printwall ai logo

Privacy Policy

Your privacy is important to us. Learn how we collect, use, and protect your personal information when you use Printwall.ai.

Printwall.ai — Privacy Policy

Effective Date: 28 June 2025

1. Introduction

Welcome to Printwall.ai. This Privacy Policy explains how Vein One Igor Dyniewski, a sole proprietorship registered in Poland (NIP: 9671429539) at ul. Dworcowa 7/22, 85-009 Bydgoszcz, Poland, trading as Printwall.ai ("we," "us," "our"), collects, uses, shares, and protects your personal data when you use our website, platform, and services (collectively, the "Service").

We are committed to protecting your privacy and processing your data transparently and securely. This policy is designed to comply with our obligations under the EU General Data Protection Regulation (GDPR), the UK GDPR, the Polish Act on the Protection of Personal Data, and applicable U.S. state privacy laws, including the California Privacy Rights Act (CPRA).

The data controller responsible for your personal data is Vein One Igor Dyniewski. For any privacy-related questions or requests, please see the "Contact Us" section at the end of this policy.

2. Key Definitions

Capitalized terms not defined in this Privacy Policy (such as "User Content," "AI Output," and "Service") have the meaning given to them in our Terms of Service.

  • Personal Data: Any information that relates to an identified or identifiable individual.
  • Processing: Any operation performed on Personal Data, such as collection, storage, use, disclosure, or deletion.
  • Controller: The entity that determines the purposes and means of the processing of Personal Data. For the purposes of this policy, this is Printwall.ai.
  • Processor: An entity that processes Personal Data on behalf of the Controller.
  • Sensitive Personal Information: A specific category of Personal Data that is subject to a higher level of protection under law. As described below, this may include biometric information derived from photographs you upload.

3. Personal Data We Collect and How We Collect It

We collect Personal Data in three primary ways: directly from you, automatically through your use of our Service, and from third-party services.

  • Account & Contact Data
    • What we collect: Your name, email address, display name, postal address, and phone number.
    • How we collect it: Provided directly by you during registration or checkout. Can also be received from an authentication provider.
  • Authentication Data
    • What we collect: Hashed credentials or unique identifiers (e.g., Google or Apple ID) from a Single Sign-On (SSO) provider.
    • How we collect it: Provided by our third-party authentication provider, Clerk.
  • User Content
    • What we collect: The photographs you upload and the text prompts you enter to generate AI Output.
    • How we collect it: Provided directly by you when using the Service.
  • Order & Financial Data
    • What we collect: Details of products in your cart, shipping address, and payment confirmation tokens (we do not see or store your full payment card details).
    • How we collect it: Provided directly by you and received from our payment processor, Stripe.
  • Usage & Technical Data
    • What we collect: Your IP address, device type, browser information, operating system, unique device identifiers, pages viewed, and interaction patterns.
    • How we collect it: Collected automatically via cookies and analytics tools like Google Analytics, Meta Pixel, and our web host, Vercel.
  • Sensitive Personal Information
    • What we collect: Biometric Information. If you upload a photograph containing a clearly identifiable human face, our AI may process its geometric patterns to generate the AI Output. Under laws like GDPR and CPRA, this can be considered biometric data.
    • How we collect it: Derived from the User Content you provide.

Children's Data: Our Service is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from children. If you believe we have inadvertently collected such data, please contact us immediately for its deletion.

4. How and Why We Use Your Personal Data (Purposes and Lawful Bases)

We only process your Personal Data when we have a valid legal basis to do so. Our purposes and legal bases are as follows:

  • To Provide and Manage Your Account
    • Data Used: Account & Contact Data, Authentication Data.
    • Legal Basis: Performance of a Contract (necessary to create and maintain your account as requested by you).
  • To Generate Your Custom AI Output
    • Data Used: User Content, Sensitive Personal Information (Biometrics).
    • Legal Basis: Performance of a Contract (necessary to fulfill your request to transform your photo) and Explicit Consent. By agreeing to our Terms of Service and initiating the generation process, you provide your explicit consent for us to process any Sensitive Personal Information contained in your User Content for this specific purpose.
  • To Fulfill and Ship Your Orders
    • Data Used: Account & Contact Data, Order & Financial Data, AI Output.
    • Legal Basis: Performance of a Contract (necessary to process your order, print the product, and deliver it to you).
  • To Process Payments and Prevent Fraud
    • Data Used: Order & Financial Data, Usage & Technical Data.
    • Legal Basis: Performance of a Contract and our Legitimate Interest (to protect our business from fraud).
  • To Improve Our Service
    • Data Used: Usage & Technical Data.
    • Legal Basis: Legitimate Interest (to understand how our Service is used, identify issues, and develop new features).
  • For Marketing and Advertising
    • Data Used: Account & Contact Data, Usage & Technical Data.
    • Legal Basis: Consent (for sending marketing emails or newsletters) and Legitimate Interest (for targeted advertising to find new audiences, which you can opt out of).
  • To Comply with Legal Obligations
    • Data Used: Order & Financial Data, Account & Contact Data.
    • Legal Basis: Legal Obligation (to maintain records for tax, accounting, or to respond to lawful requests like DMCA/DSA notices).

We honor Global Privacy Control (GPC) signals as a valid request to opt out of the "sale" or "sharing" of your data for advertising purposes as defined under applicable U.S. law.

