Privacy Policy
Last updated: February 7, 2026
Stickitona (“we,” “us,” or “our”) is operated by van Yperen, based in the Netherlands. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our website at stickitona.com and our services.
We take your privacy seriously. As a Netherlands-based company, we comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.
1. What Information We Collect
Information you provide to us
- Account information: Email address, name, and password when you create an account (via email, Google, or Apple sign-in).
- Shipping information: Name, street address, city, postal code, country, and phone number when you place an order.
- Payment information: We do not store your credit card details. All payment processing is handled securely by Stripe. See section 4.
- Design uploads: Images and designs you upload or create using our design editor.
- AI prompts: Text prompts you enter when using our AI image generation feature.
- Communications: Any messages you send to our support team.
Information collected automatically
- Usage data: Pages visited, features used, time spent on pages, and referral source.
- Device information: Browser type, operating system, screen size, and device type.
- Authentication cookies: We use minimal cookies strictly necessary for keeping you logged in and maintaining your session. We do not use advertising or tracking cookies.
Guest checkout
You can place orders without creating an account. In that case, we collect only your email address, shipping address, and order details needed to fulfill your purchase.
2. How We Use Your Information
| Purpose | Legal Basis (GDPR) |
|---|---|
| Process and fulfill your orders | Performance of a contract |
| Create and manage your account | Performance of a contract |
| Send order confirmations and shipping updates | Performance of a contract |
| Generate AI images from your prompts | Performance of a contract |
| Process payments via Stripe | Performance of a contract |
| Respond to support requests | Legitimate interest |
| Prevent fraud and abuse | Legitimate interest |
| Improve our website and services | Legitimate interest |
| Comply with legal obligations | Legal obligation |
We do not use your data for profiling, automated decision-making, or targeted advertising.
3. AI-Generated Content
When you use our AI image generation feature:
- Your text prompts are sent to our AI provider (FAL.AI) to generate images.
- FAL.AI may process your prompts on servers located outside the EU. Appropriate safeguards (Standard Contractual Clauses) are in place.
- We do not use your prompts or generated images to train AI models.
- Generated images are stored in your account for your use in creating merchandise.
4. How We Share Your Information
We share your personal information only with the following third-party service providers, and only to the extent necessary to deliver our services:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication and database | Account data, shipping addresses, order history |
| Stripe | Payment processing | Email, name, payment details (handled directly by Stripe) |
| Gelato | Printing and shipping fulfillment | Shipping name, address, phone number, design files |
| FAL.AI | AI image generation | Text prompts |
| Vercel | Website hosting | Usage data, IP addresses |
| Resend | Transactional emails | Email address, name, order details |
For transfers outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or adequacy decisions as appropriate.
We do not sell your personal information. We do not share your data with advertisers.
We may also disclose your information if required by law, court order, or to protect our legal rights.
5. Data Retention
- Account data: Retained as long as your account is active. You can delete your account at any time (see section 7).
- Order data: Retained for 7 years after the order date to comply with Dutch tax and accounting obligations.
- AI prompts and generated images: Retained as long as your account is active, or 30 days after generation for guest users.
- Guest checkout data: Retained for 7 years (order/financial data) for tax compliance. Email addresses used only for order communication are retained for 2 years.
- Usage data: Retained for up to 12 months.
6. Cookies
We use only essential cookies required for our website to function:
- Authentication session cookie: Keeps you logged in.
- CSRF protection cookie: Prevents cross-site request forgery.
We do not use analytics cookies, advertising cookies, or third-party tracking cookies. Because we only use strictly necessary cookies, we do not require a cookie consent banner under GDPR.
7. Your Rights Under GDPR
As an EU-based company, we respect the following rights for all users, regardless of location:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data.
- Right to erasure (“right to be forgotten”): Request deletion of your data, subject to legal retention requirements.
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise any of these rights, contact us at privacy@stickitona.com. We will respond within 30 days.
If you are unsatisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.
8. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest.
- Row-level security on our database.
- Secure, tokenized payment processing through Stripe (PCI DSS compliant).
- Background removal processing happens entirely on your device (client-side) — those images are never sent to our servers.
9. Children's Privacy
Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
10. International Users
If you are located outside the EU, please be aware that your data may be transferred to and processed in the EU (Netherlands) and other countries where our service providers operate. We ensure appropriate safeguards are in place for all international data transfers.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date. For significant changes, we may also notify you by email.
12. Contact Us
Stickitona (operated by van Yperen)
The Netherlands
Email: privacy@stickitona.com
Website: stickitona.com