Privacy Policy

Effective Date: May 27, 2025  |  Last Updated: June 5, 2026

This Privacy Policy should be read together with our Terms and Conditions.

This Privacy Policy ("Policy") describes how Ultimate Team Posters LLC, a limited liability company organized under the laws of the State of Illinois, USA ("UTP," "we," "us," or "our") collects, uses, stores, shares, and protects personal information when you access or use the UTP Software platform ("Software"). This Policy applies to all users of the Software, including Administrators, General Users, Photographers, and website visitors.

By creating an account or using the Software, you acknowledge that you have read, understood, and agree to the collection and use of your information as described in this Policy. If you do not agree, you must not use the Software.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Full name, email address, phone number, business name, business address, and account credentials.
  • Payment Information: Credit card details and billing address. Payment card data is collected and processed by our PCI-compliant third-party payment processors (e.g., Stripe). UTP does not store full credit card numbers on its servers.
  • Uploaded Content: Photographs, images, logos, designs, templates, and text that you upload to or create within the Software.
  • Customer Data: Information about your end customers that you input into the Software, including names, email addresses, phone numbers, and order details.
  • Communications: Messages, support requests, and feedback you send to us through Slack, email, or other channels.
  • Text Messaging Data: Message content, recipient phone numbers, opt-in/consent records, and delivery status.
  • Supply Store Orders: Shipping addresses, order details, and purchase history for products ordered through the UTP Supply Store.

1.2 Information Collected Automatically

  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and unique device identifiers.
  • Usage Data: Pages visited, features used, click patterns, session duration, time stamps, referring URLs, and navigation paths within the Software.
  • Log Data: Server logs that record requests made to our servers, including timestamps, API endpoints accessed, and error logs.
  • Location Data: Approximate geographic location derived from your IP address. We do not collect precise GPS location data. Users also provide event location data (state, city, and zip code) when creating events within the Software, which is used for franchise territory fee calculations and compliance purposes.
  • AI-Derived Data: When photographs are uploaded to the Software, our automated processing features may extract or analyze biometric-adjacent data, including facial geometry, physical characteristics, jersey numbers, and other identifying features for the purposes of photo sorting, facial similarity grouping, and image enhancement. See Section 11 for additional details on biometric data processing.

1.3 Information from Third Parties

  • Payment Processors: Transaction confirmations, payment status, and fraud screening results from payment service providers.
  • Analytics Providers: Aggregated usage statistics and performance metrics from third-party analytics services.
  • Authentication Services: If you sign in using a third-party service (e.g., Google), we receive your name, email, and profile information as authorized by you.

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing and Operating the Software

  • Creating and managing your account;
  • Processing subscriptions, payments, and credit transactions;
  • Generating posters, prints, and other products;
  • Fulfilling and shipping physical product orders;
  • Sending text messages on your behalf to your customers;
  • Providing technical support and responding to inquiries.

2.2 Improving and Developing the Software

  • Analyzing usage patterns and trends to improve features and user experience;
  • Conducting internal research and development;
  • Testing new features and functionality;
  • Generating aggregated, anonymized analytics and benchmarks.

2.3 Communication

  • Sending account-related notifications (e.g., billing confirmations, password resets, subscription changes);
  • Notifying you of service updates, maintenance windows, or policy changes;
  • Sending product announcements or feature updates (you may opt out of non-essential communications).

2.4 Safety, Security, and Compliance

  • Detecting, preventing, and investigating fraud, abuse, or unauthorized access;
  • Monitoring compliance with our Terms and Conditions;
  • Enforcing our policies and protecting the rights, property, and safety of UTP, our users, and third parties;
  • Complying with applicable laws, regulations, legal processes, or governmental requests.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:

  • Performance of a Contract: Processing necessary to provide the Software and fulfill our obligations under the Terms and Conditions.
  • Legitimate Interests: Processing for our legitimate business interests, such as improving the Software, preventing fraud, and ensuring security, where those interests are not overridden by your rights.
  • Consent: Where you have provided explicit consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time.
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations.

4. How We Share Your Information

4.1 We Do Not Sell Your Personal Information

UTP does not sell, rent, or trade your personal information to third parties for their marketing purposes.

