Privacy Policy

How the Adorn service, operated by Outside Projects, collects, uses, and protects data.

1. Introduction & Scope

This Privacy Policy explains how Outside Projects handles data in connection with the Adorn service (the "Service"), a platform that renders branded product images and emits a prioritized product catalog feed for merchants. It covers the merchants and their authorized users who sign in to and connect accounts with the Service. It takes effect on the last-updated date shown above.

2. Who We Are (Controller)

Outside Projects is the entity responsible for the Service and is governed by the laws of the State of California, United States. You can reach us about privacy at /support.

3. Controller and Processor Roles

Under the GDPR, we act as a controller for the account and identity data we hold about merchants and their users, and as a processor for the product, catalog, and platform data we process on a merchant's behalf and under its instructions. This split reflects that a merchant decides which stores, ad accounts, and product data to connect, while we operate the platform that processes them.

4. Data We Collect, Why, and Where It Lives

We collect only what the Service needs to operate. The table below maps each category to the real technology that stores or processes it.

DataWhyWhere it lives
Account & identity (email, name, user id)Sign-in, membership, access controlHandled by Clerk, our authentication sub-processor
Shopify & Meta OAuth access tokensRead your catalog and register your feed on your behalfA per-tenant secret store, envelope-encrypted at rest under a platform key (never stored in reversible form)
Rendered product images (Output)Deliver the designed creative into your feedCloudflare R2 object storage
Tenant configuration, product/catalog data, and an operational error logRun the rule engine, render, and serve the feedCloudflare D1; the error log holds only classified, opaque tokens, no raw personal data
Product data ingested at your directionSource the catalog we design and feedFrom your chosen source — Shopify, a pasted feed URL, or DataFeedWatch
Support messages you send usRespond to your requestBot-checked with Cloudflare Turnstile and delivered by email via Resend

5. Sub-Processors

We use the following sub-processors, each for the purpose named above. We remain responsible for their handling of data processed on your behalf and bind them to appropriate data-protection obligations (GDPR Art. 28).

6. Legal Bases for Processing

Where the GDPR applies, we rely on: performance of our contract with you (to provide the Service); our legitimate interests (to secure, maintain, and improve the Service and prevent abuse), balanced against your rights; and your consent where it is specifically required. Merchants are responsible for the legal basis for any data they connect and process through the Service.

7. How We Use Data

We use data to provide and operate the Service: to authenticate accounts, ingest your product data, render designed images, generate and serve your catalog feed, respond to support requests, and to secure the Service and prevent abuse. We do not use your product data or connected-account tokens for any purpose other than operating the Service for you.

8. Data Sharing & Disclosure

We share data only with the sub-processors listed above, and only as needed to operate the Service, or where disclosure is required by law or to protect rights and safety. We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

9. International Transfers

The Service is operated using US-based processing. Where data is transferred from other regions, we rely on appropriate safeguards, such as standard contractual clauses where relevant. The specific transfer mechanism is a legal-review decision and will be confirmed at review.

10. Data Retention

We keep account and identity data for the life of the account. Rendered images remain in Cloudflare R2 while your account is active. When a connected store is removed, we purge that store's product data and its stored credential; the retention window for previously rendered image objects in R2 is an operator and compliance decision documented in the Phase 27 launch runbook rather than a fixed number invented here. Our operational error log retains only classified, opaque tokens and never raw personal data.

11. Security

Connected-account OAuth tokens are envelope-encrypted at rest under a platform key held outside the database. Tenants are isolated so one merchant cannot reach another's data, images, or feed. Inbound platform webhooks are verified by HMAC before any action. Secrets are read by name at runtime and are never written into code or logs.

12. Your Rights

Subject to applicable law, you have rights to access, correct, delete, port, restrict, and object to the processing of your personal data, and to withdraw consent where processing relies on it. You can exercise these rights, or ask a question, at /support. Where we act as a processor for a merchant, we will refer or assist with a data-subject request as that merchant directs.

13. Platform-Initiated Deletion

We honor platform-initiated erasure. Our compliance endpoint at /webhooks/shopify/compliance verifies and honors Shopify's customers/data_request, customers/redact, and shop/redact compliance webhooks, and we honor Meta's data-deletion path. Because Adorn stores no end-customer personal data, the customer webhooks are verified no-ops; shop/redact purges the shop's product data and its stored Shopify credential.

14. California Privacy (CCPA/CPRA)

If you are a California resident, you have the right to know the categories of personal information we collect and the purposes for using them, and the rights to delete, correct, and opt out. As stated above, we do not sell or share personal information for cross-context behavioral advertising, and we will not discriminate against you for exercising your rights. Requests can be made at /support.

15. No Third-Party Analytics or Trackers

The Service uses no third-party analytics, advertising trackers, or cross-site cookies. The only third parties involved are the sub-processors named in Section 5 — Cloudflare Turnstile (bot mitigation on the support form), Resend (email delivery), and the platforms you choose to connect (Shopify, Meta, DataFeedWatch) — and Clerk for authentication. We do not load Google Analytics or any comparable tracking script.

16. Children's Privacy

The Service is a business-to-business product for merchants and is not directed to children. We do not knowingly collect personal information from children.

17. Changes & Contact

We may update this Policy; the effective date at the top reflects the latest version, and material changes will be notified through the Service. Questions or requests can be sent to the controller, Outside Projects, at /support.