Privacy Policy
Last updated: March 8, 2026
1. Introduction
Primpter ("we", "our", or "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.
This policy is compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable EU data protection laws.
2. Data Controller
The data controller responsible for your personal data is:
Primpter
Email: privacy@primpter
3. Personal Data We Collect
3.1 Information You Provide
- Account Information: Email address, name (optional)
- Order Information: Shipping address, billing address, phone number (for delivery)
- Payment Information: Processed securely by Stripe; we do not store full card details
- Communication Data: Messages, support requests, and feedback you send us
3.2 Information Collected Automatically
- Usage Data: Pages visited, time spent, interactions with our service
- Device Information: Browser type, operating system, device type
- IP Address: For security purposes and approximate location
- Cookies: See our Cookie Policy for details
3.3 AI-Generated Content
- Prompts: Text prompts you enter to generate images
- Generated Images: Images created through our AI service
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data based on the following legal grounds:
| Purpose | Legal Basis |
|---|---|
| Fulfilling orders and providing services | Contract performance |
| Processing payments | Contract performance |
| Sending order confirmations and shipping updates | Contract performance |
| Responding to support requests | Contract performance / Legitimate interest |
| Preventing fraud and ensuring security | Legitimate interest |
| Content moderation and safety review of AI-generated content | Legitimate interest |
| Improving our services | Legitimate interest |
| Marketing communications | Consent (where required) |
| Legal compliance | Legal obligation |
5. How We Use Your Data
- To create and manage your account
- To process and fulfill your orders
- To communicate with you about your orders and our services
- To provide customer support
- To improve and optimize our website and services
- To detect and prevent fraud and abuse
- To review and moderate AI-generated content for safety, quality, and compliance with our content policies
- To comply with legal obligations
5.1 Content Moderation
To ensure the safety and quality of our platform, we review AI-generated content (including text prompts and generated images) for compliance with our content policies. This review may be conducted by our team manually or through automated systems. Content that violates our policies may be flagged, removed, or result in account restrictions. We process this data under our legitimate interest in maintaining a safe and lawful platform.
6. Data Sharing and Third Parties
We share your personal data with the following categories of third parties:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Payment details, email, billing address |
| Gelato | Print production and shipping | Name, shipping address, product details |
| Postmark | Email delivery | Email address, order information |
| DigitalOcean | Cloud hosting and storage | Account data, generated images |
All third-party providers are carefully selected and comply with GDPR requirements. We have Data Processing Agreements (DPAs) in place with these providers.
7. International Data Transfers
Some of our third-party providers may be located outside the European Economic Area (EEA). When transferring data outside the EEA, we ensure appropriate safeguards are in place, including:
- EU-approved Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Other legally recognized transfer mechanisms
8. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy:
- Account data: Until you delete your account, then 30 days
- Order data: 7 years (for legal and accounting requirements)
- Generated images: Until you delete them or your account
- Support communications: 3 years
- Analytics data: 26 months (anonymized)
9. Your Rights Under GDPR
As an EU resident, you have the following rights:
- Right of Access: Request a copy of your personal data
- Right to Rectification: Request correction of inaccurate data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restriction: Request limitation of processing
- Right to Data Portability: Receive your data in a machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (where applicable)
To exercise any of these rights, please contact us at privacy@primpter. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption of data in transit (TLS/HTTPS)
- Secure cloud infrastructure with access controls
- Regular security assessments
- Employee training on data protection
11. Children's Privacy
Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by email or by posting a notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.
13. Complaints
If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with your local Data Protection Authority (DPA). You can find your local DPA at: European Data Protection Board - Members
14. Contact Us
For any questions about this Privacy Policy or your personal data, please contact our Data Protection contact:
Email: privacy@primpter