RALLYTOON – PRIVACY POLICY

Last updated: February 2026

This Privacy Policy explains how RallyToon (“we”, “us”, “our”) collects, uses, stores, and protects personal data of users and customers who visit www.rallytoon.com (the “Site”) or purchase our products and services.

We process personal data in accordance with the Mexican Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and other applicable regulations, as well as, where relevant, foreign laws such as the EU General Data Protection Regulation (GDPR).

By using the Site or providing your personal data, you accept the practices described in this Privacy Policy.

1. Identity of the data controller

The data controller responsible for processing your personal data is:

RallyToon
Operating from Mexico (online illustration and Fans Store services).

If you have any questions about this Privacy Policy or your personal data, you can contact us via the contact form available on the Site.

2. Personal data we collect

We may collect and process the following categories of personal data:

  • Identification data: name, surname, username or nickname, country, language.

  • Contact data: email address, and if you choose to provide it, phone number or social media handle.

  • Order and billing data: products ordered (EVO1, EVO2, Fans Store items), order history, transaction references from payment providers, basic billing information.​

  • Content data: photos and other files you upload or send for custom illustrations, your instructions or comments about the artwork.

  • Technical and browsing data: IP address, device and browser information, pages visited, time and date of visits, referral source, approximate location, and other analytics data obtained via cookies or similar technologies, when enabled.

  • Communication data: messages you send through contact forms, email, or social networks, and our replies.

We do not intentionally collect sensitive personal data (for example health information, religious beliefs, or political opinions). If you voluntarily send such information, we will process it only to the extent strictly necessary and we may delete it when appropriate.

The Site and services are intended for adults (18+). We do not knowingly collect personal data from children under 18.

3. Purposes of processing

We use your personal data for the following purposes:

  1. To provide our services and fulfil orders

    • Process your orders for EVO1/EVO2 illustrations and Fans Store products.

    • Create and deliver custom artwork based on the photos and instructions you provide.

    • Provide downloads or send files by email and manage your account or order history where applicable.​

  2. To communicate with you

    • Respond to your enquiries and requests via contact forms or email.

    • Send you order confirmations, status updates, delivery information, or important notices related to your purchases.

  3. Billing, accounting and legal obligations

    • Generate and store invoices and transaction records.

    • Comply with tax, accounting, and regulatory obligations under Mexican law.

  4. Improving the Site and services

    • Analyse aggregated and anonymized browsing data to understand how the Site is used.

    • Improve user experience, performance, design, and security.

  5. Marketing and optional communications

    • Send newsletters, updates, offers, or information about RallyToon, only if you have subscribed or given your consent where required.

    • Manage your subscription preferences and opt‑out requests.

We do not use your personal data for automated decision‑making that produces legal effects concerning you.

4. Legal bases for processing

Depending on the situation, we process your data on the following legal bases:

  • Performance of a contract: when we process your data to fulfil your order, deliver files, and provide customer support.

  • Legal obligations: for example, storing invoices and transaction records as required by Mexican tax and commercial law.

  • Legitimate interests: such as improving our services, maintaining Site security, preventing fraud, and defending our legal rights.

  • Consent: for optional activities such as sending marketing communications (newsletter) and for using certain non‑essential cookies or analytics tools, when required by law.

You may withdraw your consent at any time for future processing by using unsubscribe links or contacting us, without affecting the lawfulness of processing carried out before withdrawal.

5. Cookies and tracking technologies

The Site may use cookies and similar technologies to:

  • Ensure the technical operation and security of the Site.

  • Remember certain preferences where necessary.

  • Measure traffic and performance in an aggregated, anonymized manner (web analytics).

Where required by applicable law, a cookie banner or notice will inform you about non‑essential cookies and allow you to accept or reject them. You can also configure your browser to block or delete cookies, but this may affect some features of the Site.

More detailed information about the types of cookies used and their purposes can be provided in a separate Cookie Policy or section.

6. Data sharing and third‑party recipients

We may share your personal data with the following categories of recipients, strictly on a “need‑to‑know” basis:

  • Payment service providers (for example Stripe, PayPal, or similar) to process your payments securely. We receive limited information from them (confirmation of payment, transaction reference), not your full card details.

  • Hosting and infrastructure providers that host the Site and our email or storage systems.

  • Email and communication tools used to send order confirmations, support messages, or newsletters if you subscribe.

  • Analytics providers (for example privacy‑friendly analytics or, if used, tools like Google Analytics) to measure traffic and performance in an aggregated way.

