Legal
Privacy Policy
Last updated: April 29, 2026 • Effective: April 29, 2026
Fuzzly Designs LLC (“Fuzzly,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains what information we collect when you use fuzzlydesigns.com (the “Site”) and our APIs and integrations (the “Services”), how we use it, how we protect it, how long we retain it, and the choices you have. By using the Site or Services you agree to this policy.
Data Protection Officer / Privacy Contact:
Email: [email protected]
Mail: Fuzzly Designs LLC, Privacy Office, 2810 N Church St #99551, Wilmington, DE 19802, USA
1. Information we collect
We collect three categories of information:
- Information you provide. Name, email address, shipping and billing addresses, phone number (optional), order details, photos and other media you upload to create custom products, and any messages you send to customer support.
- Payment information. Payments are processed by Stripe. We do not store full card numbers on our servers. Stripe sends us a token plus the last four digits, card brand, and billing ZIP for fraud screening and refunds.
- Automatically collected data. IP address, device and browser type, referring URL, pages viewed, items added to cart, and timestamps. We use cookies and similar technologies, and conversion pixels from advertising platforms (e.g., Pinterest, Meta, Google) to measure ad performance.
2. How we use your information
- To fulfill orders, communicate with you about purchases, and provide customer support.
- To produce custom products via our print-on-demand fulfillment partners (Gelato, Prodigi, Printful, Printify).
- To detect and prevent fraud, abuse, and security incidents.
- To improve the Site, develop new features, and analyze aggregate usage trends.
- To send transactional emails (order confirmations, shipping updates) and, with your consent, marketing emails. You can unsubscribe at any time.
- To comply with legal obligations, enforce our Terms, and protect our rights.
3. Pinterest API and advertising integrations
If you connect a Pinterest account or interact with our Pinterest-powered features, we access only the scopes you explicitly grant via Pinterest's OAuth consent screen. We never share, sell, or transfer Pinterest data to third parties outside the operation of the Service. We use Pinterest data exclusively to: (a) display your own pins inside the Fuzzly experience, (b) report ad performance to you, and (c) comply with Pinterest's Developer Guidelines and Platform Policy. You can revoke access at any time from your Pinterest account settings, which immediately invalidates our token. We follow the same minimum-scope, no-resale principles for all advertising integrations (Meta, Google, TikTok).
4. Who we share information with
We share information only with the following categories of recipients, and only as necessary:
- Fulfillment partners (Gelato, Prodigi, Printful, Printify): name, shipping address, and product/design files needed to ship your order.
- Payment processor (Stripe): card data, transaction amount, and billing details.
- Email and infrastructure providers (Resend, Cloudflare, Railway): to deliver email and host the Site.
- Analytics and advertising (Pinterest, Meta, Google): pseudonymous event data for measurement and remarketing. We do not sell your personal information.
- Legal authorities: when required by law, subpoena, or to protect rights and safety.
We do not sell or rent your personal information.
5. How we protect your information (Security)
- Encryption in transit: all traffic to and from the Site is served over HTTPS (TLS 1.2 or higher). API tokens are transmitted only over encrypted channels.
- Encryption at rest: our database is encrypted at rest (AES-256). Object storage (uploaded photos) is encrypted at rest by our cloud provider.
- Access controls: production access is limited to authorized personnel via SSO with multi-factor authentication. We follow the principle of least privilege.
- Token storage: OAuth tokens (including Pinterest, Google, Meta) are stored encrypted, scoped to specific functions, and refreshed/rotated on schedule. Tokens are revoked on user disconnect.
- Vendor security: we work only with sub-processors who maintain industry-standard security certifications (SOC 2, ISO 27001 where applicable).
- Incident response: in the event of a data breach affecting your personal information, we will notify affected users and applicable authorities without undue delay and within timelines required by applicable law (including the 72-hour rule under GDPR).
6. How long we keep your information (Retention)
We retain personal information only as long as necessary for the purposes described in this policy, or as required by law:
- Account and order data: retained while your account is active and for 7 years after your last order to comply with US tax and accounting requirements.
- Uploaded photos: retained for 90 days after your last order using that photo, then automatically deleted from object storage. You may request earlier deletion at any time.
- Marketing email lists: retained until you unsubscribe, then deleted within 30 days.
- Web analytics and ad-platform event data: retained for up to 24 months in aggregate, in line with Pinterest, Meta, and Google's standard windows.
- OAuth tokens for connected platforms: retained only while the connection is active. Disconnecting a platform deletes the token immediately.
- Support correspondence: retained for 3 years from the date of the last message.
- Backups: encrypted backups are retained for up to 35 days on a rolling basis and then permanently deleted.
After applicable retention periods, data is permanently deleted or irreversibly anonymized.
7. Your rights and choices
Depending on where you live, you may have the following rights:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information (subject to legal retention requirements).
- Port your data to another service.
- Object to or restrict certain processing, including direct marketing.
- Withdraw consent at any time where processing is based on consent.
- Opt out of the sale or sharing of personal information (we do not sell, but you may exercise this right under CCPA).
- Lodge a complaint with a supervisory authority (EEA/UK residents).
To exercise any of these rights, email [email protected]. We respond within 30 days.
8. Cookies and tracking
We use first-party cookies for authentication and cart state, and third-party cookies/pixels (Pinterest tag, Meta pixel, Google Analytics) for advertising measurement. You can control cookies through your browser settings. Disabling cookies may break checkout and account features.
9. Children
The Site is not intended for children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with information, contact [email protected] and we will delete it.
10. International transfers
We are headquartered in the United States. If you access the Site from outside the US, your information will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) and equivalent safeguards.
11. Changes to this policy
We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated via email or a banner on the Site at least 14 days before they take effect.
12. Contact us
For any privacy-related question, complaint, or rights request, contact:
- Email: [email protected]
- General support: [email protected]
- Mail: Fuzzly Designs LLC, Privacy Office, 2810 N Church St #99551, Wilmington, DE 19802, USA
Fuzzly Designs LLC is a Delaware limited liability company. This policy is governed by the laws of the State of Delaware, USA.