Privacy Policy
Last updated: February 13, 2026
Selektable VOF (“Selektable”, “we”, “us”, or “our”), located at Hoedemakerplein 3, 7511 JR Enschede, the Netherlands, operates the website selektable.com (the “Website”), the Selektable merchant dashboard (the “Dashboard”), and the embeddable product visualization widget (the “Widget”) (collectively, the “Service”).
This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our Service, in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and other applicable data protection laws.
1. Data Controller
Selektable VOF is the data controller for personal data collected through the Website and Dashboard. When the Widget is embedded on a merchant’s store, the merchant is the data controller for their customers’ data, and Selektable acts as a data processor on behalf of the merchant.
Contact:
- Email: [email protected]
- Address: Hoedemakerplein 3, 7511 JR Enschede, the Netherlands
2. What Data We Collect
2.1 Website Visitors
When you visit our Website, we may collect:
- Analytics data — anonymized page views, referral sources, device type, and browser information, collected via our analytics provider to understand how visitors use the site.
- Demo request information — your name and email address when you submit a demo request or sign up for our mailing list.
- Communication data — any information you provide when contacting us via email or booking a demo call.
2.2 Merchants (Dashboard Users)
When you register for a Selektable account, we collect:
- Account information — name, email address, and password.
- Business information — store name, store URL, and platform type (e.g., Shopify, WooCommerce).
- Billing information — payment details processed securely through our payment provider. We do not store your full credit card number.
- Usage data — how you interact with the Dashboard, including widget configuration, visualization counts, and conversion metrics.
2.3 End Customers (Widget Users)
When customers interact with the Selektable Widget on a merchant’s store, we collect:
- Uploaded photos — room photos (for furniture visualization) or personal photos (for virtual try-on). See Section 4 for details on how we handle photos.
- Visitor identifier — a randomly generated ID stored in the browser’s localStorage (not cookies) to associate visualization sessions. This ID contains no personal information.
- Optional identity data — if the merchant has enabled identity tracking and the customer is logged in, the merchant may pass us a user ID, name, and/or email to associate visualizations with the customer’s account.
- Interaction data — which products were visualized, whether a product was added to cart, and conversion events.
3. How We Use Your Data
We use collected personal data for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and maintaining the Service | Performance of a contract (Art. 6(1)(b)) |
| Processing payments and billing | Performance of a contract (Art. 6(1)(b)) |
| Sending demo follow-ups and service communications | Legitimate interest (Art. 6(1)(f)) |
| Sending marketing emails (only with consent) | Consent (Art. 6(1)(a)) |
| Analyzing website usage and improving the Service | Legitimate interest (Art. 6(1)(f)) |
| Generating visualization results from uploaded photos | Performance of a contract (Art. 6(1)(b)) |
| Providing conversion attribution and analytics to merchants | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations | Legal obligation (Art. 6(1)(c)) |
4. Photo Data
Uploaded photos are a core part of our Service. We handle them as follows:
- Processing — photos are processed by our AI systems to generate product visualization results (virtual try-on or room visualization).
- Retention — photos are retained for a period chosen by the merchant, ranging from 1 to 30 days, after which they are automatically deleted.
- Marketing consent — if a merchant enables it, end customers may be asked to consent to the merchant using their visualization result for marketing purposes. If the customer consents, the visualization may be retained beyond the standard retention period for the merchant’s marketing use.
- No biometric processing — we do not use uploaded photos for biometric identification, facial recognition databases, or any purpose other than generating the requested visualization.
- Security — photos are encrypted in transit (TLS) and at rest, and are stored in secure cloud infrastructure within the EU.
5. Cookies and Local Storage
What We Use
- localStorage — the Widget uses the browser’s localStorage (not cookies) to store a randomly generated visitor ID. This enables session continuity without tracking across websites.
- Essential cookies — the Website and Dashboard may use essential cookies for authentication and security.
- Analytics — we use a privacy-focused analytics service on our Website. See our Cookie Policy for details.
What We Don’t Use
- We do not use third-party advertising cookies.
- We do not participate in cross-site tracking or ad networks.
- The Widget does not set any cookies.
For more information, see our Cookie Policy.
6. Data Sharing and Sub-Processors
We share personal data only as necessary to provide the Service. We do not sell your personal data.
| Category | Purpose | Data Shared |
|---|---|---|
| Payment processing (Stripe) | Processing merchant subscription payments | Billing name, email, payment method |
| Email and marketing (Bento) | Demo requests, mailing list, transactional emails | Name, email address |
| Scheduling (Cal.com) | Demo call booking | Name, email, meeting details |
| Cloud infrastructure providers | Hosting, storage, and database services | All data as necessary for hosting |
| Analytics provider | Website usage analytics | Anonymized usage data |
All sub-processors are bound by data processing agreements and are required to process data only on our instructions.
7. International Data Transfers
Your data is primarily processed within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g., to sub-processors in the United States), we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- The EU-U.S. Data Privacy Framework, where applicable
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Uploaded photos | 1–30 days (merchant-configurable), unless marketing consent is given |
| Visitor IDs (localStorage) | Until the user clears browser data or calls Selektable.reset() |
| Merchant account data | Duration of the account + 12 months after deletion |
| Billing records | 7 years (Dutch tax law requirement) |
| Analytics data | 26 months |
| Demo request / mailing list data | Until you unsubscribe |
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access — request a copy of the data we hold about you.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data (“right to be forgotten”).
- Restriction — request that we limit processing of your data.
- Data portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interest.
- Withdraw consent — where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
End customers: if you used the Widget on a merchant’s store and want to exercise your rights regarding photo data, please contact the merchant directly, as they are the data controller. You may also contact us and we will assist in directing your request.
You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS/HTTPS) and at rest
- Access controls and authentication for internal systems
- Regular security assessments
- Incident response procedures
While we take reasonable precautions, no system is completely secure. If you discover a security vulnerability, please report it to [email protected].
11. Children’s Privacy
Our Service is not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on our Website or by email. The “Last updated” date at the top reflects the latest revision.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
- Email: [email protected]
- Address: Selektable VOF, Hoedemakerplein 3, 7511 JR Enschede, the Netherlands
