Skip to main contentLast updated December 4, 2025
Introduction.
We at Outpaint, Inc. (“Outpaint,” “we,” or “us”) are strongly committed to respecting your privacy and keeping secure any information you share with us. This privacy policy (“Privacy Policy”) explains how we collect, use, disclose, and process your personal information when you use Outpaint’s website, platform, and related tools that enable verified NFT holders and licensed artists/collections to create and purchase made‑to‑order premium apparel, and any related services we provide (collectively, the “Service”). Please read this Privacy Policy carefully. By accessing or using the Service, you acknowledge you have been informed of and consent to our practices with regard to your personal information and data.
1. Personal data we collect.
We collect the following categories of personal data:
A. Personal data you provide to us directly.
We collect personal data if you create an account to use our Service or communicate with us. This includes:
-
Account Information: Outpaint collects identifiers, such as your name and email address, when you sign up for an Outpaint account or to receive information about our Service.
-
Wallet Verification: You can connect a digital wallet through our authentication provider. We use it to verify NFT ownership at the time of ordering and do not store wallet addresses. We keep a record of the artwork printed for order fulfillment and support.
-
Orders and Fulfillment: When you place an order, we collect order details and selections necessary to fulfill your purchase.
-
Payment Information: Payments are processed by Stripe. We do not store card details—only a Stripe payment session reference linked to your order.
-
Communication: We collect personal information you provide in messages and support requests, including any attachments or takedown notices you submit.
-
Surveys and Feedback: If you participate in surveys, limited programs, or provide feedback, we collect your responses and any information you include.
B. Personal data we receive from your use of the Service
When you use the Service, we also receive certain technical data automatically. This includes:
- Device Information. Details your browser or device provides, such as device type, operating system, browser type and version, language, screen resolution, and mobile network or ISP (depending on your settings and device).
- Log Information. Server and application logs, including IP address, timestamps, request and referral URLs, user agent, and error/crash diagnostics.
- Usage Data. Information about how you interact with the Service, such as pages viewed, features used (e.g., viewing owned NFTs, artwork selection, cart and checkout steps), clicks, scrolls, navigation patterns, performance metrics, and session duration.
- Cookies and Similar Technologies. Cookies, pixels, local storage, and similar tools used to operate the Service, keep you signed in, remember preferences, analyze usage, prevent fraud, and personalize limited on-site experiences. You can control cookies via your browser; disabling some may affect functionality. See our Cookie Policy for details.
- Location Information. Approximate location inferred from your IP address for security, fraud prevention, currency and shipping estimates, and performance monitoring. We do not collect precise GPS location.
2. How we use personal data.
We may use personal data for the following purposes:
- To provide and maintain the Service, including processing payments, fulfilling orders, coordinating shipping, and providing customer support.
- To create and manage your account, including sending service-related notifications (e.g., order confirmations, shipping updates, policy changes).
- To prevent, detect, and investigate fraud, abuse, and violations of our terms or licensing rules.
- To communicate with you about the Service, including responding to inquiries and support requests.
- To send marketing communications about products or artist drops, where permitted; you can opt out at any time.
- To comply with legal obligations and protect the rights, safety, and property of users, artists, and Outpaint.
- To aggregate or de-identify data for analytics and service improvement; we maintain de-identified data in its de-identified form.
We may aggregate or de-identify personal data so that it no longer identifies you, and use that information for the purposes described above, such as analyzing how the Service is used, improving or adding features, and conducting research. We will maintain de-identified information in its de-identified form and will not attempt to reidentify it, except as required by law.
3. How we share personal data.
We disclose personal data only as needed to operate the Service, fulfill orders, protect users and creators, and comply with the law. We do not sell personal data or share it for cross‑context behavioral or targeted advertising, and we honor Global Privacy Control (GPC). For our current vendors, see: Subprocessor List.
-
Service providers and integrations. We share personal data with providers that host, secure, support, and improve the Service (e.g., cloud, infrastructure, security, analytics, and support). If you connect third‑party services (e.g., sign‑in or wallet linking), we disclose data as needed. These parties process data under our instructions and applicable law.
-
Payments, fulfillment, and fraud prevention. We disclose personal data to our payment processor to process transactions, prevent fraud and chargebacks, and meet legal obligations. We do not store payment card numbers. To produce and deliver orders, we share necessary details with production, fulfillment, and shipping providers, including data required for customs.
-
Authentication and provenance. We use authentication and wallet‑linking to verify access and confirm eligibility for prints. We do not store private keys or seed phrases. For provenance, we may store limited NFT identifiers (e.g., collection address and token ID).
Compliance, safety, rights, affiliates, business transfers, and consent
We may disclose personal data to enforce terms; prevent, detect, and investigate fraud, abuse, or security incidents; comply with law or legal process; or protect rights and safety. We may share with affiliates, disclose during diligence, or transfer data in a corporate transaction. We also disclose personal data when you ask us to or consent.
4. Analytics, cookies, and retention.
- Analytics and cookies: we use cookies and similar technologies to operate the Service, remember preferences, analyze usage, prevent fraud, and personalize limited on‑site experiences. Where supported, we enable privacy‑protective settings (e.g., IP truncation). Manage cookies in your browser/device; disabling some may affect functionality. See our Cookie Policy.
- Retention: we retain personal data only as long as needed for the Service and legitimate business needs (including legal, security, and dispute resolution). Example: order and shipping records may be retained up to 7 years for tax, accounting, and chargebacks. When no longer needed, we delete or de‑identify data in line with applicable law and provider capabilities.
5. Security.
We implement administrative, technical, and organizational measures to protect personal information. No method is 100% secure. You are responsible for your account and wallet security (including private keys and recovery phrases).
6. Your rights and choices.
- Depending on your location, you may have rights to access, delete, correct, port, object/restrict, and withdraw consent. To exercise rights, contact us at [email protected]; we may verify your request and permit authorized agents where allowed.
- Marketing and cookies: unsubscribe using links in our emails; manage cookies in your browser/device. We honor GPC where applicable. We do not respond to other Do Not Track signals.
7. International transfers.
- We may process personal information outside your country. Where required, we use appropriate safeguards (e.g., Standard Contractual Clauses or other lawful mechanisms).
8. Jurisdiction‑specific disclosures.
- US state laws (e.g., CA/CCPA/CPRA; CO, CT, VA): we do not sell personal information; to the extent “sharing” for cross‑context behavioral advertising applies, you may opt out as described in “Your rights and choices.”
- EEA/UK GDPR: legal bases include contract, legitimate interests, consent (where required), and legal obligations. You may lodge a complaint with your local supervisory authority.
- Canada (PIPEDA): you may request access to and correction of personal information and contact us about our policies and practices, including use of service providers outside Canada.
9. Privacy policy changes.
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date above and post the new version. Where required by law, we will provide additional notice.
We encourage you to contact us at [email protected] if you have any questions about this Privacy Policy. 
