Privacy Policy
Information on the processing of personal data pursuant to Regulation (EU) 2016/679 (GDPR)
Last updated: March 14, 2026
This Privacy Policy describes how SOLIDA Digital Advertising SRL ("Dresium", "we", "us") collects, uses, stores, and protects the personal data of users who use the Dresium platform, including the dresium.com website, browser extensions, and e-commerce plugin. We are committed to protecting user privacy in compliance with Regulation (EU) 2016/679 (GDPR) and applicable Italian law.
1 Data Controller
The Data Controller for personal data processing is:
SOLIDA Digital Advertising SRL
Via M. Stabile 160 — 90139 Palermo (PA), Italy
VAT: IT06962150824
Email: privacy@dresium.com
Certified Email (PEC): solidadigitaladvertisingsrl@pec.it
2 Data We Collect
We collect the following categories of personal data:
2.1 Data provided directly by the user
- Registration data: name, surname, email address, password (encrypted)
- Social authentication data: if the user registers via Google, Facebook, or Apple, we receive name and email address from the provider
- Photographs: images uploaded by the user for the Virtual Try-On service
- Payment data: processed exclusively through Stripe; Dresium does not collect or store credit card data
2.2 Data collected automatically
- Browsing data: IP address, browser type, operating system, pages visited, timestamps
- Usage data: number of generations, credits purchased and used, service preferences
- Cookies and similar technologies: as described in the dedicated section
2.3 AI-generated content
- Generated images: Virtual Try-On results created from user photographs
- Generated videos: video content produced through artificial intelligence (where available)
Important note: Photographs and generated images are considered personal data as they can identify the user. We process this data with the utmost confidentiality and security.
3 Purposes and Legal Bases for Processing
| Purpose | Legal Basis (GDPR) | Data Processed |
|---|---|---|
| Service provision Registration, authentication, Virtual Try-On |
Art. 6.1.b — Contract performance | Registration data, photographs, generated content |
| Payment processing Credit purchases, invoicing |
Art. 6.1.b — Contract performance | Identification data, transactions (via Stripe) |
| Customer support Responding to requests and complaints |
Art. 6.1.b — Contract performance | Contact data, communication history |
| Legal compliance Tax obligations, authority requests |
Art. 6.1.c — Legal obligation | Identification data, transactions |
| Service improvement Analytics, optimization |
Art. 6.1.f — Legitimate interest | Browsing and usage data (aggregated) |
| Direct marketing Newsletter, promotions (if consented) |
Art. 6.1.a — Consent | Email, preferences |
Your photographs are never used to: train artificial intelligence models, be shared with third parties for marketing purposes, be sold or transferred to third parties.
4 Third-Party Services
To provide our service, we use the following third-party providers, who may process personal data on our behalf or as independent controllers:
Google AI (Gemini)
Provider: Google LLC
Purpose: Image processing for Virtual Try-On via Gemini API
Data transmitted: User photographs and product images (for generation)
Role: Data Processor
xAI (Grok)
Provider: xAI Corp.
Purpose: AI image and video generation (alternative provider)
Data transmitted: User photographs and product images
Role: Data Processor
Anthropic (Claude)
Provider: Anthropic PBC
Purpose: AI assistant for customer support
Data transmitted: Chat messages (no photographs)
Role: Data Processor
OpenAI
Provider: OpenAI, L.L.C.
Purpose: Natural language processing (alternative provider)
Data transmitted: Text for processing
Role: Data Processor
Google MediaPipe
Provider: Google LLC
Purpose: Face detection for photo cropping optimization (client-side processing)
Data transmitted: None — processing occurs entirely in the user's browser
CDN used: cdn.jsdelivr.net, storage.googleapis.com (library download only)
Stripe
Provider: Stripe, Inc.
Purpose: Payment processing for credit purchases
Data transmitted: Payment data (credit card, billing address)
Role: Independent Data Controller for payment data
Note: Dresium does not collect or store credit card data
Keycloak (Authentication)
Provider: Managed by Dresium (self-hosted)
Purpose: Single Sign-On (SSO) and identity management
Data processed: Login credentials, sessions, authentication tokens
Role: System managed internally by Dresium
jsDelivr CDN
Provider: Prospect One (jsDelivr)
Purpose: Delivery of open-source JavaScript libraries
Data transmitted: Standard HTTP requests (IP address, user agent) — no personal data
5 Data Retention
| Data Category | Retention Period |
|---|---|
| Account data (name, email) | For the duration of the account + 30 days after deletion |
| Uploaded photographs | Until deleted by user or account closure |
| Generated images | Until deleted by user or account closure |
| Generated videos | Until deleted by user or account closure |
| Payment data | 10 years (Italian tax obligations) |
| System logs | 12 months |
| Analytics cookies | According to individual cookie policy (max 24 months) |
Immediate deletion: Users can delete their photographs and generated images at any time from the dashboard. Account deletion results in the permanent removal of all data within 30 days.
