Privacy Policy
Effective: May 2026
Who we are
Andover 3D Photos is a small craft studio located in Andover, NY. We make custom lithophane portraits set in laser-cut wooden boxes. This policy explains what personal information we collect when you place an order, how it is used, and which third-party services receive it.
Information we collect
When you submit an order we collect the following information:
| Data | Purpose | Stored where |
|---|---|---|
| Full name | Order correspondence and shipping label | Our server database |
| Email address | Order confirmation and status updates | Our server database |
| Phone number | Optional — for follow-up if needed | Our server database |
| Mailing address (street, city, state, ZIP, country) | Shipping your finished order; calculating shipping cost and applicable sales tax | Our server database; transmitted to PayPal at checkout |
| Photo you upload | To create your lithophane | Our server filesystem |
| Inscription text | To engrave on your box | Our server database |
| Font choice | To render your inscription in the style you selected | Our server database |
| Power option (corded or rechargeable) | To build the correct product configuration | Our server database |
| Product / panel size | To build the correct product; to calculate shipping | Our server database |
| Order notes | Any special instructions you provide | Our server database |
| Order amounts (base price, shipping, sales tax, total) | Payment processing and receipts | Our server database; transmitted to PayPal at checkout |
We collect only the information needed to process, ship, and invoice your order. We do not sell, rent, or share your personal data with third parties for marketing purposes.
How your order data flows
Processing a custom order involves several services. Here is exactly what each one receives:
PayPal
When you pay for your order, our server creates a PayPal order via the PayPal Orders v2 API. The following data is transmitted to PayPal to create and capture your payment:
- Your full name and mailing address (pre-filled on the PayPal checkout form)
- Order total broken down into: item subtotal, shipping, and sales tax (where applicable)
- A plain-text order description including your panel size and box dimensions (used internally for shipping label preparation — no photo or inscription text is included)
Additionally, the PayPal JavaScript SDK is loaded directly from
paypal.com on your order status page when a payment is due. PayPal may set
its own cookies and collect browser data under its own
privacy policy.
Resend (email delivery)
Order confirmation and status-update emails are sent through Resend, a transactional email service. To deliver your email, your name, email address, and a summary of your order (size, power option, shipping amount, and sales tax if applicable) are transmitted to Resend. Resend's privacy policy governs that transmission. Your photo and inscription text are not included in emails.
USPS (shipping rate calculation)
To calculate live shipping rates we query the United States Postal Service shipping API. Only your destination ZIP code and the package’s dimensions and weight are sent — no name, address, photo, or other personal information is transmitted to USPS.
Google Fonts
If you preview inscription fonts during the order process, font stylesheets
may be loaded from fonts.googleapis.com. Google may log the request
under its own
privacy policy.
No personal data from your order form is sent to Google.
Sales tax
We are required to collect New York State sales tax on orders shipped to New York addresses. Your state and ZIP code are used to determine the applicable combined (state + county + city) rate. This calculation is performed on our server; no tax-related data is shared with outside parties beyond what is disclosed in the PayPal section above.
Cookies & browser storage
We do not use tracking or advertising cookies. The only browser storage this site uses is:
- localStorage — a single flag to remember that you have dismissed the privacy notice banner. No personal data is stored in localStorage.
- Session cookie — used exclusively by our password-protected admin portal. This cookie is never set for regular customers and expires after 24 hours.
PayPal may set additional cookies when its JavaScript SDK loads on the payment page. Those cookies are governed by PayPal’s privacy policy.
Data storage & security
All order data is stored in a secure database on our server. Your uploaded photos are stored on our server’s filesystem in a directory that is not publicly accessible. We use HTTPS for all communication between your browser and our server, and we apply standard security controls including rate limiting and cross-site request forgery protection on all form submissions.
Your unique order link contains a randomly generated token. Anyone with that link can view your order status, so treat it as you would any private URL.
Data retention
Your order data and uploaded photo are retained for as long as necessary to fulfil your order and handle any follow-up queries. You may request deletion of your data at any time by contacting us through the contact section of our website.
Your rights
You have the right to request access to, correction of, or deletion of your personal data. To exercise any of these rights, please contact us through the contact form.
Changes to this policy
If we make material changes to this policy we will update the effective date above. Continued use of our ordering service after any changes constitutes acceptance of the revised policy.
Contact
Questions about this policy? Reach us through the contact form.
© 2026 Andover 3D Photos. All rights reserved.
Return to Site