Privacy Policy

Last updated: March 2026

1. Who We Are

BrickHorse is operated by Nomad UV LLC, a Michigan-based company. We are the data controller for personal data collected through this website (brickhorse.nomaduv.com).

For privacy-related inquiries, contact us at [email protected].

2. Information We Collect

Information you provide directly:

Account information: Name, email address, and password when you create an account.
Order information: Shipping address, email address, and payment method selection. We do not store full credit card numbers — payment is processed directly by Stripe or PayPal.
Design data: Custom designs you create using our editor, including uploaded images and canvas configurations.
Communications: Messages you send us via email or support requests.

Information collected automatically:

Device and browser data: Browser type, operating system, screen resolution, and language preference.
Usage data: Pages visited, features used, and interactions with the site.
IP address: Used for fraud prevention, security, and approximate geolocation (country/region level).
Error data: If something goes wrong on the site, our error tracking service captures technical details about the error (not personal data) to help us fix issues.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Contract performance: Processing your order, managing your account, and delivering products you purchased.
Legitimate interest: Fraud prevention, site security, improving our services, and error monitoring.
Legal obligation: Tax records, accounting requirements, and responding to lawful requests.
Consent: Marketing communications (if applicable). You may withdraw consent at any time.

4. How We Use Your Information

To process, fulfill, and ship your orders
To send order confirmations and shipping notifications
To save your designs and account preferences
To prevent fraud and secure our platform
To monitor and fix errors on our website
To comply with tax and legal obligations
To respond to your inquiries and provide customer support

5. Third-Party Services and Data Sharing

We do not sell your personal information. We share data only with the following service providers, each of which processes data on our behalf under appropriate agreements:

Provider	Purpose	Data Shared
Stripe	Payment processing	Payment method, order amount, email, IP address
PayPal	Payment processing	Payment method, order amount, email
Resend	Transactional email delivery	Email address, order details
Sentry	Error monitoring	Error details, browser info, page URL (no personal data)
Hetzner	Website hosting	All data is stored on our Hetzner server (Germany)
Shipping carriers	Order delivery	Name, shipping address

We may also disclose information when required by law, to enforce our terms, or to protect the rights, property, or safety of our users.

6. International Data Transfers

Our servers are hosted in Germany (Hetzner). Some of our service providers (Stripe, PayPal, Sentry, Resend) are based in the United States. When your data is transferred outside the EEA, it is protected by appropriate safeguards including Standard Contractual Clauses (SCCs) as adopted by the European Commission, or the service provider's certification under recognized frameworks.

7. Cookies

We use the following types of cookies:

Essential cookies: Required for the site to function (session management, cart, authentication). These cannot be disabled.
Functional cookies: Remember your preferences (e.g., design editor settings).

We do not use advertising or third-party tracking cookies. You can manage cookie preferences in your browser settings, though disabling essential cookies will prevent checkout.

8. Data Retention

Order records: Retained for 7 years for tax and legal compliance.
Account data: Retained until you request deletion. Inactive accounts may be purged after 3 years of inactivity.
Design data: Retained as long as your account is active, or until you delete them.
Error logs: Retained for 90 days.

9. Your Rights

All Users

Regardless of your location, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data (subject to legal retention requirements)
Opt out of marketing communications

EEA, UK, and Swiss Residents (GDPR)

You additionally have the right to:

Data portability — receive your data in a machine-readable format
Restrict processing of your data
Object to processing based on legitimate interest
Lodge a complaint with your local Data Protection Authority

California Residents (CCPA/CPRA)

You additionally have the right to:

Know what categories of personal information we collect and the purposes for collection
Request deletion of your personal information
Non-discrimination — we will not treat you differently for exercising your rights

We do not sell personal information as defined by the CCPA. We do not use personal information for targeted advertising.

Canadian Residents (PIPEDA)

You have the right to access your personal information, challenge its accuracy, and withdraw consent to its collection, use, or disclosure.

To exercise any of these rights, email [email protected]. We will respond within 30 days.

10. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it promptly. (Note: The age threshold is 13 under US law (COPPA) and 16 under GDPR in certain EU member states. We apply the higher threshold.)

11. Security

We protect your data with industry-standard measures including HTTPS/TLS encryption for all connections, bcrypt password hashing, rate limiting on sensitive endpoints, input validation, and restricted server access. However, no method of electronic transmission or storage is 100% secure. If you discover a security vulnerability, please report it to [email protected].

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users or by a prominent notice on the website. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

Nomad UV LLC
Michigan, United States
[email protected]

Privacy Policy

Last updated: March 2026

1. Who We Are

BrickHorse is operated by Nomad UV LLC, a Michigan-based company. We are the data controller for personal data collected through this website (brickhorse.nomaduv.com).

For privacy-related inquiries, contact us at [email protected].

2. Information We Collect

Information you provide directly:

Account information: Name, email address, and password when you create an account.
Order information: Shipping address, email address, and payment method selection. We do not store full credit card numbers — payment is processed directly by Stripe or PayPal.
Design data: Custom designs you create using our editor, including uploaded images and canvas configurations.
Communications: Messages you send us via email or support requests.

Information collected automatically:

Device and browser data: Browser type, operating system, screen resolution, and language preference.
Usage data: Pages visited, features used, and interactions with the site.
IP address: Used for fraud prevention, security, and approximate geolocation (country/region level).
Error data: If something goes wrong on the site, our error tracking service captures technical details about the error (not personal data) to help us fix issues.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Contract performance: Processing your order, managing your account, and delivering products you purchased.
Legitimate interest: Fraud prevention, site security, improving our services, and error monitoring.
Legal obligation: Tax records, accounting requirements, and responding to lawful requests.
Consent: Marketing communications (if applicable). You may withdraw consent at any time.

4. How We Use Your Information

To process, fulfill, and ship your orders
To send order confirmations and shipping notifications
To save your designs and account preferences
To prevent fraud and secure our platform
To monitor and fix errors on our website
To comply with tax and legal obligations
To respond to your inquiries and provide customer support

5. Third-Party Services and Data Sharing

We do not sell your personal information. We share data only with the following service providers, each of which processes data on our behalf under appropriate agreements:

Provider	Purpose	Data Shared
Stripe	Payment processing	Payment method, order amount, email, IP address
PayPal	Payment processing	Payment method, order amount, email
Resend	Transactional email delivery	Email address, order details
Sentry	Error monitoring	Error details, browser info, page URL (no personal data)
Hetzner	Website hosting	All data is stored on our Hetzner server (Germany)
Shipping carriers	Order delivery	Name, shipping address

We may also disclose information when required by law, to enforce our terms, or to protect the rights, property, or safety of our users.

6. International Data Transfers

7. Cookies

We use the following types of cookies:

Essential cookies: Required for the site to function (session management, cart, authentication). These cannot be disabled.
Functional cookies: Remember your preferences (e.g., design editor settings).

We do not use advertising or third-party tracking cookies. You can manage cookie preferences in your browser settings, though disabling essential cookies will prevent checkout.

8. Data Retention

Order records: Retained for 7 years for tax and legal compliance.
Account data: Retained until you request deletion. Inactive accounts may be purged after 3 years of inactivity.
Design data: Retained as long as your account is active, or until you delete them.
Error logs: Retained for 90 days.

9. Your Rights

All Users

Regardless of your location, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data (subject to legal retention requirements)
Opt out of marketing communications

EEA, UK, and Swiss Residents (GDPR)

You additionally have the right to:

Data portability — receive your data in a machine-readable format
Restrict processing of your data
Object to processing based on legitimate interest
Lodge a complaint with your local Data Protection Authority

California Residents (CCPA/CPRA)

You additionally have the right to:

Know what categories of personal information we collect and the purposes for collection
Request deletion of your personal information
Non-discrimination — we will not treat you differently for exercising your rights

We do not sell personal information as defined by the CCPA. We do not use personal information for targeted advertising.

Canadian Residents (PIPEDA)

You have the right to access your personal information, challenge its accuracy, and withdraw consent to its collection, use, or disclosure.

To exercise any of these rights, email [email protected]. We will respond within 30 days.