Privacy Policy
Last updated: July 10, 2026
This Privacy Policy explains how Triple Dog Studios LLC [TODO-LEGAL: confirm exact legal entity name and address], doing business as FetchMy.art (“FetchMy.art,” “we,” “us”), collects, uses, shares, and protects personal information when you use the FetchMy.art platform — the marketing site at fetchmy.art, the application, shop portals hosted on fetchmy.art subdomains or connected custom domains (“Shop Sites”), and related services (together, the “Service”). It also describes your rights and choices. Capitalized terms not defined here have the meaning given in our Terms of Service.
In plain English: We collect what we need to run a design-library and shop platform: your account details, the files you upload, billing handled by Stripe, and usage analytics (only with your cookie consent). We don’t sell your data, and we don’t train AI models on your artwork.
1. Who is responsible for your data (roles)
Data we control. For account holders and visitors to our marketing site, FetchMy.art is the “controller” (or “business” under the CCPA) of your personal information — we decide how and why it is processed.
Data Shops control. Shops use the Service to store and manage information about their own Clients and End Customers — for example, client names and emails for proofs, portal invitations, signature records, and order details. For that data, the Shop is the controller and FetchMy.art is a processor/service provider acting on the Shop’s instructions. If you are a Shop’s Client or End Customer and want to access or delete data a Shop holds about you, contact that Shop directly; we will assist Shops in honoring such requests (see also our Data Processing Addendum).
Shop Sites display content controlled entirely by the respective Shop, and Shops may attach their own analytics or advertising tags to their Shop Sites (see Section 6). This Policy does not cover a Shop’s own privacy practices; Shops are responsible for their own privacy notices toward their Clients and End Customers.
2. Information we collect
2.1 Information you provide
- Account data: name, email address, password (stored as a hash), shop/business name, role, and profile settings.
- Content you upload: designs, artwork, embroidery files, images, product data, tags, descriptions, folders, notes, and any personal information embedded in those files or their metadata. All content on the Service is uploaded by users — Shops or the Clients they invite. FetchMy.art does not upload or curate content other than on the marketing site itself.
- Client and customer data Shops upload: contact details of a Shop’s Clients and End Customers, proof recipients, portal invitees, estimate and order details, and shipping addresses for fulfillment orders. The Shop controls this data (Section 1).
- Signature records: when someone signs or approves a document electronically, we record the typed name or drawn signature, a timestamp, the signer’s IP address, related audit events (sent, viewed, signed, declined), and an immutable PDF of the signed record.
- Communications: support requests, help-desk conversations, feedback, and emails you exchange with us.
- DMCA and abuse reports: if you submit a copyright takedown notice, counter-notice, or abuse report, we collect the information in the report — including your name, contact details, statements, signature, and the IP address from which the report was submitted — and share it as described in our DMCA & Copyright Policy.
2.2 Information collected automatically
- Usage and log data: IP address, browser and device information, pages viewed, referring pages, timestamps, and request logs used for security, debugging, and abuse prevention.
- Analytics: with your consent (via the cookie banner), we use Google Analytics 4 loaded through Google Tag Manager on our own pages to understand how the Service is used. See Section 6 (Cookies).
2.3 Information from third parties
- Payments: subscription and fulfillment billing is processed by Stripe. We receive billing status, plan information, and limited payment metadata (such as card brand and last four digits); full card numbers are collected and stored by Stripe, not by us.
- Sign-in providers: if you sign up or sign in with a third-party identity provider (such as Google or Facebook), we receive your name, email, and basic profile information from that provider as permitted by your settings there.
3. How we use information
- To provide the Service: operating your library and Shop Sites, rendering previews and thumbnails, sending proofs and portal invitations on your behalf, recording approvals and signatures, generating estimates, publishing to channels you connect, and fulfilling orders you place.
- AI-assisted organization: processing uploaded artwork to generate tags, titles, and descriptions (see Section 4).
- Billing and account management: processing subscriptions and fulfillment charges, sending invoices and service notifications.
- Security and abuse prevention: authenticating users, protecting tenant isolation, detecting fraud and abuse, and enforcing our Terms and Acceptable Use Policy.
- Improvement and analytics: understanding feature usage and performance (analytics only with consent).
- Legal compliance: responding to lawful requests, handling DMCA notices, keeping tax and accounting records, and establishing or defending legal claims.
We do not sell personal information, and we do not use your uploaded content for advertising.
4. AI processing of uploaded artwork
When AI-assisted features run, your uploaded artwork and related metadata are sent to third-party AI service providers to generate organizational metadata such as tags, titles, and descriptions. This happens solely to operate those features for you. FetchMy.art does not train AI models on your content, and we engage AI providers under terms that limit their use of submitted content to providing the service. [TODO-LEGAL: verify the no-training/limited-use terms of each AI provider in the current chain (OpenRouter-routed models, MiniMax) and align this statement with what those contracts actually say] The categories of providers we use are listed on our Subprocessors page.
5. How we share information
We share personal information only as described here, with parties that are bound to appropriate confidentiality and data-protection obligations:
- Service providers (processors): vendors that process data on our behalf in these categories — payment processing, cloud hosting and object storage, AI enrichment, transactional email delivery, DNS/content delivery, and analytics. The current list is maintained at fetchmy.art/subprocessors.
- Fulfillment partners: if a Shop places a fulfillment order, we share with the production partner the design files and order details needed to produce and ship it, including the recipient’s name and shipping address.