4.2 Service Providers and Vendors

We share information with trusted third-party service providers who perform services on our behalf, including:

  • Payment Processing: Stripe and other PCI-compliant payment processors for handling transactions;
  • Cloud Hosting: Cloud infrastructure providers (e.g., AWS, Vercel, Railway) for hosting and data storage;
  • Shipping and Fulfillment: Third-party carriers and print fulfillment partners for processing and delivering physical orders;
  • SMS/Messaging: Telecommunications providers for delivering text messages;
  • Analytics: Analytics services for understanding usage patterns and improving the Software;
  • Customer Support: Support tools and platforms used to manage and respond to inquiries.

All service providers are contractually obligated to use your information only for the purposes of providing their services to UTP and to maintain appropriate security measures.

4.3 Legal and Safety Disclosures

We may disclose your information if we believe in good faith that disclosure is necessary to:

  • Comply with applicable laws, regulations, legal processes, or enforceable governmental requests;
  • Enforce our Terms and Conditions or other agreements;
  • Detect, prevent, or address fraud, security issues, or technical problems;
  • Protect the rights, property, or safety of UTP, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice within the Software of any such change in ownership or use of your personal information.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Cookies and Tracking Technologies

5.1 What We Use

We use cookies, pixels, web beacons, and similar technologies to:

  • Maintain your session and remember your preferences;
  • Analyze usage patterns and measure the effectiveness of features;
  • Improve the performance and functionality of the Software;
  • Prevent fraud and enhance security.

5.2 Types of Cookies

  • Essential Cookies: Required for the Software to function. These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Software. These collect aggregated, anonymized data.
  • Preference Cookies: Remember your settings and preferences for a more personalized experience.

5.3 Your Choices

Most browsers allow you to control cookies through their settings. You can block or delete cookies, but this may affect the functionality of the Software. For more information, consult your browser's help documentation.

5.4 Do Not Track

Some browsers send "Do Not Track" (DNT) signals. There is currently no industry standard for responding to DNT signals, and the Software does not currently respond to them.

6. Data Ownership and Retention

6.1 Your Content

You retain ownership of the original content you upload to the Software, including your photographs, logos, and customer data. By using the Software, you grant UTP a limited license to process, store, and display your content solely for the purpose of providing the Software's services.

6.2 Derived Data

UTP owns all aggregated, anonymized, and de-identified data derived from your use of the Software. This data does not identify you personally and may be used for analytics, benchmarking, and product improvement.

6.3 Retention Periods

  • Account Data: Retained for as long as your account is active, plus thirty (30) days after account deletion to allow for recovery requests.
  • Text Message History: Retained for ninety (90) days from the date of transmission.
  • Payment Records: Retained for seven (7) years as required by tax and financial regulations.
  • Usage and Log Data: Retained for up to twenty-four (24) months for analytics and security purposes.
  • Uploaded Photographs and Galleries: Retained for ninety (90) days from the date of the associated event or upload, whichever is later. After the retention period, photographs and gallery content may be permanently deleted. Users are responsible for maintaining their own backups.
  • Other Uploaded Content: Deleted within thirty (30) days of account deletion, unless required for ongoing legal obligations or disputes.

6.4 Data After Termination

Upon cancellation or termination of your account, UTP will retain your data for a thirty (30) day grace period. After this period, your data will be permanently deleted unless retention is required by law. You may request earlier deletion by contacting us.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information under applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other state, federal, or international laws.

7.1 Rights Available

  • Right to Access: Request a copy of the personal information we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete personal information.
  • Right to Deletion: Request deletion of your personal information, subject to certain legal exceptions.
  • Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to Restrict Processing: Request that we limit how we use your personal information in certain circumstances.
  • Right to Object: Object to processing of your personal information based on legitimate interests.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
  • Right to Opt Out of Sale: Under the CCPA, you have the right to opt out of the sale of your personal information. UTP does not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

7.2 How to Exercise Your Rights

To exercise any of these rights, please contact us at chad@utproducts.com. We will respond to verifiable requests within thirty (30) days (or forty-five (45) days if an extension is needed, with notice to you). We may need to verify your identity before processing your request.

7.3 Authorized Agents

You may designate an authorized agent to submit a request on your behalf. We may require written proof of the agent's authorization and may still verify your identity directly.

7.4 Right to Lodge a Complaint

If you are located in the EEA or UK, you have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

8. Data Security

8.1 We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit (TLS/SSL) and at rest;
  • Regular security assessments and vulnerability testing;
  • Access controls limiting data access to authorized personnel only;
  • Secure authentication mechanisms including password hashing;
  • Monitoring and logging of access to sensitive systems.

