Privacy Policy

Effective Date: April 17, 2026
Last Updated: April 17, 2026

1. Data Controller

Absolute Ama (doing business as Art of Ama)
Email: [email protected]
Address: PO BOX 4829, CHICO, CA 95928, United States
Website: artofama.com

We are the Data Controller responsible for your personal data processed through our website and e-commerce operations.

2. Information We Collect

We collect and process the following categories of personal data:

• Identity Data: Name, username, or similar identifier
• Contact Data: Billing address, shipping address, email address, telephone number
• Financial Data: Payment card details (processed securely via Stripe; we do not store complete card numbers)
• Transaction Data: Details about purchases you make, order history, shipping confirmations
• Technical Data: IP address, browser type and version, time zone setting, browser plug-in types, operating system, and platform (collected via WordPress and SureCart analytics)
• Usage Data: Information about how you use our website, products, and services
• Marketing Data: Your preferences in receiving marketing communications and engagement data
• Tracking Data: Information collected via Meta Pixel regarding your browsing behavior and interactions with our advertisements

3. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Performance of a Contract: Processing necessary to fulfill your orders, process payments, and deliver artwork (Art. 6(1)(b) GDPR)
• Legitimate Interests: Website security, fraud prevention, and service optimization (Art. 6(1)(f) GDPR)
• Consent: Marketing communications, email subscriptions via MailPoet, and Meta Pixel tracking for advertising purposes (Art. 6(1)(a) GDPR). You may withdraw consent at any time.
• Legal Obligation: Tax records, accounting requirements, and regulatory compliance (Art. 6(1)(c) GDPR)

4. How We Use Your Data

We use your personal data for the following purposes:

• Order Fulfillment: Processing transactions through SureCart and Stripe, creating shipping labels via PirateShip, and delivering physical artwork to your specified address
• Website Operation: Hosting your data on Hetzner servers to maintain site functionality and security
• Communication: Sending order confirmations, shipping updates, and responding to inquiries
• Marketing: Sending promotional materials via MailPoet (only with your explicit consent)
• Advertising: Using Meta Pixel to measure ad effectiveness and deliver relevant advertisements on Meta platforms (Facebook/Instagram)
• Legal Compliance: Maintaining records for tax and accounting purposes required by California and federal law

5. Data Sharing and Third Parties

We share your data with the following categories of processors:

• SureCart: E-commerce platform processing your order data and account management
• Stripe: Payment processing services (PCI-DSS compliant)
• PirateShip: Shipping fulfillment and label generation (address data shared)
• Hetzner: Web hosting and data storage services
• MailPoet: Email marketing and newsletter distribution (email addresses only with consent)
• Meta Platforms, Inc.: Advertising analytics and pixel tracking services

All third-party processors are bound by contractual obligations requiring appropriate technical and organizational measures to protect your data in compliance with GDPR Article 28.

6. International Data Transfers

Your data is stored on servers operated by Hetzner Online GmbH, a German company with data centers in Germany, Finland, and the United States.

• EU Residents: Data may be transferred to our hosting infrastructure within the European Economic Area (EEA) or to the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure GDPR-compliant transfers to the US for processing by Stripe, PirateShip, and Meta.
• UK Residents: We implement appropriate safeguards under UK GDPR through Standard Contractual Clauses and the UK Addendum.

7. Data Retention

We retain your personal data only as long as necessary for the purposes stated:

• Order Information: Retained for 7 years to comply with tax and accounting regulations (IRS requirements)
• Marketing Data: Retained until you withdraw consent or unsubscribe via MailPoet
• Account Data: Retained while your account remains active; deleted upon request unless legal obligations require retention
• Tracking Data: Retained by Meta Pixel for up to 2 years, subject to Meta’s data policies

8. Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

• Right to Access: Request copies of your personal data (Art. 15)
• Right to Rectification: Request correction of inaccurate data (Art. 16)
• Right to Erasure: Request deletion of your data (“Right to be Forgotten”) (Art. 17)
• Right to Restrict Processing: Request limitation of processing under certain conditions (Art. 18)
• Right to Data Portability: Receive your data in a structured, machine-readable format (Art. 20)
• Right to Object: Object to processing based on legitimate interests or direct marketing (Art. 21)
• Right to Withdraw Consent: Withdraw consent at any time without affecting the lawfulness of prior processing

To exercise these rights, contact us at [email protected]. We respond to all requests within 30 days as required by GDPR.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies:

• Essential Cookies: Required for SureCart checkout functionality and WordPress security (session management)
• Analytics Cookies: Meta Pixel tracks page views, add-to-cart events, and purchases for advertising optimization
• Preference Cookies: Store your language and currency preferences

You can manage cookie preferences through your browser settings. For Meta Pixel opt-out, visit Meta’s ad preferences page.

10. Data Security

We implement appropriate technical measures to protect your data:

• SSL/TLS encryption for all data transmission
• SureCart’s secure checkout environment (PCI-DSS compliant)
• Hetzner’s ISO 27001 certified data centers
• Regular WordPress security updates and access controls
• Pseudonymization of tracking data where possible

Despite these measures, no internet transmission is completely secure. We cannot guarantee absolute security but commit to notifying you and relevant authorities of any data breaches within 72 hours as required by GDPR Article 33.

11. Children’s Privacy

Our website is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, contact us immediately at [email protected] for deletion.

12. California Residents (CCPA)

Under the California Consumer Privacy Act, California residents have rights to:

• Know what personal information is collected
• Delete personal information (subject to exceptions for order fulfillment and legal compliance)
• Opt-out of sale of personal information (we do not sell your data)
• Non-discrimination for exercising privacy rights

To exercise CCPA rights, email [email protected].

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. Material changes will be posted on this page with an updated “Last Updated” date. For significant changes, we will notify you via email or prominent website notice.

14. Contact Information

For privacy-related inquiries, data subject requests, or concerns about our data practices:

Data Controller:
Absolute Ama (Art of Ama)
PO BOX 4829
CHICO, CA 95928
Email: [email protected]

EU Representative (if required):
If you are in the EU and require a local representative for GDPR purposes, contact us at the address above for current representative details.

By using artofama.com, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and international transfer of your personal data as described herein.