol, Cyprus.
Updates to this policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. The updated version will be posted on this page with a revised effective date.