8.2 While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, and you acknowledge and accept this inherent risk.

8.3 You are responsible for maintaining the confidentiality of your account credentials and for any activity that occurs under your account. Please notify us immediately at chad@utproducts.com if you suspect unauthorized access to your account.

9. Data Breach Notification

9.1 In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, UTP will:

  • Investigate the breach promptly and take reasonable steps to mitigate harm;
  • Notify affected users without unreasonable delay, and in any event within seventy-two (72) hours of becoming aware of the breach (where required by applicable law);
  • Notify applicable regulatory authorities as required by GDPR, CCPA, or other applicable breach notification laws;
  • Provide information about the nature of the breach, the data affected, and the steps we are taking in response.

10. Children's Privacy

10.1 The Software is not directed at or intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from minors.

10.2 If we become aware that we have inadvertently collected personal information from a minor, we will take prompt steps to delete such information.

10.3 If you are a parent or guardian and believe your child has provided personal information to us, please contact us at chad@utproducts.com.

11. AI Processing, Biometric Data, and Automated Features

11.1 Automated Processing Features. The Software includes artificial intelligence and automated processing features such as automated photo sorting, jersey number detection, facial similarity grouping, background removal, and image enhancement ("AI Features"). These features process uploaded photographs to improve workflow efficiency.

11.2 Biometric-Adjacent Data. Certain AI Features may process photographs in ways that extract or analyze biometric-adjacent data, including facial geometry, physical characteristics, or other identifying features. This processing is performed transiently for the purposes of sorting, matching, or enhancement. UTP does not store biometric templates, facial recognition databases, or persistent biometric identifiers. No permanent biometric profiles are created for any individual.

11.3 State Biometric Privacy Laws. Several states have enacted laws governing the collection and use of biometric information, including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act, and the Washington Biometric Identifiers law. Users of the Software are solely responsible for providing any notices to, or obtaining any consents from, photographed individuals (or their parents/guardians in the case of minors) that may be required by applicable biometric privacy laws before uploading photographs to the Software. UTP processes biometric-adjacent data on behalf of Users solely to provide AI Features and does not use such data for any independent purpose.

11.4 Purpose Limitation. AI-derived data is used exclusively for: (i) sorting and organizing photographs by team, player, or jersey number; (ii) grouping similar faces to streamline photo selection; (iii) removing or replacing image backgrounds; and (iv) enhancing image quality. AI-derived data is not used for surveillance, identification of unknown individuals, law enforcement purposes, or any purpose unrelated to the Software's photography workflow features.

11.5 Data Minimization. AI Features are designed to process only the minimum data necessary to perform their intended function. Intermediate processing data (e.g., facial similarity vectors) is discarded after the processing task is complete and is not retained in any persistent storage.

11.6 User Responsibility. By uploading photographs to the Software, Users represent and warrant that they have obtained all necessary consents for AI-based processing of those photographs, including any consents required under applicable biometric privacy laws for images containing identifiable individuals or minors.

12. International Data Transfers

12.1 UTP is based in the United States. If you access the Software from outside the United States, your personal information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction.

12.2 By using the Software, you consent to the transfer of your information to the United States. Where required by applicable law (e.g., GDPR), we implement appropriate safeguards for international data transfers, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

12.3 If you are located in the EEA or UK and have concerns about international data transfers, please contact us for more information about the safeguards we have in place.

13. Third-Party Links and Services

13.1 The Software may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices.

13.2 We encourage you to review the privacy policies of any third-party services you access through or in connection with the Software.

14. California-Specific Disclosures (CCPA/CPRA)

If you are a California resident, the following additional disclosures apply under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

14.1 Categories of Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information: identifiers (name, email, phone number, IP address); commercial information (transaction history, subscription details); internet or network activity (usage data, log data); professional or employment-related information (business name, role); and content you upload (photographs, designs).

14.2 Business Purpose for Collection

We collect personal information for the business purposes described in Section 2 of this Policy.

14.3 Sale and Sharing

UTP does not "sell" or "share" (as those terms are defined under the CCPA/CPRA) your personal information to third parties for their own commercial purposes.

14.4 Sensitive Personal Information

We do not collect "sensitive personal information" as defined under the CPRA, beyond what is necessary to provide the Software (e.g., account credentials).

14.5 Retention

We retain personal information as described in Section 6.3 of this Policy.

15. Mobile Application (UTP POS for iOS)

15M.1 Scope. This Section applies to your use of the UTP POS application for iPhone (the "Mobile App"), which UTP makes available to authorized staff of UTP vendors for accepting in-person payments at events. The general terms of this Privacy Policy apply to the Mobile App in addition to the provisions below; where the two conflict, this Section controls for the Mobile App.

