Privacy Policy

1. Overview

whatismysize.com ("we", "us", "our") provides free size conversion tools for shoes, bras, clothing, and underwear. This Privacy Policy explains how we collect, use, and protect your information when you use our website.

The lawful basis for our processing under the EU General Data Protection Regulation (GDPR) is our legitimate interests (Article 6(1)(f)) in understanding how the site is used and improving the accuracy of our size charts. We believe the processing described here has a minimal privacy impact given that it is anonymous, first-party, stores no IP address or user agent, and is not shared with any third party for advertising, profiling, or cross-site tracking.

2. Information We Collect

Measurements & Preferences

When you use our size converters and calculators, you may enter body measurements (e.g., foot length, bust, underbust, chest, waist, hip) and preferences (e.g., gender, preferred size system). These are:

• Stored locally in your browser (localStorage) so you don't have to re-enter them on return visits.
• Sent to our own first-party analytics, in anonymous form, alongside the conversion event — so we can understand what real-world measurement distributions look like and improve our size-chart accuracy. The values are never linked to your name, email, or any external identity. They are associated only with the anonymous, self-rotating user ID described below.

We do not draw any health inference from your measurements and we do not treat them as health data. They are used only to improve the accuracy of our size charts and converters. We never combine them with any external data source that could re-identify you.

Anonymous Usage Data (First-Party Analytics)

To understand how the site is used and which brands people look up most, we collect a small amount of anonymous usage data on our own servers — not through Google Analytics or any third party. Specifically, when you browse a page or use a converter, we record:

• The page path you visited (e.g., /shoes/nike-size-chart)
• The category (shoes, bras, clothing, underwear, tool, guide)
• Which converter you used, the inputs you provided (including any body measurements you typed in), and the result count
• Thumbs-up / thumbs-down feedback on a result, including (when you provide them) the size you usually wear, the size that actually fit, and an optional reason ("runs narrow", "runs long", etc.)
• Roughly how long it took you to leave feedback after a conversion (a single integer of seconds — used to separate quick taps from considered answers)
• Your device class (mobile / tablet / desktop), derived from your browser window's width — not your model, OS, or user agent
• A coarse language/region tag like en-US or de-DE, derived from your browser's Accept-Language request header — used so we can tell whether a brand fits true to size for EU buyers vs US buyers. We never store the full request header, never store your IP address, and never look up your precise location
• When you click a link that takes you off our site (such as a brand's official size guide), we record the destination domain (e.g. nike.com), the link kind (e.g. official_guide), and the page you clicked from. We do not record query strings or anything you do on the destination site
• A random session ID in your browser's sessionStorage for the current tab only — it is NOT a cookie, it is not shared across tabs, and it disappears when you close the tab
• A random anonymous user ID in your browser's localStorage that lets us tell a returning visitor from a new one without any account or login. It is not linked to your name, email, or any external identity, rotates automatically every 13 months in line with CNIL audience-measurement guidance, and you can clear it any time by clearing site storage

We do not store your IP address, we do not store your user agent, we do not track you across sites, and we do not set any third-party cookies. The data lands in a Postgres database we operate at api.whatismysize.com and is used only to operate and improve this site.

2a. Bra Fit Reports (Crowdsourced)

When you submit a fit report on a bra brand page (via our "Does [Brand] fit you?" module) or save a bra size on your /my-sizes page, we store the report on our API server at api.whatismysize.com. The report is keyed to the anonymous wms_uid identifier stored in your browser's localStorage — there is no login, no email, and no personal identifier attached.

We also store a one-way hash of your IP address (combined with a rotating salt that exists only inside the API process) as an abuse signal. The hash cannot be reversed to recover your IP, is held for at most 90 days, and is never joined with any other identifier.

You can remove your contributions at any time by clearing your browser's localStorage for whatismysize.com. Doing so discards your wms_uid and effectively disconnects you from your prior reports. Clearing storage is irreversible.

If Do Not Track is enabled in your browser, or you have opted out of analytics in the settings below, no fit reports are submitted from your device, and the one-time migration of previously saved bra sizes does not run.

3. Cookies & Local Storage

We do not use cookies — not for analytics, not for tracking, not for advertising. The site does not set any cookies on your device, and Google Analytics is not loaded at all.

We use your browser's localStorage to save your measurement preferences, recently visited brands, and saved sizes so you don't have to re-enter them. localStorage is not shared with any server or third party — it stays entirely on your device.

We also use sessionStorage to hold a random anonymous ID for the current browser tab, as described in section 2. This expires automatically when you close the tab.

And we use localStorage to hold a random anonymous user ID (wms_uid) so the same browser is recognized across sessions for analytics purposes only. It contains no personal data, is never sent to third parties, and rotates automatically every 13 months.