- At your direction: when a Shop publishes content to its own e-commerce channels, shares a proof or portal link, or sends a document for signature, the relevant data goes to the recipients and platforms the Shop chooses.
- Within a Shop: a Shop’s owners and administrators can see the activity and content of the workspace, including team members’ and invited Clients’ activity in that workspace.
- DMCA parties: as described in the DMCA & Copyright Policy, takedown notices (including the reporter’s contact information) may be forwarded to the affected Shop, and counter-notices to the original complainant.
- Legal and safety: when we believe in good faith that disclosure is required by law or legal process, or necessary to protect the rights, safety, or property of FetchMy.art, our users, or the public.
- Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy or successor terms with equivalent protections.
We do not sell or rent personal information to third parties, and we do not “share” personal information for cross-context behavioral advertising as those terms are defined by the California Consumer Privacy Act.
6. Cookies and similar technologies
We use cookies and similar technologies in these categories:
- Essential: sign-in sessions, security (such as CSRF protection), and consent storage. These are required for the Service to function and cannot be switched off.
- Analytics: Google Analytics 4, loaded via Google Tag Manager, to measure how our pages are used. Analytics tags load only after you consent through the cookie banner, and you can change your choice at any time via the “Cookie preferences” link in the site footer.
Shop Sites may carry the Shop’s own tags. Shops can attach their own analytics or advertising tags (for example, their own GA4, Google Tag Manager, or Meta Pixel) to their Shop Sites. Those tags are configured and controlled by the Shop, which is the controller for the data they collect; the same consent banner governs when they load, but what they collect and how it is used is the Shop’s responsibility.
For the full details — including a current list of third-party cookies — see our Cookie Policy and cookie vendor list. You can also control cookies through your browser settings; blocking essential cookies will break sign-in.
7. Data retention
- Account and content data: retained while your account is active. After account closure, content is deleted in the ordinary course following a limited wind-down period during which you can export it [TODO-LEGAL: confirm the exact post-closure retention/wind-down window the platform actually implements (e.g., 30 days) and state it here].
- Backups: deleted content may persist in encrypted backups until those backups rotate out on our standard schedule [TODO-LEGAL: confirm backup rotation window (e.g., 35 days)].
- Signature records: signed documents and their audit trails (including IP addresses and timestamps) are retained as long as needed to preserve the evidentiary value of the signed record for the parties, including after account closure where required.
- Billing and tax records: retained as required by law (typically 7 years).
- Server logs: retained for a limited period for security and debugging [TODO-LEGAL: confirm log retention period (e.g., 90 days)].
- DMCA records: notices, counter-notices, and enforcement records are retained as long as needed to administer our repeat-infringer policy and defend legal claims.
8. Security
We protect personal information with technical and organizational measures appropriate to the risk, including encryption in transit (TLS), encryption at rest for stored files, tenant isolation between workspaces, role-based access controls, and audit logging of sensitive actions. No system is perfectly secure; if we learn of a breach affecting your personal information, we will notify you and the relevant authorities as required by law.
9. Your rights and choices
You can access and update most account information in your settings, and export your content from the app. Depending on where you live, you may also have rights to request access to, correction of, deletion of, or a portable copy of your personal information, and to object to or restrict certain processing. To exercise these rights, email privacy@fetchmy.art [TODO-LEGAL: confirm privacy@fetchmy.art mailbox exists and is monitored]. We will verify your request (typically via your account email) and respond within the time required by applicable law. We will not discriminate against you for exercising your rights.
If your data is held by a Shop (you are a Shop’s Client or End Customer), we will forward your request to that Shop or direct you to it, since the Shop is the controller of that data.
9.1 California (CCPA/CPRA)
California residents have the rights to know, access, correct, delete, and port their personal information, and to opt out of “sale” or “sharing.” We do not sell or share personal information as defined by the CCPA, and we do not use or disclose sensitive personal information for purposes requiring a right to limit. The categories of personal information we collect and disclose for business purposes are described in Sections 2 and 5. Authorized agents may submit requests on your behalf with proof of authorization.
9.2 European Economic Area, United Kingdom, and similar regimes (GDPR)
Where the GDPR or UK GDPR applies, our legal bases are: performance of a contract (providing the Service you signed up for), legitimate interests (security, abuse prevention, service improvement), consent (analytics cookies and any optional marketing), and legal obligation (tax, accounting, and lawful requests). You may withdraw consent at any time, and you have the right to lodge a complaint with your supervisory authority. Where we transfer personal data from the EEA/UK to the United States, we rely on appropriate safeguards such as Standard Contractual Clauses [TODO-LEGAL: confirm SCCs are actually in place with relevant subprocessors before representing this; adjust if the platform will instead state US-only processing].
10. International transfers
FetchMy.art is operated from the United States, and personal information is processed and stored in the United States and in the countries where our subprocessors operate (see the Subprocessors page). By using the Service you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your jurisdiction.
11. Children
The Service is a business tool and is not directed to children. We do not knowingly collect personal information from anyone under 16, and account holders must be at least 18. If you believe a child has provided us personal information, contact privacy@fetchmy.art and we will delete it.
12. Changes to this Policy
We may update this Policy from time to time. If a change is material, we will notify account owners by email or in-product notice before it takes effect. The “Last updated” date above reflects the current version. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.
13. Contact us
Privacy questions and requests: privacy@fetchmy.art. Postal mail: Triple Dog Studios LLC [TODO-LEGAL: insert registered business mailing address and confirm entity name], Attn: Privacy.
Related policies
This document is part of the FetchMy.art legal package. It should be read together with: