Privacy Policy

Last updated: May 2026

Welcome to Ecilor. We respect your privacy and believe in keeping things simple and transparent. This policy explains what data we collect when you use our website and how we treat it.

Note: Ecilor is currently in a pre-launch period. Purchases are paused while we finish the weaving machine. The only data flow currently active is the reservation flow described below.

1. What data we collect and why

• Image generation (preview): When you click "Generate", your cropped photo is sent securely to our servers, processed in memory to compute the string pattern, and the pattern is sent back to your browser. The photo itself is not retained at this step.
• Reservation (save your design): When you submit the reservation form, we save the following so we can email you a copy and weave your piece when production starts: your email address, the cropped photo you generated from, the computed string-art design, and a rendered preview image of that design. We also record the time, your browser locale, and the referrer/URL parameters used to reach the site (used to understand which channels work).
• Build updates (optional): Only if you tick the "send me build updates" box, we add your email to a separate list used for occasional progress emails. This consent is separate from saving your design and you can withdraw it at any time by replying to any update email or contacting us.
• Checkout (paused): When purchases resume, completing checkout will also collect your name and shipping address (handled by Stripe for payment).

2. How long we keep your data

• Reservations: We keep your saved design (email, photo, design data, preview) for up to 24 months. After that it is automatically and permanently deleted unless you have placed an order in the meantime or asked us to keep it longer.
• Build-update list: Until you unsubscribe or ask us to remove you.
• Abandoned checkouts (when purchases resume): Design data kept temporarily for 3 days, then automatically deleted.
• Completed orders (when purchases resume): Design data kept for 30 days after delivery for support. Shipping and order details are kept longer as required by Swedish tax and accounting law.

3. Lawful basis for processing

• Saving your reservation — we process your data because you have explicitly asked us to (performance of a service you requested, GDPR Art. 6(1)(b)).
• Build update emails — your explicit consent, given by ticking the box (GDPR Art. 6(1)(a)). You can withdraw it at any time.
• Order fulfillment (when purchases resume) — performance of the sales contract.
• Tax and accounting records — legal obligation under Swedish law.

4. Who we share your data with

We do not sell your data. We only share it with trusted partners required to run our business:

• AWS (Amazon Web Services): Where the website, database, images, and outbound emails (Amazon SES) are securely hosted.
• Stripe: Our payment processor for when checkout resumes. They handle payment data; we never see your full card details.
• Shipping carriers: We share your address with delivery companies to get your art to your door (only relevant once an order is placed).

5. Security

All data sent between your browser and our servers is encrypted in transit. Your saved designs, photos, and personal details are stored encrypted at rest using industry-standard encryption.

6. Your rights

Under the GDPR you have the right to ask us what personal data we hold about you, request a copy of it, ask us to correct it, ask us to delete it, or withdraw consent for the build-update list at any time. If you'd like to exercise any of these rights, or have any questions, please contact us at contact@ecilor.se. Deletion requests are typically processed within 7 days and cover the database row, the stored photo, the stored design data, and the stored preview image.