Who we are

MadeFromArt ("we," "us," or "our") operates the website and services at madefromart.com (including related subdomains or paths we use for the product). The Service lets you upload images and text prompts, run AI-powered image transformations, design apparel, and place orders fulfilled by third-party print-on-demand partners.

Business contact: support@madefromart.com. If you operate as a registered entity, add your legal name and postal address here when your counsel approves it.

Scope

This policy applies to information we collect when you:

• visit or browse our website;
• create or use an account;
• use AI transformation, the shirt editor, mockups, or checkout;
• contact support or receive transactional messages from us.

Third-party services (for example payment processors and fulfillment partners) have their own privacy policies. Where they process personal data on our behalf, we describe them below as service providers. Where you interact with them directly, their terms and policies also apply.

Information we collect

We collect the following categories of information, depending on how you use the Service:

• Account and identity: email address and authentication-related data when you sign up or sign in (handled by our authentication provider).
• User content: images you upload, prompts or style choices you submit, editor settings, and related outputs (for example transformed images or mockups).
• Commerce and fulfillment: order details, cart contents needed to fulfill an order, shipping name and address, and information needed to calculate tax or shipping. Payment card details are collected and processed by our payment processor—we do not store your full card number on our servers.
• Support and communications: messages you send us (for example support email content) and related metadata.
• Technical and usage data: IP address, device and browser type, general location derived from IP, timestamps, pages or features used, diagnostic logs, and identifiers associated with analytics or advertising tools where enabled.
• Error monitoring: when something fails in the app or API, error reports may include technical context (for example stack traces, request paths, and coarse device data) to help us fix issues.

Please do not upload images or prompts containing sensitive categories of personal data (for example government ID numbers, financial account numbers, health information, or passwords) unless you truly need to—and never upload third-party personal data without a lawful basis and permission.

Cookies and similar technologies

We and our partners may use cookies, pixels, local storage, and similar technologies for essential operation, security, analytics, and—where applicable—advertising measurement. Your browser may let you block or delete cookies; blocking some cookies can break parts of the Service (for example staying signed in).

If you market to individuals in regions that require consent for non-essential cookies or tracking, you should implement a consent banner and cookie disclosures that match your actual implementation. This page should then link to a dedicated cookie notice or preference center.

How we use information

We use information for purposes including:

• providing, operating, and improving the Service;
• authenticating users, preventing fraud and abuse, and protecting security;
• processing payments and fulfilling orders (including communicating about orders);
• running AI features you request (which requires sending inputs to model providers);
• generating previews, mockups, and production files for fulfillment partners;
• measuring product usage, debugging, and understanding aggregate trends;
• complying with law, responding to lawful requests, and enforcing our terms; and
• sending transactional emails (for example receipts or order updates) where configured.

If you are subject to GDPR-style rules, our typical lawful bases include performing a contract with you, legitimate interests (for example security and product improvement, balanced against your rights), and—where required—consent (especially for certain marketing cookies or messages).

AI processing

When you use AI features, your prompts and images are transmitted to third-party AI providers to generate results. Those providers may process data on their infrastructure subject to their own terms and privacy policies. We configure the Service to use these providers to deliver features you request.

Outputs can be imperfect. You are responsible for ensuring you have rights to your inputs and that outputs are appropriate for printing, shipping, and public display. See also our Terms of Service.

Service providers (subprocessors)

We use vendors to host and operate the Service. Depending on what features you use, this can include (not necessarily exhaustive):

• Supabase — authentication, database, and file storage for user content and product data.
• Stripe — payment processing and related fraud prevention signals.
• Google — AI model services used for image transformation (for example Google Gemini APIs), and Google Analytics (site measurement via gtag) as configured on the site.
• Replicate — optional background removal or related image processing when you use that feature (enabled only when configured in our environment).
• Printful — product catalog, mockup generation, and print-on-demand fulfillment.
• Resend — transactional email delivery when that integration is enabled.
• Sentry — error monitoring and performance diagnostics for the server application.
• PostHog — product analytics when configured; in production we may enable session replay with input masking configured to reduce sensitive data capture.
• Meta (Facebook) and Reddit — advertising pixels and related measurement when configured, including server-side conversion APIs where enabled.
• Hosting providers (for example Render) — application hosting and networking.

We may update this list as vendors change. If your counsel requires a formal subprocessor register, maintain it separately and keep this page aligned.

Sharing

We share information with third parties in these situations:

• Service providers who process data on our instructions to operate the Service (listed above).
• Fulfillment: to produce and ship orders, we share what is needed with fulfillment partners (for example shipping address, garment selection, and print-ready artwork).
• Legal and safety: to comply with law, respond to lawful requests, or protect rights, safety, and integrity of users, us, or others.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and continuity commitments where feasible.

We do not sell personal information in the conventional sense of exchanging data for money. Some jurisdictions treat certain advertising or analytics activities as a "sale" or "sharing" for targeted advertising. If that applies to your configuration, you should add the disclosures and links required by those laws (for example a "Do Not Sell or Share My Personal Information" link for California users, if applicable).

International transfers

We are based in the United States and primarily process data in the United States. If you access the Service from other countries, your information may be transferred to the U.S. and other locations where our vendors operate. Those countries may have different data protection laws than your own.

Where GDPR or UK GDPR applies and transfers require safeguards, we rely on appropriate mechanisms such as Standard Contractual Clauses and vendor agreements—your counsel should confirm what is required for your vendor stack and data categories.

Retention

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, and maintain legitimate business records (for example accounting and tax). Retention varies by data type: account data may persist while your account is active; order records may be kept longer for fulfillment and legal requirements; logs may roll off on a shorter schedule.

Some user-generated content may be stored to allow you to return to designs, galleries, or carts. Temporary files created for previews (for example mockup image URLs) may be deleted automatically after a short period, but you should not rely on that for secrecy—treat previews as potentially accessible to anyone with the link until they expire.

Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (HTTPS) for the website and reliance on reputable vendors for sensitive processing like payments. No method of transmission or storage is completely secure.

Your choices and rights

Depending on where you live, you may have rights to access, correct, delete, export, or restrict certain processing of your personal information, and to object to certain processing or withdraw consent where processing is consent-based.

California residents (summary): California law may provide rights to know, delete, and correct personal information, and to opt out of certain "sale" or "sharing" for cross-context behavioral advertising. If you offer those rights, describe how to submit requests (email webform), any verification steps, and authorized agent rules—your counsel should tailor this section.

To submit a privacy request, contact support@madefromart.com. We may need to verify your identity before fulfilling certain requests.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it, subject to law.

If you market in regions with higher age thresholds for certain online services, adjust this section with counsel.

Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and revise the "Last updated" date. If changes are material, we may provide additional notice (for example a banner or email) where appropriate.

Contact

Questions about this policy: support@madefromart.com.