HomeContact
LoginGet Started

Privacy Policy

Effective Date: 09/15/2025

This Privacy Policy explains how Olasty (“Olasty,” “we,” “us,” “our”) collects, uses, discloses, and protects personal data when you use our e-commerce site builder for artists and related integrations (the “Service”). Capitalized terms not defined here have the meanings in our Terms & Conditions.

1) Roles & Scope

For Artist account and relationship data (e.g., your login, business profile, billing info, communications with us), Olasty acts as an independent “controller” (or equivalent).

For personal data of your buyers and visitors collected via your Olasty-powered store that we process on your documented instructions (e.g., to host your store or forward orders to your selected print-on-demand (“POD”) provider or payment processor), Olasty acts as your “processor” / “service provider” / “data processor,” as applicable. Where required, a data processing addendum (DPA) governs our processing on your behalf.

As an Artist, you are solely responsible for your own handling of buyers’ and visitors’ personal data, including providing any required privacy notices, obtaining consents, and configuring your store and integrations in a compliant manner.

2) Data We Collect

Information you provide (Artists): account and profile details (name, email, business name, phone), authentication data, billing/plan information, store settings, content and files you upload (including high-resolution artworks), and communications with us (support tickets, feedback).

Buyers and storefront visitors: depending on your configuration and integrations, we process (on your behalf) data such as name, contact details, shipping address, order details, design selections, and messages submitted via your store, as well as technical data (IP address, browser/user agent, device identifiers, timestamps, and similar logs) needed for security, fraud prevention, and basic functionality.

Payment integrations: API keys, tokens, webhook signing secrets, and configuration parameters you supply to connect your own payment gateway accounts (e.g., Stripe). We do not receive payment card numbers or CVVs; your payment processor handles those directly.

Automatically collected: device and log data (such as IP address, user agent, timestamps, referrer), usage and performance metrics, diagnostic and crash data, and event metadata generated by integrations and webhooks you enable.

From third parties you connect: data from POD providers, payment processors, analytics, or apps you choose to enable, consistent with their policies and your settings.

3) How We Use Data

We use personal data to:

Where we act as your processor/service provider for buyers’ data, we use that data only to provide the Service to you, to maintain security, to comply with law, and as otherwise permitted by our DPA. We do not “sell” or “share” such data for cross-context behavioral advertising, as those terms may be defined under applicable law.

4) High-Resolution Artwork

We store and process high-resolution files only as necessary to operate your store, generate previews you configure, and forward orders to the POD provider(s) and other Third-Party Services you select. We apply commercially reasonable security controls, but no method of storage or transmission is perfectly secure.

We do not use your artworks to train generalized AI models or for our own unrelated marketing. Public previews on your storefront, collaborator access, download settings, and third-party connections are controlled by you; risks arising from those choices are addressed in the Terms & Conditions.

5) Payment Credentials

To connect your own payment accounts (e.g., Stripe), you may provide API keys, tokens, and webhook signing secrets (“Payment Credentials”). We store Payment Credentials in encrypted form and restrict internal access on a need-to-know basis. We use them solely to operate the integration for your account and related security and logging. You can rotate or revoke them at any time via your provider or your settings.

6) Legal Bases (where applicable)

Where required by law (e.g., in the EEA/UK), we process personal data on the following bases: performance of our contract with you; legitimate interests in operating, securing, and improving the Service; your consent (for certain marketing or optional features); and compliance with legal obligations.

7) Sharing & Disclosures

We may share personal data with:

We do not sell or rent personal data. We do not permit our service providers to use buyer personal data we process for you for their own independent marketing.

8) International Transfers

We may process and store data in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers (such as Standard Contractual Clauses) and handle personal data consistent with this Policy.

9) Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal data, including encryption at rest for designated stores of high-resolution artwork files and Payment Credentials, access controls, and least-privilege practices.

No security measures are 100% effective. You are responsible for the security of your devices, networks, browser extensions, collaborators, and Third-Party Services and integrations you enable. Exposures arising from your configurations or third parties are addressed in our Terms & Conditions.

10) Data Retention

We retain personal data for as long as necessary to provide the Service and for legitimate and lawful business purposes, including security, fraud prevention, dispute resolution, and compliance. Following account closure, we delete or anonymize personal data within a reasonable period, unless we are required or permitted to retain it (for example, for tax, accounting, or legal obligations). Operational logs and backups may persist for a limited time.

11) Your Choices & Rights

You can access and update certain account information via the dashboard or by contacting us.

Depending on your jurisdiction, you may have rights to request access, deletion, correction, or portability of your personal data, and to object to or restrict certain processing. Where we process your data based on consent, you can withdraw that consent at any time without affecting prior processing.

Where we act as your processor/service provider for buyers’ personal data, we will, as required by law and our DPA, assist you in responding to data-subject requests. If a buyer contacts us directly about data you control, we may refer them to you or notify you so you can respond.

12) Cookies & Similar Technologies

We use strictly necessary cookies and similar technologies to operate the Service (e.g., session management, security). Where permitted, we may use limited analytics cookies or similar tools to understand and improve product usage.

You can control cookies through your browser settings; some features may not function properly without certain cookies. Artists may choose to add their own analytics or advertising tools to their stores; such tools are controlled by the Artist and the relevant third party, not by Olasty. We do not currently respond to “Do Not Track” signals.

13) Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided personal data to us, please contact us so we can take appropriate action.

14) Region-Specific Notices

California (CPRA): For buyers’ personal information we process on behalf of Artists, we act as a “service provider” or “contractor.” We do not sell or share such personal information for cross-context behavioral advertising. For personal information we collect as a controller (e.g., your account data), we do not sell personal information. California residents may have rights to know, delete, correct, and opt out of certain uses; requests can be submitted via the contact details below.

EEA/UK/Switzerland (GDPR): Where GDPR or similar laws apply, you may have rights to access, rectify, erase, restrict, or object to processing, and to data portability. You also have the right to lodge a complaint with your supervisory authority. We rely on the legal bases described in Section 6 and use appropriate transfer safeguards as described in Section 8.

Other U.S. State Laws: Where other state privacy laws apply, we honor applicable rights and obligations consistent with this Policy.

15) Subprocessors

We engage third-party service providers to assist in delivering the Service (e.g., hosting, storage, support, analytics, security). These providers process personal data pursuant to written agreements requiring appropriate confidentiality and security commitments. We remain responsible for our subprocessors’ performance to the extent required by law.

16) Law Enforcement & Legal Requests

We may disclose personal data if we believe in good faith that disclosure is reasonably necessary to comply with a law, regulation, legal process, or governmental request; to protect the safety of any person; to address fraud, security, or technical issues; or to protect Olasty’s rights or property.

17) Automated Decision-Making

We do not engage in solely automated decision-making that produces legal or similarly significant effects about you within the meaning of applicable law.

18) Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will provide notice by reasonable means (e.g., via the Service or email). Your continued use of the Service after the effective date of an updated Policy constitutes your acceptance. To the extent of any conflict between this Policy and our Terms & Conditions regarding risk allocation or limitations of liability, the Terms & Conditions prevail, to the extent permitted by law.

19) Contact

Questions, concerns, or privacy requests: Contact Form

End of Privacy Policy.

Copyright 2025 Olasty - All Rights Reserved

Terms & ConditionsPrivacy PolicyContact