Privacy Policy

Last updated: 5/27/2026

1. Introduction

At ParanoiaPrints, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller: ParanoiaPrints

Contact: support@paranoia-prints.com

2. Information We Collect

We may collect personal information that you voluntarily provide to us when you:

Register on the Website
Express an interest in obtaining information about us or our products and services
Participate in activities on the Website
Contact us
Place an order

The personal information we collect may include:

Name and contact data (email, address, phone)
Order and payment information
Shopping behavior and preferences
Account credentials

3. Legal Basis for Processing (GDPR Art. 6)

We process your personal data based on the following legal grounds:

Contract (Art. 6(1)(b)): To fulfill your orders and provide our services
Consent (Art. 6(1)(a)): For marketing communications and analytics
Legitimate Interest (Art. 6(1)(f)): For fraud prevention and security
Legal Obligation (Art. 6(1)(c)): For tax and accounting records

4. How We Use Your Information

We use personal information collected via our Website for:

To facilitate account creation and logon process
To fulfill and manage orders
To process payments
To respond to your inquiries
To request feedback
To protect our Services and prevent fraud
To send marketing communications (with your consent)

5. Third-Party Services & Data Processors

We share information with the following third parties who act as data processors:

5.1 Hosting & Infrastructure

Provider	Purpose	Location	Safeguards
Vercel Inc.	Website hosting & deployment	United States	Standard Contractual Clauses (SCCs), SOC 2 Type 2
Supabase Inc.	Database & authentication	USA (company), Germany (database)	SCCs, GDPR-compliant hosting in EU
Neon	Serverless PostgreSQL database	USA (company), AWS EU region	SCCs, encrypted at rest & in transit

5.2 Order Fulfillment & Payments

Provider	Purpose	Location	Safeguards
Printful	Order fulfillment & printing	USA / EU (Latvia)	SCCs, GDPR compliance
Stripe	Payment processing	USA / EU	PCI-DSS, SCCs, GDPR compliance

5.3 Analytics & Marketing

Provider	Purpose	Location	Safeguards
PostHog	Product analytics, event tracking, session recordings	EU (Ireland)	GDPR compliant, data hosted in EU, no data sold, DPA available
Google Analytics	Website analytics	USA	SCCs, Data Processing Agreement

PostHog is configured with EU-only hosting (eu.posthog.com). It uses first-party cookies and localStorage to track anonymous usage patterns. We track events such as page views, add-to-cart, checkout, and sign-up to improve our product. No personally identifiable information is sent to PostHog unless you provide it (e.g., email at checkout). PostHog is only loaded after you give analytics consent via our cookie banner. You can opt out at any time by changing your cookie preferences.

6. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA), particularly in the United States. When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): Approved by the European Commission
EU-US Data Privacy Framework: Where applicable
GDPR-compliant hosting: Supabase database hosted in Germany (EU)

For more information about these safeguards or to obtain a copy of the SCCs, please contact us.

7. Data Retention

We retain your personal data for the following periods:

Account data: Until account deletion + 30 days
Order data: 10 years (legal requirement for tax/audit)
Marketing data: Until consent withdrawal
Analytics data: 26 months (anonymized after)

8. Your Privacy Rights (GDPR)

Under the GDPR, you have the right to:

Access (Art. 15): Request a copy of your personal data
Rectification (Art. 16): Request correction of inaccurate data
Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten")
Restriction (Art. 18): Request restriction of processing
Data Portability (Art. 20): Request transfer of your data
Object (Art. 21): Object to processing based on legitimate interest
Withdraw Consent (Art. 7): Withdraw consent at any time

To exercise these rights, contact us at support@paranoia-prints.com. We will respond within 30 days.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, ICO in UK, BfDI in Germany).

9. Cookies & Local Storage

We use cookies and similar technologies to improve your experience. For detailed information about cookies, please see our Cookie Policy accessible from the cookie banner on our website.

Types of cookies and storage we use:

Essential: Required for website functionality (cart, auth, session)
Analytics (PostHog): Anonymous event tracking, session recordings, page views — only activated with your consent. Data hosted in EU (Ireland). Uses first-party cookies (ph_*) and localStorage (ph_phc_*).
Analytics (Google Analytics): Aggregated traffic analysis — only activated with your consent
Personalization: Remember your preferences and settings

You can manage your cookie preferences at any time via the cookie banner or by contacting us.

10. Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

For any questions about this policy or to exercise your rights, contact us at:

Email: support@paranoia-prints.com