Painted Mares

Legal

Privacy Policy

Last updated: June 27, 2026

Who We Are

Painted Mares (“we,” “us,” “our”) is a US-based e-commerce service that creates AI-generated equestrian portrait artwork. This policy describes how we collect, use, and protect your personal information when you visit our website at paintedmares.com or use our services.

For privacy inquiries, contact us at privacy@paintedmares.com.

Information We Collect

We collect the following categories of personal information:

  • Photos you upload for portrait generation. Stored securely and used solely to create your artwork.
  • Account information — email address, name (when you create an account or place an order).
  • Payment information — processed securely through Stripe. We never store credit card numbers on our servers.
  • Shipping address — when you order physical products, shared only with our fulfillment partners.
  • Device and usage data — IP address, browser type, pages visited, session duration. Collected through essential first-party cookies and analytics.
  • Communications — emails you send us for customer support.

How We Use Your Information

We use your information for the following purposes and legal bases:

  • To generate portraits from your uploaded photos (contractual necessity / consent)
  • To process payments and fulfill orders (contractual necessity)
  • To send order confirmations, shipping updates, and delivery notifications (contractual necessity)
  • To respond to customer support inquiries (legitimate interest)
  • To improve our service through aggregate analytics (legitimate interest)
  • To prevent fraud and abuse (legitimate interest)

Your Photos

Your uploaded photos are stored in encrypted cloud storage (Supabase). We use them exclusively to generate your portraits via OpenAI’s image generation API and to upscale them for print. We do not sell, share, or use your photos to train AI models. Generated portraits are stored for your access and order fulfillment. You may request deletion of all your data at any time.

Photographs of People & Biometric Data

Your photo may include people — for example, you standing with your horse — and therefore may contain facial images. We use such a photo only to generate the artwork you request. We do not perform facial recognition, attempt to identify anyone, or build a biometric profile, and we do not sell or share the photo or use it to train AI models.

Please upload photos of other people only with their permission, and photos of a minor only if you are that minor’s parent or legal guardian. If you reside in a state with a biometric-privacy law (for example, Illinois, Texas, or Washington), then by uploading a photo that contains a face you consent to this limited processing for the purpose of creating your portrait, and you may request deletion at any time.

Third-Party Service Providers

We share limited information with trusted partners to operate our service. Each partner is bound by a data processing agreement:

  • OpenAI (San Francisco, CA) — processes your photo to generate portraits. Receives image data only.
  • Stripe (San Francisco, CA) — securely processes payments. Receives name, email, and payment card details.
  • Prodigi (Manchester, UK) — prints and ships physical products for European orders. Receives shipping address and print file.
  • Printful (Charlotte, NC) — prints and ships physical products for US/CA/AU orders. Receives shipping address and print file.
  • Supabase (San Francisco, CA) — hosts our database and file storage.
  • Vercel (San Francisco, CA) — hosts our website.
  • Resend — delivers transactional and marketing emails (order confirmations, shipping updates, and our newsletter if you subscribe).
  • Claid.ai — upscales images for print-quality resolution. Receives image data only.
  • Google (Analytics 4), Meta (Facebook/Instagram) Pixel, and TikTok Pixel — measurement, conversion tracking, and advertising. These load only with your consent (see Cookies and Tracking) and receive online identifiers and activity events such as page views and purchases.

We do not sell your personal information for money, and we never share it with data brokers or identity resolution vendors. We do use advertising and analytics cookies (Google, Meta, TikTok) only after you consent, which under some U.S. state laws is considered "sharing" for cross-context behavioral advertising. You can withdraw consent, reject these cookies, or send a Global Privacy Control signal at any time — see Privacy Choices.

Cookies and Tracking

We use essential first-party cookies to maintain your session, remember your login state, process orders, and (for our own reporting) remember which referral link or campaign brought you to us. These are strictly necessary for the service to function and are always on.

With your consent we also use analytics and advertising cookies — Google Analytics 4, the Meta (Facebook/Instagram) Pixel, and the TikTok Pixel — to measure traffic, track conversions, and improve our advertising. None of these load until you click "Accept all" in our cookie banner. If you reject them, send a Global Privacy Control (GPC) signal, or haven't chosen yet, only essential cookies are set. We honor GPC automatically as a valid opt-out of any sale or sharing of personal information. See our Cookie Policy for the full list and how to withdraw consent.

International Data Transfers

Our services are hosted in the United States. If you are visiting from the European Economic Area (EEA) or United Kingdom, your personal data will be transferred to and processed in the United States. We rely on the European Commission's Standard Contractual Clauses (SCCs) executed within our processors' Data Processing Agreements to ensure adequate protection for international transfers.

Data Retention

  • Uploaded photos and generated portraits: Retained while your account is active or for 365 days for anonymous sessions.
  • Order records: Retained for 7 years for legal/tax compliance.
  • Account data: Retained until you request deletion.
  • Server logs: Automatically expire within 30 days.

Your Rights

All users:

  • Right to access your personal data
  • Right to correct inaccurate data
  • Right to delete your data
  • Right to data portability (receive a copy in machine-readable format)

California residents (CCPA/CPRA):

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information
  • Right to opt out of the sale or sharing of your personal information
  • Right to limit use of sensitive personal information
  • Right to non-discrimination for exercising your rights

European residents (GDPR):

  • Right to withdraw consent at any time
  • Right to restrict processing
  • Right to object to processing based on legitimate interest
  • Right to lodge a complaint with your local Data Protection Authority

To exercise any of these rights, email privacy@paintedmares.com. We will respond within 30 days.

California Disclosure: Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information as defined by the CCPA:

  • Identifiers: name, email address, IP address, account ID
  • Commercial information: order history, products purchased
  • Internet activity: pages visited, session data
  • Geolocation data: approximate location derived from IP address
  • Audio/visual & sensitive information: photos you upload for portrait generation, which may include facial images of you or people you have permission to include

We do not sell personal information for money. Where visitors consent to advertising cookies (Google, Meta, TikTok), we "share" identifiers and internet-activity for cross-context behavioral advertising as defined by the CCPA/CPRA. You may opt out at any time via Privacy Choices, the cookie banner, or a Global Privacy Control signal.

Children's Privacy

Our services are not directed to children, and you must be 18 or older to use them. We do not knowingly collect personal information from children under 13. A photo may include a minor only if you are that minor’s parent or legal guardian. If you believe a child has provided us with personal information, or that a minor’s image was uploaded without authority, please contact us and we will delete it promptly.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email to registered users and posted on this page with an updated date. Your continued use of the service after changes constitutes acceptance.

Contact

For privacy-related questions, data requests, or complaints, email us at privacy@paintedmares.com.

Privacy Policy — Painted Mares