PRIVACY POLICY
Last updated: July 1, 2025
1. WHO WE ARE
Rurban (“Company,” “we,” “us,” or “our”) operates www.rurban.com
and associated sub-domains, web apps and plug-ins (collectively, the “Site”) through which creators license digital images and customers purchase licenses to apply those images to physical products such as apparel, wallpaper, and other merchandise (the “Marketplace”).
For data protection laws in the EEA, UK, or similar jurisdictions, we are the “controller” of the personal data we collect.
2. SCOPE
This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you:
- visit or use the Site;
- create an account, list content, or make a purchase; or
- otherwise interact with us (e.g., customer support, social media, events).
It does NOT cover third-party websites or services that we do not control, including physical printing partners to whom you may direct us to ship products.
3. THE INFORMATION WE COLLECT
A. Information you provide directly
- Account Data – name, username, password, email, phone, mailing/billing address, preferred currency.
- Transaction Data – items licensed or purchased, license terms selected, payment amount, time and date, shipping instructions.
- Content Data – portfolio images, metadata, descriptions, search tags, and any comments or messages.
- Support and Comms – information you send us in support tickets, survey responses, beta feedback, or dispute resolution.
- Marketing Preferences – opt-ins/opt-outs, preferred communication channels.
B. Information we collect automatically
- Device and Usage Data – IP address, browser type/version, device identifiers, referring pages, pages visited, time spent, links clicked.
- Cookies and Similar Tech – first-party cookies, session replay tools, and Google Analytics tags (see Section 7).
- Log Files – error logs and audit trails (e.g., successful/failed logins).
- Location Data – approximate location derived from IP address.
C. Information from third parties
- Payment Processors – limited card information (last four digits, expiry), fraud indicators, and payment confirmations from Stripe, PayPal, or similar.
- Social/Single Sign-On – if you connect via Google, Apple, or similar SSO, we receive your name, email, and profile picture (per your permissions).
- Marketing Partners – opt-in lead lists, event attendance lists, or referral program data.
We combine the information above for the purposes described below.
4. PURPOSES & LEGAL BASES
We process personal information for:
a) Providing the Service
- Create and manage accounts, authenticate users, facilitate listings and purchases, issue license certificates, provide shipping integrations.
- Legal basis: contract performance; legitimate interests.
b) Payments & Fraud Prevention
- Process transactions; detect, investigate, and prevent fraudulent activity, abuse, or security incidents.
- Legal basis: contract performance; legitimate interests; legal obligations.
c) Analytics & Product Improvement
- Monitor usage, debug, analyze trends, improve content discovery, develop new features, optimize user interface.
- Legal basis: legitimate interests; consent (where cookies require it).
d) Marketing & Communications
- Send administrative messages, newsletters, promotional offers, surveys or contests.
- Legal basis: consent (email/SMS marketing); legitimate interests.
e) Legal & Compliance
- Comply with applicable laws, tax, bookkeeping and licensing requirements; respond to lawful requests; enforce our Terms of Service.
- Legal basis: legal obligations; legitimate interests; defend legal claims.
5. HOW WE SHARE INFORMATION
We disclose personal information only as follows:
- Service Providers – hosting (AWS), analytics (Google), email/SMS (SendGrid, Twilio), payment processors, KYC tools, customer-support platforms, printing and fulfillment partners (only when you order physical products).
- Other Users – when a creator lists an image, the user name or studio name you choose to display becomes publicly viewable. For buyers, order number and license details are shared with the selling creator.
- Business Transfers – in connection with an acquisition, merger, or financing, subject to customary confidentiality safeguards.
- Legal/Regulatory – if required by subpoena, court order, or to protect rights, safety, or property of the Company, our users, or others.
- With Consent – any other disclosures you explicitly authorize.
We do not “sell” or “share” (for cross-context behavioral advertising) personal information as those terms are defined under the California Consumer Privacy Act, nor do we allow Google Analytics to combine our users’ data with data from other sites.
6. DATA RETENTION
We retain personal information for as long as necessary to:
- fulfill the purposes described above;
- comply with legal, accounting, or reporting obligations (e.g., tax and license audits up to 7 years); and
- resolve disputes or enforce contracts.
When retention is no longer required, we will delete or anonymize data in a commercially reasonable time.
7. COOKIES & TRACKING TECHNOLOGIES
We use:
- Essential cookies – required to log in and place orders.
- Analytics cookies – Google Analytics 4 for aggregated metrics and cohort analysis. Google stores data in the United States; IP addresses are truncated in the EEA.
- Functional cookies – remember preferences such as language and currency.
- Optional marketing cookies – only if you opt in.
You can control cookies via your browser settings. EU/UK visitors will see a consent banner that allows granular cookie choices.
Google Analytics opt-out: https://tools.google.com/dlpage/gaoptout
8. INTERNATIONAL DATA TRANSFERS
We are headquartered in the United States. If you access the Service from the EEA, UK, or Switzerland, your personal data will be transferred to the U.S. and potentially other countries that may not offer the same level of data protection. We rely on at least one of the following safeguards:
- European Commission Standard Contractual Clauses (SCCs) and UK Addendum;
- adequacy regulations (e.g., U.K.’s “adequate” findings); or
- derogations such as contract performance.
9. YOUR PRIVACY RIGHTS
A. EEA/UK Residents
- Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
- To exercise, email info@rurban.com with “GDPR Request” in the subject line.
- You may lodge a complaint with your local supervisory authority.
B. California Residents
- Right to know, delete, correct, and opt out of certain data uses.
- Submit a verified request via info@rurban.com
- Authorized agents may act on your behalf with written permission.
- We do not discriminate against you for exercising any CCPA rights.
C. Other Jurisdictions
We will honor additional rights provided by applicable law (e.g., Virginia, Colorado, Quebec Bill 64).
10. CHILDREN’S PRIVACY
The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from minors. If we learn we have done so, we will delete it promptly.
11. SECURITY
We employ administrative, technical, and physical safeguards reasonably designed to protect personal information, including:
- TLS 1.2+ encryption in transit;
- AES-256 encryption at rest;
- segmented production networks;
- least-privilege access controls;
- two-factor authentication for employees; and
- annual penetration testing.
No system is 100% secure; users should also keep passwords confidential and log out of shared devices.
12. CHANGES TO THIS PRIVACY POLICY
We may update this policy from time to time. Material changes will be announced by:
- revising the “Last updated” date above; and
- emailing account holders or posting a banner on the Site at least 15 days before the new terms take effect (unless a shorter period is required by law).
Continued use of the Service after the effective date constitutes acceptance of the revised policy.
13. CONTACT US
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us:
© 2025 Rurban. All rights reserved.