15M.2 Information the Mobile App Collects

  • Account credentials. Email and password are submitted to UTP's servers to obtain an authentication token. The credentials themselves are not retained on the device; only the resulting authentication token is stored locally, in the iOS Keychain, until you sign out.
  • Order and customer data you input. Customer names, email addresses, phone numbers, item selections, fulfillment choices, pickup locations, and tip amounts you enter into the Mobile App for a sale are transmitted to UTP's servers in real time. The Mobile App does not retain a persistent local copy of customer records beyond the active session.
  • Location. When you initiate a Tap to Pay on iPhone transaction, Apple requires your device's coarse location to authorize the transaction at the venue. The Mobile App uses the "While Using the App" location authorization solely for this purpose and does not log, store, or transmit your location to UTP independently of the Tap to Pay flow. Location data is handled by Apple and the Stripe Terminal SDK and is not retained by UTP.
  • Near-field communication (NFC) and contactless card data. When a customer taps a contactless card or wallet against your iPhone to pay, the card data is read by Apple's Tap to Pay on iPhone framework, encrypted on-device, and transmitted directly to Stripe for processing. UTP does not receive, store, or have access to the card number, cardholder name, CVV, or any other sensitive cardholder data.
  • Diagnostic data. When the Mobile App encounters an unexpected error, an anonymized crash report containing the error type, app version, and a stack trace may be sent to UTP's error tracking provider to help us diagnose and fix the issue. These reports do not include customer data or authentication tokens.

15M.3 Information the Mobile App Does Not Collect

  • The Mobile App does not access your photo library, contacts, calendar, microphone, or health data.
  • The Mobile App does not use advertising identifiers and does not participate in any cross-app tracking. It does not present Apple's App Tracking Transparency prompt because no tracking occurs.
  • The Mobile App does not contain any third-party analytics SDKs (such as Google Analytics, Facebook SDK, or similar). Usage information is derived only from the API requests your device makes to UTP's own servers in the normal course of operation.

15M.4 Stripe Tap to Pay on iPhone

15M.4.1 The Mobile App uses Stripe's Terminal SDK and Apple's Tap to Pay on iPhone framework to accept contactless payments. Your use of Tap to Pay on iPhone through the Mobile App is also subject to the Apple Acceptance Platform User Terms and Conditions, which you accept the first time you connect to a Tap to Pay reader.

15M.4.2 Stripe is the payment processor and merchant of record for in-person transactions accepted through the Mobile App. Stripe's collection and use of cardholder data is governed by Stripe's privacy policy.

15M.5 Local Storage on Your Device

  • Keychain. The authentication token issued by UTP's servers is stored in the iOS Keychain, protected by your device passcode and biometric authentication. Signing out of the Mobile App removes the token from the Keychain.
  • In-memory state only. Cart contents, customer info typed into the current sale, and any other transactional state exist only in the Mobile App's memory and are cleared when the app is closed or when the sale is completed.
  • No tracking cookies. The Mobile App is a native iOS application and does not set browser cookies on your device.

15M.6 Permissions the Mobile App Requests

  • Location (When in Use) — Required by Apple to authorize Tap to Pay on iPhone transactions at your venue. Used only at the moment of a Tap to Pay sale.
  • Near-Field Communication (NFC) — Required to read contactless cards and wallets. Used only while a sale is in progress.

You may revoke either permission at any time in iOS Settings → UTP POS. Revoking the location permission will disable Tap to Pay on iPhone; cash and Scan-to-Pay flows will continue to work without it.

15M.7 Vendor Staff and Authorized Use

The Mobile App is intended for the authorized staff of UTP vendors operating under an active subscription. Vendors are responsible for ensuring that the customer data they input into the Mobile App (e.g., a customer's email or phone number for a receipt) has been provided with the customer's permission for that purpose.

15. Changes to This Privacy Policy

15.1 We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Material changes will be communicated via email or prominent notice within the Software at least fifteen (15) days before they take effect.

15.2 The "Last Updated" date at the top of this Policy indicates when the most recent changes were made.

15.3 Your continued use of the Software after the effective date of any changes constitutes your acceptance of the revised Policy. If you do not agree with the changes, you must discontinue use of the Software.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Ultimate Team Posters LLC
Email: chad@utproducts.com
Website: www.utpsoftware.com

See also: Terms and Conditions