allover.art
WomenMenKidsAbstractAnimalsFloralHolidaysFoodCatsNatureOcean

Privacy policy

Effective Date: 2026-05-05 · Last Updated: 2026-05-05

allover.art ("we," "us," "our") operates the website allover.art and provides made-to-order premium cotton apparel with all-over prints. We respect your privacy. This policy explains what information we collect, how we use it, how we protect it, and your rights.

1. Who we are

allover.art is a global on-demand creative platform for premium all-over-print cotton apparel.

The data controller for this Privacy Policy is:

Foreign Enterprise Limited Liability Company "SIFROVAYA FABRIKA" (FE LLC "SIFROVAYA FABRIKA")
TIN: 312 312 696
Registered address: Tashkent Region, Chirchiq City, Shodlik MFY, 1-uy, Republic of Uzbekistan
State registration: certificate № 2893288 dated 28 July 2025
Director General: Andrey Yurevich Perepechenkov

Contact:

2. Information we collect

2.1. Information you give us directly

  • Account data: name, email, password (stored as a salted hash), shipping address, phone (if provided).
  • Order data: what you ordered, recipient, date, amount.
  • Payment data: processed by OktoBank (our primary acquiring partner). Card details never touch our servers — we store only the masked card identifier (last 4 digits, brand) and the transaction ID.
  • Correspondence: anything you send us by email, chat, or web form.

2.2. Information collected automatically

  • Technical data: browser type, device type, IP address, pages visited, approximate location (country / region based on IP).
  • Cookies and similar technologies for session management, cart persistence, and site analytics (see Section 7).

2.3. Information from third-party integrations we operate

Meta Platforms (Instagram, Facebook): we operate a Meta Developer App ("Allover.art Insights," App ID 739416749165633) that reads analytics from Instagram and Facebook business accounts that allover.art owns and operates (such as @we.allover.art and @allover.art).

This integration only fetches:

  • Follower counts of our own accounts.
  • Post and reel performance metrics (reach, impressions, engagement) of our own content.
  • Aggregated, anonymized audience demographics (age range, gender split, country, city) of our own audiences.

We do not collect direct messages, private user content, or data from Meta accounts we do not own.

3. How we use your information

  • Fulfill your orders and communicate about them.
  • Provide customer support.
  • Send order confirmations and, if you opt in, marketing updates (you can unsubscribe at any time).
  • Operate, maintain, and improve the website.
  • Analyze the performance of our own social-media presence via Meta Platforms (our Meta App).
  • Process payments and prevent fraud.
  • Comply with legal, tax, and accounting obligations.

4. Legal bases for processing (GDPR)

Where GDPR applies (Customers in the EU and UK), we process your data on the following legal bases:

Purpose Legal basis
Order fulfillmentPerformance of contract (Article 6(1)(b))
Account creation and managementPerformance of contract (Article 6(1)(b))
Payment processing and fraud preventionLegal obligation (Article 6(1)(c)) and legitimate interest (Article 6(1)(f))
Marketing emailsConsent (Article 6(1)(a))
Site analytics and improvementLegitimate interest (Article 6(1)(f))
Tax and accounting records retentionLegal obligation (Article 6(1)(c))
Customer supportPerformance of contract (Article 6(1)(b))

5. Data sharing — who we share with

We do not sell your personal data. We share your data with third parties only in strictly limited scope:

  • Payment processors (OktoBank — primary acquiring partner) — to process payment, governed by their own PCI-DSS compliance and privacy policies.
  • Shipping carriers (DHL, USPS, local operators) — only address and recipient name for delivery.
  • Hosting and infrastructure providers — for technical operation of the website.
  • Email service providers — for transactional and marketing emails.
  • Analytics providers — only aggregated, anonymized usage data.
  • Meta Platforms (Instagram, Facebook) — only for our own social-media analytics; governed by Meta's policies: facebook.com/privacy/policy.
  • Government authorities — pursuant to mandatory legal requests (subpoena, court order, regulatory inquiry).

All third-party processors are bound by data-protection agreements that meet GDPR Article 28 standards (or local equivalent).

6. Retention

  • Customer accounts and order records: for as long as you have an active account, plus up to 7 years after the last activity for tax and accounting compliance.
  • Marketing contacts: until you unsubscribe, then deleted within 30 days.
  • Support correspondence: up to 3 years after the case is closed.
  • Data from Meta Platforms integration: up to 180 days, after which it is aggregated into statistical snapshots or deleted.
  • Analytics logs: up to 14 months.
  • Payment records (transaction IDs, masked card data): 7 years for tax and chargeback reconciliation.
  • Server access logs: 90 days.

7. Cookies and analytics

Our website uses cookies for the following purposes:

  • Strictly necessary: session management, cart persistence, security tokens. Cannot be disabled.
  • Functional: language preference, region selection, recently viewed items.
  • Analytics: aggregated traffic measurement (privacy-conscious analytics).
  • Marketing: only with your consent — to measure ad performance and audience reach.

You can disable non-essential cookies in our cookie banner or your browser settings. See our full Cookie Policy for details.

