Side-Eye Co.

Who we are

Side-Eye (the “Service,” “we,” “us”) is a brand operated by Sawary Trading LLC, a Wyoming limited liability company with its registered office at 30 N Gould St Ste R, Sheridan, WY 82801, United States. When this policy says “we,” we mean Sawary Trading LLC operating the Side-Eye brand.

This policy explains what personal data we collect when you visit side-eye.co or use our products, why we collect it, who we share it with, and what choices you have. It applies whether you visit the site, create an account, place an order, sign up for our newsletter, or contact us.

What we collect

Account information

Email address (for sign-in and order communication)
Phone number (only if you choose to verify your phone for the +3 credit grant; see Texts below)
A pseudo-random user identifier (so we can attach orders and credits to you)

Order information

Shipping address you provide at checkout (passed to Shopify and our print partner Printify so they can ship the thing you ordered)
Order history, credit-pack purchases, and the inputs you supplied to generate the personalized item (names, captions, themes, photos)

Payment information: We do not collect, store, or process credit-card data on our servers. Payments go directly to Stripe (for credit packs and re-rolls) and to Shopify (hosting our checkout). We receive only a non-sensitive token, the order amount, and the last four digits of the card for receipts.

Generated content

Photos you upload as input to a portrait engine (stored temporarily in encrypted Cloudflare R2 storage)
The AI-generated text and image outputs we produce on your behalf
The composed final deliverable (PDF, PNG, or print file) sent to fulfillment

Technical data

Pages visited and approximate location (country, city), via Plausible, a privacy-friendly, cookieless analytics service that does not track individuals across sites or sessions
Error logs and performance traces (via Sentry and Axiom), which may include your user identifier and the URL you were on when an error occurred, but do not include your inputs

Why we collect it

To run the Service. Sign you in, deliver your order, send you transactional emails (order confirmations, shipping updates, password / magic-link emails)
To verify identity. Email magic-link verification (Supabase Auth) and optional phone OTP verification (Twilio Verify) protect your account and prevent abuse
To process payments. Stripe and Shopify need billing details to charge cards and remit funds
To prevent abuse. Rate-limiting, fraud signals, and image moderation (Hive) protect the Service from misuse
To improve the Service. Aggregated, anonymized usage helps us tune prompts, eras, and SKUs
To send marketing email, only if you have opted in (you can opt out at any time)

Who we share it with

We share data only with vendors we have engaged to operate the Service. Each is contractually limited to processing data on our behalf for the purposes listed:

Supabase— identity, account database, file storage
Twilio— transactional SMS for phone verification (one-time codes only)
Klaviyo— marketing email (only if you opt in)
Resend— transactional email (order receipts, shipping updates, magic-link sign-in)
Stripe— payment processing for credit packs and re-rolls
Shopify— hosted checkout and order management for physical goods
Printify— printing and fulfillment of your physical order; receives your shipping address and the final print file only
Cloudflare— CDN, R2 object storage, DNS
Vercel— web hosting
Anthropic— AI text generation and content moderation
Google AI— AI image generation (Nano Banana Pro)
Replicate— image upscaling for large-format prints
Hive Moderation— image safety review
Sentry and Axiom— error tracking and structured logs
Plausible— cookieless analytics
Inngest and Upstash— async job queue and rate limiting

We may also disclose data when required by law (court order, subpoena, regulatory request) or to protect the rights, property, or safety of Side-Eye, our users, or others.

We do not sell your personal data to anyone. Ever.

What we don’t do, ever

We do not sell or share your mobile phone number, SMS opt-in data, or SMS consent records with third parties or affiliates for marketing purposes. Phone numbers and verification data stay strictly with us and our verification provider (Twilio) for the sole purpose of verifying your account.

We do not run third-party advertising trackers. We do not use Google Analytics, Facebook Pixel, or any cross-site behavioral advertising network. We do not sell, rent, or trade your email address.

We do not use your generated content (the personalized portrait you commissioned) for marketing without first anonymizing it (PII redacted), and we never use a named or identifiable customer’s creation in a Hall of Fame or testimonial feature without their separate explicit opt-in.

How long we keep it

Uploaded input photos: deleted from R2 within 90 days of order fulfillment, or sooner if you ask
Generated output files: retained as part of your order history so you can re-download or request replacements (per Printify replacement policy); you may request deletion at any time
Account data: kept for as long as your account is active, plus a reasonable period after closure for legal, tax, and dispute-resolution purposes (typically up to 7 years for tax records)
Analytics events: retained for up to 24 months in aggregated form
Error logs: retained for up to 90 days

Your rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data, to object to certain processing, or to withdraw consent for marketing. Specifically:

EU / UK residents (GDPR): rights of access, rectification, erasure, restriction, portability, and objection. You may also lodge a complaint with your supervisory authority
California residents (CCPA / CPRA):rights to know, delete, correct, and opt out of any sale or sharing of personal information (we don’t sell, but the right applies). California residents may also designate an authorized agent to make a request
Other US residents(Wyoming, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, etc.): rights under your state’s privacy law where applicable

To exercise any of these rights, email privacy@side-eye.co. We will respond within the timeframe required by law (typically 30 days). We may need to verify your identity before fulfilling certain requests.

About cookies

We use a small number of strictly necessary cookies to keep you signed in and to remember your cart. We do not use tracking, advertising, or third-party social cookies. Plausible, our analytics provider, does not use cookies and does not collect any personal data; it counts page views aggregated by URL, referrer, and country only.

If you’re under 16

Side-Eye is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. You must be at least 16 to create an account and at least 18 to make a purchase. If you believe a minor has provided us with personal data, please email privacy@side-eye.co and we will delete it promptly.

International transfers

Side-Eye is operated from the United States. If you access the Service from outside the US, your data will be transferred to and processed in the US and other countries where our vendors operate. We rely on Standard Contractual Clauses or other lawful transfer mechanisms where required.

Security

We use industry-standard safeguards (TLS in transit, encryption at rest, access controls, audit logging) to protect your data. No system is perfect; if a breach affects you, we will notify you and the relevant regulators as required by law.

When this changes

We may update this policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. For material changes, we will post a notice on the site or email registered users at least 14 days before the change takes effect. Continued use of the Service after the change constitutes acceptance.

Get in touch

Privacy questions: privacy@side-eye.co
Mail: Sawary Trading LLC, 30 N Gould St Ste R, Sheridan, WY 82801, USA