6 Data Sharing and Transfers
6.1 Data sharing
Personal data may be shared with:
- Service providers: the providers listed in Section 4, exclusively for the stated purposes
- Competent authorities: upon legitimate request from judicial or administrative authorities
- Merchants (B2B plugin): limited to email and name, for creation of the local account required for service delivery
6.2 Transfers outside the EU
Some of our providers (Google, xAI, Anthropic, OpenAI, Stripe) are based in the United States. Data transfers to the US are based on:
- Data Privacy Framework (DPF): for certified providers
- Standard Contractual Clauses (SCCs): approved by the European Commission
- Supplementary measures: encryption of data in transit and at rest
Safeguards: All non-EU providers have been selected after verifying the adoption of adequate security measures and compliance with GDPR requirements for international transfers.
7 Your Rights
Under Articles 15-22 of the GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access (Art. 15) | Obtain confirmation of processing and a copy of your data |
| Rectification (Art. 16) | Correct inaccurate or incomplete data |
| Erasure (Art. 17) | Request deletion of your data ("right to be forgotten") |
| Restriction (Art. 18) | Restrict processing in certain circumstances |
| Portability (Art. 20) | Receive your data in a structured format and transfer it |
| Objection (Art. 21) | Object to processing based on legitimate interest |
| Withdraw consent (Art. 7) | Withdraw consent at any time (e.g., marketing) |
7.1 How to exercise your rights
To exercise your rights, you can:
- Dashboard: Access your account settings on dresium.com to modify or delete data
- Email: Send a request to privacy@dresium.com
- Certified Email (PEC): Write to solidadigitaladvertisingsrl@pec.it
We will respond within 30 days of receiving the request, except in complex cases (extendable by an additional 60 days with reasoned communication).
7.2 Account deletion
Users can delete their account at any time from the "Settings" section of the dashboard. Deletion results in:
- Immediate deletion of photographs and generated images
- Deletion of account data within 30 days
- Loss of remaining credits (non-refundable)
- Retention of data required for legal obligations only (e.g., invoicing)
8 Cookies and Similar Technologies
We use cookies and similar technologies to ensure website functionality and improve user experience. For complete information on cookies used, please see our Cookie Policy.
8.1 Types of cookies
| Type | Purpose | Consent | Examples |
|---|---|---|---|
| Technical/Essential | Authentication, session, basic preferences | Not required | wordpress_logged_in_*, drs_cookie_consent, dresium_locale |
| Analytics | Aggregate statistics on site usage (Google Analytics 4) | Required | _ga, _ga_*, _gid |
| Marketing | Personalized advertising (Meta Pixel, Omnisend) | Required | _fbp, _fbc, omnisendContactID |
8.2 Managing preferences
Users can manage their cookie preferences through:
- The cookie banner displayed on first site visit
- Their browser settings
- The "Manage Cookies" link in the site footer
For more details on each individual cookie, its duration, and instructions for disabling, please see the full Cookie Policy.
9 Data Security
We implement appropriate technical and organizational measures to protect personal data:
- Encryption: All data is transmitted via HTTPS/TLS and encrypted at rest
- Access control: Data access is limited to authorized personnel with multi-factor authentication
- Monitoring: Intrusion detection systems and activity logging
- Backups: Regular encrypted backup copies
- Privacy by Design: Data protection integrated into system design
- Data isolation: User photographs are isolated and not accessible to other users or merchants
Protected Media Library: User photographs and generated images are not visible in the WordPress Media Library or accessible to merchant site administrators.
10 Children
The Dresium service is restricted to persons aged 16 years or older. We do not knowingly collect personal data from children under 16.
If a parent or guardian believes that a minor has provided personal data without authorization, please contact us immediately at privacy@dresium.com. We will promptly delete the data.
11 Changes to This Policy
We reserve the right to modify this Privacy Policy. Changes will be published on this page with an updated date.
For substantial changes affecting user rights, we will provide email notification at least 15 days in advance.
12 Contact Us
For any questions regarding this Privacy Policy or the processing of personal data:
SOLIDA Digital Advertising SRL
Via M. Stabile 160 — 90139 Palermo (PA), Italy
VAT: IT06962150824
Privacy Email: privacy@dresium.com
Support: support@dresium.com
Certified Email (PEC): solidadigitaladvertisingsrl@pec.it
12.1 Complaint to the Supervisory Authority
If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the competent supervisory authority:
Garante per la Protezione dei Dati Personali
Piazza Venezia 11 — 00187 Rome, Italy
Website: www.garanteprivacy.it
Email: protocollo@gpdp.it
Certified Email (PEC): protocollo@pec.gpdp.it