Privacy Policy

Last updated: February 2026

At PAINT2FIX LLC ("Paint2Fix", "we", "us" or "our"), we are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store and share your personal information when you visit and use paint2fix.net (the "Website") and purchase our products or services.

This policy complies with the EU General Data Protection Regulation (GDPR) 2016/679 and other applicable data protection laws. If you are located in the European Union or European Economic Area, you have specific rights regarding your personal data, which are described in detail below.

1. Who We Are (Data Controller)

The data controller responsible for your personal data is:

PAINT2FIX LLC
Website: paint2fix.net
Email: web@paint2fix.net

2. What Personal Data We Collect

We collect the following categories of personal data when you use our Website or place an order:

Identity and contact data: first name, last name, email address, phone number, billing address, shipping address.

Order and transaction data: products purchased, vehicle color code, order history, payment method (we do not store full card details — these are handled securely by Stripe and PayPal).

Account data: username, password (encrypted), account preferences, if you create an account on our Website.

Technical data: IP address, browser type and version, device information, time zone, operating system, pages visited, and referring URLs, collected automatically when you visit the Website.

Usage data: information about how you use the Website, products you view or search for, and your interactions with the site.

Communications data: messages you send us via our contact form or email, including any photos or documents you attach (e.g. for color match requests).

3. How We Collect Your Data

We collect your personal data through the following means:

Directly from you: when you place an order, create an account, fill in a contact form, or communicate with us by email.

Automatically: when you browse the Website, we collect technical and usage data through cookies, server logs, and analytics tools (Google Analytics, Cloudflare).

From third parties: payment processors (Stripe, PayPal) may share transaction confirmation data with us. Google Ads may share conversion data related to your visit.

4. Why We Use Your Data (Legal Basis)

We only process your personal data when we have a valid legal basis to do so under GDPR. The legal bases we rely on are:

Performance of a contract (Article 6(1)(b) GDPR): processing your order, managing your account, arranging delivery, and handling returns or refunds.

Compliance with a legal obligation (Article 6(1)(c) GDPR): keeping financial and tax records as required by law, complying with consumer protection regulations.

Legitimate interests (Article 6(1)(f) GDPR): improving our Website and services, preventing fraud, ensuring network and information security, and measuring the effectiveness of our advertising.

Consent (Article 6(1)(a) GDPR): for non-essential cookies and marketing communications, where we rely on your explicit consent, which you may withdraw at any time.

5. Cookies

Our Website uses cookies and similar tracking technologies. Cookies are small text files placed on your device that help us provide a better user experience.

Strictly necessary cookies: required for the Website to function (e.g. shopping cart, login session). These cannot be disabled.

Analytics cookies: used by Google Analytics to help us understand how visitors use the Website. Data collected is aggregated and anonymised where possible.

Advertising cookies: used by Google Ads to track conversions and show relevant advertisements. These are only set with your consent.

Performance cookies: used by Cloudflare to ensure the security and performance of the Website.

You can manage or withdraw your cookie consent at any time through our cookie banner or your browser settings. Please note that disabling certain cookies may affect the functionality of the Website.

6. Third-Party Services We Use

We work with trusted third-party service providers who may process your personal data on our behalf or independently. These are:

WooCommerce — our e-commerce platform, used to manage orders, products, and customer accounts. Data is stored on our own server. Privacy policy: automattic.com/privacy

Stripe — payment processing for credit and debit card transactions. Stripe processes card data directly and we do not store full card details. Privacy policy: stripe.com/privacy

PayPal — payment processing for PayPal transactions. Privacy policy: paypal.com/privacy

Google Analytics — website analytics service provided by Google LLC. Google may transfer data to servers in the United States. We have enabled IP anonymisation where possible. Privacy policy: policies.google.com/privacy

Google Ads — online advertising platform provided by Google LLC, used to measure ad conversions and display targeted ads. Privacy policy: policies.google.com/privacy

Cloudflare — content delivery network (CDN) and security service. Cloudflare processes traffic data including IP addresses to protect and accelerate the Website. Privacy policy: cloudflare.com/privacypolicy

Polylang — WordPress plugin used to deliver the Website in multiple languages. No personal data is transferred to third parties through this plugin.

Loco Translate — WordPress plugin used for translation management. No personal data is transferred to third parties through this plugin.

DHL Express / UPS — courier services used to deliver your orders. We share your name, delivery address, and phone number with the relevant courier to fulfil your order. Their privacy policies are available on their respective websites.

7. International Data Transfers

Some of our third-party service providers, including Google and Cloudflare, are based outside the European Economic Area (EEA) and may transfer your personal data to countries that do not provide the same level of data protection as the EU. In such cases, we ensure that appropriate safeguards are in place, such as the EU Standard Contractual Clauses (SCCs), to protect your data in accordance with GDPR requirements.

8. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, and reporting obligations.

Order and transaction data: retained for a minimum of 7 years to comply with tax and accounting regulations.

Account data: retained for as long as your account is active. If you request account deletion, your data will be erased within 30 days, subject to any legal retention obligations.

Communications data: retained for up to 3 years from the date of last contact.

Technical and analytics data: retained for up to 26 months in line with Google Analytics default retention settings.

9. Your Rights Under GDPR

If you are located in the European Union or European Economic Area, you have the following rights regarding your personal data:

Right of access: you have the right to request a copy of the personal data we hold about you.

Right to rectification: you have the right to request correction of inaccurate or incomplete personal data.

Right to erasure ("right to be forgotten"): you have the right to request deletion of your personal data, subject to certain legal exceptions.

Right to restriction of processing: you have the right to request that we limit how we use your personal data in certain circumstances.

Right to data portability: you have the right to receive your personal data in a structured, machine-readable format and transfer it to another controller.

Right to object: you have the right to object to processing based on legitimate interests or for direct marketing purposes.

Right to withdraw consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at web@paint2fix.net. We will respond to your request within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include SSL/TLS encryption for data transmission, secure server infrastructure, restricted access controls, and regular security monitoring via Cloudflare.

While we take all reasonable steps to protect your data, no method of transmission over the internet is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any data breach in accordance with our legal obligations.

11. Children's Privacy

Our Website is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe that a child has provided us with personal data, please contact us and we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we do, we will revise the date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your data.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

PAINT2FIX LLC
Email: web@paint2fix.net
Website: paint2fix.net/contact