Privacy Policy

Information you provide directly:

• Account registration details (name, email address, password)
• Shipping and billing addresses
• Payment information (processed securely by Stripe — we never store card numbers)
• Order history and purchase preferences
• Custom artwork submissions and design requests
• Messages sent through our contact form
• Product reviews and ratings you submit
• Newsletter subscription preferences

Information collected automatically:

• IP address and approximate geographic location
• Browser type, device type, and operating system
• Pages visited, time spent, and navigation paths on our site
• Referring URLs and search terms used to find us
• Session cookies required for shopping cart functionality

We use the information we collect to:

• Process and fulfill your orders, including shipping notifications
• Create and manage your account
• Send transactional emails (order confirmations, shipping updates, return status)
• Send marketing communications, where you have opted in
• Respond to customer service inquiries
• Detect and prevent fraud and unauthorized account access
• Improve our website, product catalog, and overall shopping experience
• Comply with our legal obligations
• Run analytics to understand how visitors interact with our store

We rely on contract performance (Art. 6(1)(b) GDPR) as our legal basis for processing orders, and legitimate interest or consent for marketing and analytics.

We use the following categories of cookies:

We do not sell your personal data. We share your data only with trusted service providers who help us operate our business:

All third-party providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

We retain your data for the following periods:

• Account data: Until you delete your account, plus 30 days for recovery
• Order records: 7 years (required for tax and accounting compliance)
• Marketing consent: Until you unsubscribe
• Contact form messages: 12 months
• Analytics data: 14 months (Google Analytics default)

Order records are kept beyond account deletion due to legal tax obligations.

Depending on your location, you may have the following rights:

You can exercise your rights by:

• Deleting your account — go to Account Settings and use the “Delete Account” section (fulfills right to erasure).
• Updating your data — edit your profile in Account Settings.
• Unsubscribing from marketing — use the unsubscribe link in any email, or manage preferences in Account Settings → Email Preferences.
• Other requests — contact us at privacy@outfitridge.com. We will respond within 30 days.

We protect your data using industry-standard measures including TLS encryption for all data in transit, bcrypt password hashing, row-level security policies on our database, and least-privilege access controls. Payment card data is never stored on our servers — all payments are handled by Stripe's PCI-DSS certified infrastructure.

Despite these measures, no internet transmission is 100% secure. If you suspect your account has been compromised, please contact us immediately.

Our services are hosted in the United States. If you are located in the European Economic Area (EEA), the United Kingdom, or other regions with data transfer restrictions, your personal data may be transferred to and processed in the US. We ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) where required.

Our website is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

For any privacy-related questions or to exercise your rights, contact our Data Controller:

If you are in the EU/UK and are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority).

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated via email to registered account holders or a prominent notice on our website at least 30 days before the changes take effect. The “Last updated” date at the top of this page always reflects the most recent version.