Privacy Policy
We keep this plain-English on purpose. Here is exactly what we collect, why, how we look after the photos you send us, and the rights you have over your data.
This privacy policy explains how Our Paint By Numbers (“we”, “us”, “our”) collects, uses and protects your personal information when you visit ourpaintbynumbers.com or place an order with us. We sell worldwide, so this policy is written to respect the GDPR (for visitors in the EU and UK) and the CCPA/CPRA (for residents of California), as well as similar consumer-privacy laws elsewhere.
By using our website or buying from us, you agree to the practices described here. If anything is unclear, please contact us — we would rather answer a question than leave you guessing.
Who we are (data controller)
Our Paint By Numbers is the data controller for the information described in this policy. You can reach us any time at [email protected] or by calling +1 409 995 3467 (calls only — we don’t send or receive texts on this line).
[Business address — add in WP]What information we collect
We only collect what we need to run the shop, make your kit and support you afterwards. Depending on how you use the site, that can include:
- Order & account details — your name, email address, phone number (if you give one) and the items you buy.
- Shipping & billing address — so we can deliver your kit and process your order.
- Uploaded custom photos — any image you send us to be turned into a custom paint by numbers canvas. (See the dedicated section below — this matters to us.)
- Payment information — handled by our payment processors. We do not store full card numbers on our servers; we only see limited data such as the payment status and the last few digits needed to identify a transaction.
- Messages you send us — the content of emails, contact-form submissions and support conversations.
- Browsing & device data — cookies, IP address, browser type, pages viewed and similar analytics data, collected automatically when you visit (see Cookies & analytics below).
How we use your information
We use your data to:
- Process, make and deliver your order, including preparing and printing your custom canvas.
- Send order confirmations, proofs, shipping updates and other service messages about your purchase.
- Provide customer support and answer your questions.
- Send marketing emails if you have opted in (see Email marketing below).
- Detect and prevent fraud, abuse and technical problems.
- Understand how the site is used so we can improve it.
- Meet our legal, tax and accounting obligations.
Under the GDPR, our legal bases are: performance of a contract (to fulfil your order), consent (for marketing and non-essential cookies), legitimate interests (to run and secure our business) and legal obligation (to keep records the law requires).
How we handle your custom photos
The photo you upload for a custom canvas is personal, and we treat it that way.
We use your photo only to design and produce your kit — to create your digital proof and print your canvas. We do not sell it, we do not share it for advertising, and we do not publish it anywhere without your explicit permission.
We keep your photo only as long as we reasonably need it to complete your order and cover the guarantee period — typically around 90 days after your order ships — and then it is deleted from our active systems. If you would like it removed sooner, just email us.
The only parties who ever touch your photo are our own design and production team and the secure services we use to store and print it. If you ask us to feature your finished canvas (for example on our site or social channels), we’ll only do so with your clear, separate consent.
Cookies & analytics
Like most online shops, we use cookies and similar technologies. Some are essential — they keep your cart working, remember your preferences and keep checkout secure. Others are analytics and marketing cookies that help us understand traffic and measure our ads; these run only where you allow them.
You can control or clear cookies in your browser settings, and where required we show a consent banner so you can accept or reject non-essential cookies. Turning off essential cookies may stop parts of the site from working.
Email marketing & unsubscribing
If you opt in, we may send occasional emails with offers, new designs and painting tips. Every marketing email has an unsubscribe link at the bottom, and you can opt out at any time — it takes one click. You can also email [email protected] and ask us to remove you. Service emails about an order you’ve placed (confirmations, proofs, shipping) are not marketing and will still be sent.
Third parties we share data with
We never sell your personal information. We do share limited data with trusted service providers who help us operate, strictly so they can perform their job:
- Payment processors — to take payment securely (including PayPal and standard card processors).
- Shipping & fulfilment partners and carriers — to make and deliver your order and provide tracking.
- Email & marketing platform — to send order emails and, if you’ve opted in, marketing.
- Analytics providers — to measure and improve site performance.
- Hosting & IT providers — to run and secure the website.
We may also disclose information if the law requires it, or to protect our rights, safety or property.
Data retention
We keep personal data only as long as we need it. Order and transaction records are kept for as long as tax and accounting rules require. Custom photos are deleted on the timescale described above. Marketing data is kept until you unsubscribe or ask us to delete it. When data is no longer needed, we delete or anonymise it.
Your rights
Depending on where you live, you have rights over your personal data. We honour these rights for everyone who contacts us, wherever possible.
If you are in the EU or UK (GDPR), you can request to access, correct, delete or restrict our use of your data; object to certain processing; withdraw consent; and receive a copy of your data in a portable format. You also have the right to complain to your local data-protection authority.
If you are a California resident (CCPA/CPRA), you can request to know what personal information we’ve collected and how it’s used, request deletion, correct inaccurate information, and opt out of the “sale” or “sharing” of personal information. We do not sell your personal information, and we won’t discriminate against you for exercising your rights.
International data transfers
Because we ship worldwide and print at an overseas production studio, your data (including your custom photo and shipping address) may be transferred to and processed in countries outside the one you live in. When we do this, we take steps to protect your information consistent with this policy and applicable law, including appropriate safeguards for transfers out of the EU/UK.
Children’s privacy
Our site and products are intended for adults. We do not knowingly collect personal information from children under 16. If you believe a child has given us their data, please contact us and we will delete it.
How we keep your data secure
We use industry-standard measures — encrypted connections (HTTPS), access controls and reputable, secure service providers — to protect your information. No method of transmission or storage is ever 100% secure, but we work hard to safeguard your data and to limit who can access it to those who need it to do their job.
Changes to this policy
We may update this privacy policy from time to time. When we do, we’ll change the “Last updated” date at the top of this page. Significant changes may also be announced on the site. Please check back occasionally.
How to contact us or exercise your rights
To ask a question, request your data or exercise any of the rights above, email us at [email protected] or call +1 409 995 3467 (calls only). We’ll respond within the timeframe the law requires, and we may need to verify your identity before acting on a request to protect your account.
You can also reach us through our contact page. For our full terms, see our terms and conditions.
