Privacy Policy
How the Adorn service, operated by Outside Projects, collects, uses, and protects data.
1. Introduction & Scope
This Privacy Policy explains how Outside Projects handles data in connection with the Adorn service (the "Service"), a platform that renders branded product images and emits a prioritized product catalog feed for merchants. It covers the merchants and their authorized users who sign in to and connect accounts with the Service. It takes effect on the last-updated date shown above.
2. Who We Are (Controller)
Outside Projects is the entity responsible for the Service and is governed by the laws of the State of California, United States. You can reach us about privacy at /support.
3. Controller and Processor Roles
Under the GDPR, we act as a controller for the account and identity data we hold about merchants and their users, and as a processor for the product, catalog, and platform data we process on a merchant's behalf and under its instructions. This split reflects that a merchant decides which stores, ad accounts, and product data to connect, while we operate the platform that processes them.
4. Data We Collect, Why, and Where It Lives
We collect only what the Service needs to operate. The table below maps each category to the real technology that stores or processes it.
| Data | Why | Where it lives |
|---|---|---|
| Account & identity (email, name, user id) | Sign-in, membership, access control | Handled by Clerk, our authentication sub-processor |
| Shopify & Meta OAuth access tokens | Read your catalog and register your feed on your behalf | A per-tenant secret store, envelope-encrypted at rest under a platform key (never stored in reversible form) |
| Rendered product images (Output) | Deliver the designed creative into your feed | Cloudflare R2 object storage |
| Tenant configuration, product/catalog data, and an operational error log | Run the rule engine, render, and serve the feed | Cloudflare D1; the error log holds only classified, opaque tokens, no raw personal data |
| Product data ingested at your direction | Source the catalog we design and feed | From your chosen source — Shopify, a pasted feed URL, or DataFeedWatch |
| Support messages you send us | Respond to your request | Bot-checked with Cloudflare Turnstile and delivered by email via Resend |
5. Sub-Processors
We use the following sub-processors, each for the purpose named above. We remain responsible for their handling of data processed on your behalf and bind them to appropriate data-protection obligations (GDPR Art. 28).
- Clerk — authentication and account identity.
- Cloudflare — Workers (compute), R2 (image storage), D1 (database), and Turnstile (bot mitigation).
- Resend — transactional and support email delivery.
- Shopify — connected commerce platform and product source.
- Meta — connected advertising platform and feed destination.
- DataFeedWatch — optional product-feed source.
6. Legal Bases for Processing
Where the GDPR applies, we rely on: performance of our contract with you (to provide the Service); our legitimate interests (to secure, maintain, and improve the Service and prevent abuse), balanced against your rights; and your consent where it is specifically required. Merchants are responsible for the legal basis for any data they connect and process through the Service.
7. How We Use Data
We use data to provide and operate the Service: to authenticate accounts, ingest your product data, render designed images, generate and serve your catalog feed, respond to support requests, and to secure the Service and prevent abuse. We do not use your product data or connected-account tokens for any purpose other than operating the Service for you.
8. Data Sharing & Disclosure
We share data only with the sub-processors listed above, and only as needed to operate the Service, or where disclosure is required by law or to protect rights and safety. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
9. International Transfers
The Service is operated using US-based processing. Where data is transferred from other regions, we rely on appropriate safeguards, such as standard contractual clauses where relevant. The specific transfer mechanism is a legal-review decision and will be confirmed at review.
10. Data Retention
We keep account and identity data for the life of the account. Rendered images remain in Cloudflare R2 while your account is active. When a connected store is removed, we purge that store's product data and its stored credential; the retention window for previously rendered image objects in R2 is an operator and compliance decision documented in the Phase 27 launch runbook rather than a fixed number invented here. Our operational error log retains only classified, opaque tokens and never raw personal data.
11. Security
Connected-account OAuth tokens are envelope-encrypted at rest under a platform key held outside the database. Tenants are isolated so one merchant cannot reach another's data, images, or feed. Inbound platform webhooks are verified by HMAC before any action. Secrets are read by name at runtime and are never written into code or logs.
12. Your Rights
Subject to applicable law, you have rights to access, correct, delete, port, restrict, and object to the processing of your personal data, and to withdraw consent where processing relies on it. You can exercise these rights, or ask a question, at /support. Where we act as a processor for a merchant, we will refer or assist with a data-subject request as that merchant directs.
13. Platform-Initiated Deletion
We honor platform-initiated erasure. Our compliance endpoint at
/webhooks/shopify/compliance verifies and honors Shopify's
customers/data_request, customers/redact, and shop/redact
compliance webhooks, and we honor Meta's data-deletion path. Because Adorn stores no end-customer personal
data, the customer webhooks are verified no-ops; shop/redact purges the shop's product data
and its stored Shopify credential.
14. California Privacy (CCPA/CPRA)
If you are a California resident, you have the right to know the categories of personal information we collect and the purposes for using them, and the rights to delete, correct, and opt out. As stated above, we do not sell or share personal information for cross-context behavioral advertising, and we will not discriminate against you for exercising your rights. Requests can be made at /support.
15. No Third-Party Analytics or Trackers
The Service uses no third-party analytics, advertising trackers, or cross-site cookies. The only third parties involved are the sub-processors named in Section 5 — Cloudflare Turnstile (bot mitigation on the support form), Resend (email delivery), and the platforms you choose to connect (Shopify, Meta, DataFeedWatch) — and Clerk for authentication. We do not load Google Analytics or any comparable tracking script.
16. Children's Privacy
The Service is a business-to-business product for merchants and is not directed to children. We do not knowingly collect personal information from children.
17. Changes & Contact
We may update this Policy; the effective date at the top reflects the latest version, and material changes will be notified through the Service. Questions or requests can be sent to the controller, Outside Projects, at /support.