4. Information We Collect via Forms

Two forms on the site — the contact form and the error report form — are submitted to Formspree, a third-party form processor, so that we receive an email notification when you write in. The information you provide (your message, the reason or brand you are writing about, and optionally your name and email) is stored by Formspree on our behalf. See Formspree's Privacy Policy.

All other in-site feedback signals (thumbs up/down on a result, brand-suggestion requests from hub pages) are recorded as anonymous events in our own first-party analytics — the same pipeline described in section 2 — and do not pass through any third party.

5. Third-Party Services

Our site uses or links to the following third-party services:

• Formspree: Processes form submissions (contact, error reports, feedback). Formspree may set its own cookies on its own domain when you submit a form; none are set on whatismysize.com.
• Affiliate links: We may earn commissions when you click links to retailer websites and make purchases. We do not currently have any affiliate links live on the site; if and when we add them, they will be marked as outbound links and clicks will be recorded as described in section 2 (destination domain only). These retailers have their own privacy policies and may set cookies on their own domains.
• Outbound links to brand size guides: Brand pages link out to each brand's official size chart (e.g. nike.com/help/a/size-charts). We record only that you clicked an outbound link and the destination domain, not anything you do on that site.

Our first-party analytics backend (api.whatismysize.com) is operated by us, not a third party. See section 2 for exactly what it collects.

6. Data Sharing

We do not sell your information and we do not share analytics data with third parties. Body measurements you enter into our calculators are sent to our own first-party analytics in anonymous form (see section 2) and are also kept locally in your browser. They are never shared, sold, or transmitted to any external party.

7. Data Retention

We retain anonymous analytics events (the data described in section 2) for a rolling window of 24 months from the date each event is recorded, after which the row is deleted from our database. The anonymous user identifier in your browser (wms_uid) rotates at least every 13 months, so a visitor who returns after that window will look like a new visitor to our analytics.

Data you store locally in your browser (preferences, saved sizes, and measurements) stays on your device until you clear it. We have no control over local browser storage.

Form submissions sent to Formspree (see section 4) are retained according to Formspree's own retention practices, described in their privacy policy.

8. International Data Transfers

Our first-party analytics database is hosted on Render in the United States. When you submit a form, data travels to Formspree, also based in the United States. This means personal data originating in the EU, UK, or other regions may be transferred to and processed in the United States.

These transfers are made under the Standard Contractual Clauses approved by the European Commission, which our service providers include in their data processing agreements. You can request more information about these safeguards via the contact form.

9. Your Rights

If you are located in the EU, the UK, or another jurisdiction with comparable data protection law, you have the following rights in relation to the anonymous data we hold about your sessions:

• Right of access (Art. 15 GDPR) — request a copy of the data associated with your current anonymous user identifier.
• Right to rectification (Art. 16) — request correction of inaccurate data.
• Right to erasure (Art. 17) — request deletion of the data associated with your anonymous user identifier.
• Right to restriction (Art. 18) and portability (Art. 20) — request that we limit processing or provide the data in a structured machine-readable format.
• Right to object (Art. 21) — opt out of our analytics at any time using the controls below.
• Right to lodge a complaint with a supervisory authority — for example, your national data protection authority in the EU, or the Information Commissioner's Office (ICO) in the UK.

To exercise any of these rights, please include the value of your wms_uid localStorage entry when you contact us — this is the only identifier that lets us locate the data associated with your session.

Opt out of analytics

Use the button below to turn off our first-party analytics on this device. We also automatically honor your browser's Do Not Track setting when it is enabled.

Your choice is stored in your browser's localStorage under wms_analytics_opt_out. Clearing site data will reset it.

10. California Residents (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). The categories of personal information we collect are described in section 2 above.

Under CPRA, body measurements you enter into our calculators may be considered sensitive personal information. We use this information only for the purpose for which it was provided — improving our size-chart accuracy — and never for inferring characteristics about you, for advertising, or for cross-context behavioral targeting. We do not sell or share your personal information with third parties for advertising purposes.

You have the right to know what we collect, to request deletion, to correct inaccurate information, and to limit the use of sensitive personal information. To exercise these rights, use the opt-out button in section 9 or contact us.

11. Children's Privacy

Our site is a general-audience tool that may be used by people of any age looking for sizing information. We do not require accounts, we do not allow comments or user-generated content, and we collect only the anonymous, first-party data described in section 2.

In line with the UK Age Appropriate Design Code (Children's Code), any data we happen to receive from a visitor under 18 is treated with the same high privacy standards as data from any other visitor: anonymous, no profiling, no advertising, no sharing with third parties. We do not use age or any other signal to target children specifically.

Consistent with the US Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will delete the associated data from our analytics store.

12. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the competent supervisory authority within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk, we will also take reasonable steps to communicate the breach to affected users through this website.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

14. Contact

If you have questions about this Privacy Policy or wish to exercise any of the rights described in sections 9 and 10, please contact us.