8. Your rights

Regardless of where you live, we try to respect the following rights wherever legally possible. Specific protections vary by jurisdiction:

8.1. Universal rights (we offer these globally)

  • Access — obtain a copy of personal data we hold about you.
  • Correction — ask us to correct inaccurate or incomplete data.
  • Deletion — ask us to delete your personal data (subject to legal retention obligations). See data-deletion instructions.
  • Portability — request an export in a machine-readable format.
  • Restriction / objection — ask us to stop or limit certain processing.
  • Withdraw consent — where processing is based on consent.

8.2. GDPR-specific rights (EU / UK)

You also have the right to lodge a complaint with your national data-protection authority. For UK Customers — the Information Commissioner's Office (ico.org.uk).

8.3. CCPA-specific rights (California)

California residents have specific rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect, use, and disclose.
  • Right to delete personal information (subject to legal exceptions).
  • Right to opt-out of the sale or sharing of personal information.
  • Right to non-discrimination for exercising CCPA rights.

We do not sell personal information. To exercise CCPA rights, see /do-not-sell/ or email privacy@allover.art.

8.4. How to exercise your rights

Email privacy@allover.art with the subject line "Privacy Request" and a description of your request. We will:

  • Verify your identity (typically by email matching the account on file).
  • Respond within 30 calendar days (extendable by 60 more days for complex requests, with notice).
  • Provide the requested information or action at no cost (one free request per 12 months; reasonable fee may apply for excessive or manifestly unfounded requests).

9. International transfers

Your data may be processed in countries where allover.art or its service providers operate, including Uzbekistan, the United States, and the European Union. We ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) with processors located outside the EEA / UK.
  • Adequacy decisions where the European Commission has determined the destination provides adequate protection.
  • Contractual confidentiality and security obligations with all third-party processors.

10. Security

We apply industry-standard measures:

  • Encrypted transport (TLS 1.3).
  • Encrypted storage of sensitive data (AES-256 at rest).
  • Role-based access control (RBAC) with multi-factor authentication for administrative access.
  • API-credential rotation on a defined schedule.
  • Regular vulnerability scanning and annual third-party penetration tests.
  • Audit logging of access to sensitive data, retained for at least 12 months.

For details on payment-specific security measures, see our Payment Security page.

No system is 100% secure. We encourage you to use a strong unique password and to notify us immediately at security@allover.art of any suspicious activity on your account.

11. Children

Our services are not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, please email privacy@allover.art and we will delete it promptly.

12. Automated decision-making

We do not use automated decision-making (in the sense of GDPR Article 22) that produces legal or similarly significant effects on Customers. Fraud-screening systems may automatically decline a transaction at the payment gateway level — in such cases, the Customer can contest by contacting hello@allover.art.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent changes. If we make material changes, we will notify you via the website or by email (where appropriate) at least 14 days before the change takes effect.

14. Contact

allover.art
Privacy email: privacy@allover.art
Data deletion: datadeletions@allover.art
Security: security@allover.art
General: hello@allover.art
Meta-related: fb@allover.art


Related documents:

Effective Date: 2026-04-22 · Last Updated: 2026-04-22

allover.art ("we," "us," "our") operates the website allover.art and provides made-to-order premium cotton apparel with all-over prints. We respect your privacy. This policy explains what information we collect, how we use it, how we protect it, and your rights.

1. Who We Are

allover.art is a global on-demand creative platform for premium all-over-print cotton apparel.

Contact:

2. Information We Collect

a. Information you give us directly

b. Information collected automatically when you visit the website

c. Information from third-party integrations we operate

Meta Platforms (Instagram, Facebook): we operate a Meta Developer App ("Allover.art Insights," App ID 739416749165633) that reads analytics from Instagram and Facebook business accounts that allover.art owns and operates (such as @we.allover.art and @allover.art). This integration only fetches: follower counts, post and reel performance metrics, and aggregated, anonymized audience demographics (age range, gender split, country, city) for our own accounts. We do NOT collect direct messages, private user content, or data from accounts we do not own.

3. How We Use Your Information

We do not sell your personal data. We do not share it with third parties except with trusted service providers who help us deliver the service (payment processors, shipping carriers, hosting) and only under strict data-protection agreements.

4. Retention

5. Your Rights

Regardless of where you live, we try to respect the following rights wherever legally possible:

To exercise any of these rights email info@allover.art with the subject line "Privacy Request" and we will respond within 30 days.

6. Cookies and Analytics

Our website uses cookies to keep you logged in, remember your cart, and understand site usage. You can disable cookies in your browser settings, but some parts of the site may not work.

We use privacy-conscious analytics to measure traffic. Where applicable, analytics data is aggregated and does not identify individual users.

7. Third-Party Services

8. International Transfers

Your data may be processed in countries where allover.art or its service providers operate. We ensure appropriate safeguards, such as standard contractual clauses, where required by law.

9. Security

We apply industry-standard measures: encrypted transport (TLS), encrypted storage of sensitive data, role-based access control, API-credential rotation, and regular security reviews. No system is 100% secure, and we encourage you to use a strong unique password and to notify us immediately of any suspicious activity on your account.

10. Children

Our services are not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent changes. If we make material changes, we will notify you via the website or by email where appropriate.

12. Contact

allover.art
Email: info@allover.art
Meta-related inquiries: fb@allover.art