Last updated: March 28, 2026
Sloper Studio ("we," "us," or "our") is a web-based tool for generating parametric sewing patterns from body measurements, operated at sloperstudio.com. Sloper Studio is committed to compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and other applicable privacy laws.
For any privacy-related questions or data subject requests, contact us at hello@sloperstudio.com.
We have not appointed a Data Protection Officer, as our processing activities are limited in scope. We maintain Records of Processing Activities as required by GDPR Article 30. For questions about our processing activities, contact hello@sloperstudio.com.
When you sign in with Google OAuth, we receive your email address, display name, and Google account identifier. We use the minimum OAuth scopes necessary (openid, email, profile) and do not request access to your Google contacts, calendar, or any other Google services.
You may enter body measurements (such as bust, waist, hip circumferences, and related dimensions) to generate sewing patterns. These measurements are dimensional data used exclusively for garment pattern generation. They are not used for identification, authentication, profiling, or any purpose other than creating sewing patterns. Measurements are processed on our servers and may be stored in our database so you can retrieve and reuse them across sessions.
We have assessed these measurements under applicable biometric and sensitive data laws (including Illinois BIPA, GDPR Article 9, and CCPA/CPRA). Because body measurements for sewing are not processed for the purpose of uniquely identifying an individual, they do not meet the legal definition of biometric identifiers or special category data under these frameworks. Nonetheless, we apply heightened protections to this data: measurements are transmitted over encrypted connections (TLS), never shared with third parties, and deleted upon account deletion.
If you request access to Sloper Studio, we collect your email address (verified through Google sign-in), your name, and any message you include in the request form. This data is collected for the purpose of evaluating your early access request.
Our hosting providers (Vercel and Cloudflare) may automatically collect standard server log data such as IP addresses, browser type, referring pages, and timestamps. This data is controlled by those providers under their own privacy policies and is used for security, performance, and error monitoring. Cloudflare operates in DNS-only mode for our domain and does not set tracking cookies or proxy your traffic.
We use your information for the following purposes:
We commit to the following practices: (1) We will never sell your personal information or body measurements to any third party. (2) We will never use your data for advertising, marketing, or profiling purposes. (3) We will not use your body measurements for any purpose other than generating sewing patterns. (4) We will not share your measurements with third parties except as required by law. We do not offer any financial incentive, discount, or other compensation in exchange for the collection, retention, or deletion of your personal information.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:
We use a minimal set of cookies strictly necessary for the Service to function:
We do not use any analytics, advertising, or third-party tracking cookies. Our Cloudflare configuration uses DNS-only mode, meaning Cloudflare does not set cookies on our domain. If we add non-essential cookies in the future, we will update this policy and present a consent banner before setting them.
We check for the Global Privacy Control (GPC) header (Sec-GPC: 1) on requests. If detected, we will not set any non-essential cookies and will not use data for targeted advertising or profiling. Since we currently use only essential cookies, GPC-enabled browsers will experience no functional difference.
We use the following third-party providers to operate our Service. Each processes data only as necessary to provide their service to us. We require data processing agreements with our third-party processors in accordance with GDPR Article 28. These agreements establish that processors act only on our written instructions, implement appropriate security measures, and provide audit rights. For information about our processor agreements, contact hello@sloperstudio.com.
Our servers and service providers are located in the United States. If you access our Service from outside the US, your data will be transferred to and processed in the US.
For EEA/UK users, these transfers are covered by Standard Contractual Clauses (SCCs) included in our providers' data processing agreements. Specifically, Railway, Vercel, and Cloudflare each maintain SCCs as part of their standard data processing addendums. As supplementary safeguards, our infrastructure employs encryption in transit (TLS), API key authentication, and network-level access controls, limiting the risk of unauthorized access. We have conducted a Transfer Impact Assessment and determined that standard contractual clauses, combined with these technical safeguards, provide adequate protection. For a copy of our Transfer Impact Assessment, contact hello@sloperstudio.com.
Your measurements are stored in our PostgreSQL database hosted by Railway. Data is encrypted in transit using TLS. Database storage is protected by network isolation, API key authentication, and role-based access controls.
Current encryption status: We do not currently encrypt measurement data at rest in the database. We are working toward implementing application-level encryption at rest, subject to resource and development availability. Current protections include:
We retain your data according to the following schedule:
Depending on your location, you have some or all of the following rights regarding your personal data.
In addition to the above, you have the right to:
Send an email from your registered email address to hello@sloperstudio.com with "Data Subject Request" in the subject line. Include: (1) your full name and email as registered in our system; (2) the specific right you are exercising; (3) any supporting documentation.
Verification: For standard requests (access, correction of email or name), we verify your identity via confirmation email sent to your registered address. For deletion requests involving body measurements, we may require additional verification.
Response timeline: We will respond within 30 days for GDPR requests or 45 days for CCPA requests. If a request is complex, we may extend the deadline by up to two months (GDPR) or 45 days (CCPA) and will notify you of the delay and reason. If we refuse a request, we will explain our legal grounds for refusal.
Sloper Studio is not intended for children under the age of 13. By using this Service, you confirm that you are at least 13 years old. We do not knowingly collect personal information from children under 13.
If you are between 13 and 17 years old, we recommend notifying a parent or guardian that you are providing body measurements to our Service. Parents or guardians may review or request deletion of their child's data by contacting hello@sloperstudio.com with proof of parental authority.
If you believe a child under 13 has provided us with personal information, contact us at hello@sloperstudio.com and we will delete the data and account within 5 business days.
Measurement data is protected in transit by TLS encryption. Database backups are retained and encrypted at the storage layer per our hosting provider's standard configuration. We maintain API key authentication and role-based access controls.
Our current security measures include:
Ongoing improvements: We are continuously evaluating and improving our security posture. Areas under active development include application-level encryption at rest for measurement data, audit logging for data access, and enhanced breach detection capabilities.
While we take data security seriously, no method of transmission over the Internet or method of electronic storage is 100% secure. We encourage you to contact us immediately if you suspect unauthorized access to your account.
If we discover a breach of your data, we will investigate immediately and notify you of:
We aim to notify supervisory authorities and affected individuals within timeframes appropriate to the assessed risk. Under GDPR Article 33, we target notification to authorities within 72 hours of discovering a breach where feasible, though the actual timeline depends on the nature and scope of the breach and our investigation findings.
In all cases, we will notify you through the email address associated with your account and, if required by applicable law, through other channels.
We will provide at least 30 days' notice before material changes to this policy take effect. Notification will be sent via email to your registered address and by updating the "Last updated" date on this page. Your continued use of the Service after the 30-day notice period constitutes acceptance of the revised policy. For significant changes that affect how we process your data, we will request your renewed consent where applicable.
If you have questions about this privacy policy or our data practices, contact us at:
Sloper Studio
Email: hello@sloperstudio.com