  • Professional advisers (such as accountants or lawyers) when necessary for compliance, financial reporting, or legal defence.

We require our service providers to process personal data only to perform the services we request from them, to keep it secure, and not to use it for their own unrelated purposes.

We do not sell or rent your personal data to third parties.

7. International data transfers

Because we operate online and use global service providers, your personal data may be transferred to and processed in countries outside Mexico, such as the United States, European Union member states, or other jurisdictions where our providers are located.

Where reasonably possible, we choose providers that offer appropriate safeguards for data protection, such as:

  • Standard contractual clauses or equivalent contractual protections.

  • Adequate data‑protection certifications or compliance frameworks.

  • Technical and organizational security measures in line with international standards.

By using the Site and our services, you acknowledge that international transfers may occur, as permitted by applicable law.

8. Data retention

We retain personal data only for as long as reasonably necessary to fulfil the purposes described in this Policy and to comply with legal obligations.

In particular:

  • Order and billing data are generally kept for the period required by Mexican tax and commercial law (which can be several years), and for the limitation period of potential legal claims.

  • Contact and communication data are kept for the time needed to manage your request and for a reasonable period afterwards, in case of follow‑up questions or dispute.

  • Photos and illustration files used for custom orders may be stored in our archives and backups for a reasonable period, for operational reasons (for example re‑sending files, portfolio examples) unless you request deletion where legally possible and compatible with our legitimate interests.

  • Marketing data (newsletter subscriptions) are kept until you unsubscribe or until we decide to stop sending such communications.

When personal data is no longer needed, we will delete it or irreversibly anonymize it, unless a longer retention period is required or permitted by law.

9. Security measures

We implement reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure, such as:

  • Use of reputable hosting providers and platforms.

  • Access control to accounts and tools (passwords, limited access).

  • Regular basic monitoring of the Site’s security and updates.

However, no system is completely secure. Transmission of information via the internet always carries some risk, and you acknowledge that you share data at your own risk.

If we become aware of a data‑breach incident that poses a significant risk to your rights, we will take appropriate steps in line with applicable Mexican law and other relevant regulations.

10. Your rights

Subject to the conditions and limitations set by the LFPDPPP and other applicable laws, you may have the following rights regarding your personal data:

  • Right of access: to know whether we hold your personal data and to obtain information about its processing.

  • Right of rectification: to request correction or updating of inaccurate or incomplete data.

  • Right of cancellation (deletion): to request that we delete your personal data when it is no longer necessary or when processing is unlawful, subject to legal retention obligations.

  • Right of objection: to object, for legitimate reasons, to certain types of processing (for example direct marketing).

  • Right to restriction of processing: in certain circumstances, to request that we limit the use of your data.

  • Right to data portability (where applicable): to receive certain data in a structured, commonly used, machine‑readable format and to transmit it to another controller, when technically feasible.

To exercise your rights, please contact us through the contact form on the Site, clearly stating:

  • Which right you wish to exercise.

  • Enough information to identify you (we may request additional proof if necessary).

We will respond within the time limits established by applicable law. If you are not satisfied with our response, you may have the right to lodge a complaint with the competent data‑protection authority in Mexico or in your country of residence.

11. Image rights and privacy

Separately from data‑protection rules, individuals may have image, publicity, and personality rights under Mexican law and other jurisdictions.

  • We do not intentionally use private photos of identifiable individuals in our Fans Store products without permission.

  • If you believe that your image, likeness, or identity is used in connection with our products or promotional materials without your consent, you may contact us and provide details so we can review your request in good faith (see also the “Notice and takedown” section in our Terms and Conditions).

This Privacy Policy complements, and does not replace, the Terms and Conditions regarding image rights and intellectual property.

12. Third‑party websites and social media

The Site may contain links to third‑party websites or social media platforms (Instagram, Facebook, payment pages, etc.). If you follow these links, the operators of those sites will process your data under their own privacy policies, which we do not control.​

We encourage you to read the privacy policies of those third‑party sites before providing any personal information to them.

13. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect legal, technical, or business changes.

The most current version is the one published on this page with the “Last updated” date. If we make material changes, we may notify you by email or by a prominent notice on the Site where appropriate.

By continuing to use the Site after an update, you acknowledge and accept the revised Privacy Policy.

14. Contact

For any question or request regarding this Privacy Policy or your personal data, you can contact RallyToon through the contact form available on the Site.