5. Sharing and Disclosure of Personal Data

We do not sell your Personal Data. We only share it with trusted third parties who act as our Processors to help us provide the Service, and only when protected by a formal Data Processing Agreement. These include:

  • Cloud & AI Providers: To host our platform and perform the AI inference necessary to create your AI Output.
  • Authentication Provider (Clerk): To securely manage your login credentials.
  • Print Fulfilment Partner: To print and ship your physical products.
  • Payment Processor (Stripe): To securely handle payments.
  • Analytics and Marketing Partners: To help us understand service usage and reach new customers.
  • Professional Advisors: Our lawyers, accountants, and auditors, when necessary.
  • Authorities and Acquirers: If required by law or in connection with a merger, acquisition, or sale of assets.

We will not share your Sensitive Personal Information with third parties except for the AI inference provider who processes it on our behalf to generate your AI Output, and only under strict contractual confidentiality and security obligations.

6. Cookies and Similar Technologies

We use cookies and similar technologies (like tracking pixels) to operate and improve our Service. Cookies are small text files placed on your device that help us with:

  • Essential Functions: Such as keeping you logged in and maintaining the items in your shopping cart.
  • Analytics: Understanding how you interact with our Service so we can improve it (e.g., via Google Analytics).
  • Advertising: Delivering relevant ads and measuring their effectiveness (e.g., via Meta Pixel).

You can control and manage cookies through your browser settings, which allow you to refuse or delete cookies. You can also use industry opt-out tools such as those provided by the Network Advertising Initiative (NAI) and the Digital Advertising Alliance (DAA). Please note that blocking essential cookies may impact the functionality of our Service.

7. International Data Transfers

As our service providers may be located around the world, your Personal Data may be transferred and processed in countries outside of the European Economic Area (EEA) and the United Kingdom, particularly the United States. When we transfer your data internationally, we ensure it is protected by appropriate legal safeguards, including:

  • Standard Contractual Clauses (SCCs): Implementing the EU's approved contractual clauses with our U.S.-based processors.
  • UK International Data Transfer Agreement (IDTA) or Addendum: For transfers of UK residents' data.
  • EU-U.S. Data Privacy Framework: Relying on a vendor's certification where applicable.

We implement supplementary measures, such as encryption and access controls, to further protect transferred data.

8. Data Security and Retention

Security: We are deeply committed to securing your data. We implement appropriate technical and organizational measures, including:

  • Encryption: All data is encrypted in transit using TLS, and Personal Data is encrypted at rest in our production databases.
  • Access Control: Access to Personal Data is strictly limited to authorized personnel based on the principle of least privilege, with multi-factor authentication required.
  • Monitoring and Testing: We use continuous logging, regular vulnerability scanning, and conduct periodic security assessments to protect against threats.

While we take these measures seriously, no method of transmission over the internet is 100% secure.

Retention: We retain your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, in line with our Terms of Service.

  • Uploaded Photos (Source Images): Deleted from our active systems within 48 hours after your AI Output is successfully generated.
  • Text Prompts and AI Outputs: Retained for the duration of your active account to allow you to access them and manage your creations. Upon account closure, this data will be purged unless we are required to retain it for a longer period to comply with our legal, tax, or audit obligations.
  • Order and Legal Records: Retained for up to five years after the end of the relevant fiscal year to comply with Polish tax and accounting laws.
  • Analytics Data: Retained in an identifiable form for up to 26 months.

9. Your Privacy Rights

You have rights over your Personal Data, regardless of where you live. To exercise any of these rights, please email us at support@printwall.ai. We will respond to verified requests within the timeframe required by law (typically 30-45 days).

For Residents of the EU/UK (under GDPR):

  • Access: Request a copy of the data we hold about you.
  • Rectification: Correct any inaccurate data.
  • Erasure ("Right to be Forgotten"): Request deletion of your data.
  • Restriction: Ask us to limit the processing of your data.
  • Portability: Receive your data in a machine-readable format.
  • Objection: Object to processing based on our legitimate interests.
  • Lodge a Complaint: You have the right to file a complaint with your local data protection authority or the Polish authority, UODO.

For Residents of California and other U.S. States with applicable laws:

  • Right to Know/Access: Know what Personal Data we have collected, used, and disclosed.
  • Right to Delete: Request the deletion of your Personal Data.
  • Right to Correct: Correct inaccurate Personal Data.
  • Right to Opt-Out: Opt out of the "sale" or "sharing" of your data for targeted advertising.
  • Right to Limit Use of Sensitive Personal Information: Request that we limit the use and disclosure of your sensitive data to that which is necessary to perform the services you requested.

10. AI Processing and Automated Decisions

We believe in responsible and transparent AI.

  • Purpose Limitation: The User Content you provide is used only to generate the AI Output you have requested.
  • No Model Training: As stated in our Terms of Service, we will never use your uploaded photos, text prompts, or resulting AI Output to train our or any third-party AI models unless we first obtain your separate, explicit, opt-in consent.
  • No Automated Decisions: Our AI systems do not make any decisions about you that would have a legal or similarly significant effect. Their sole purpose is creative image generation at your command.

11. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices or the law. If we make a material change, we will notify you by email or through a notice on our Service at least 14 days before the change takes effect. The "Effective Date" at the top indicates the latest revision.

12. Contact Us

If you have any questions, concerns, or wish to exercise your privacy rights, please contact us:

Email: privacy@printwall.ai