Privacy policy

Last updated: 2026-05-24

This policy explains how we process personal data when you use our website, sign in with Google, place an order, or pay with Stripe. It is a template for GDPR-style transparency—your counsel should finalise it for your entity, purposes, and subprocessors.

1. Controller

Insert the name and contact details of the data controller (your business). Add a Data Protection Officer only if required.

2. Data we process

• Account (Google OAuth): identifiers such as name, email, and Google subject ID via our authentication provider.
• Orders: shipping address, order details, and User Content you submit for printing.
• Payments: payment processing via Stripe (we typically do not store full card numbers).
• Technical: logs, security signals, and cookies where used.

3. Purposes and lawful bases

Contract performance for orders; consent for optional marketing; legitimate interests for security and analytics (with balancing tests as required); legal obligations where applicable.

4. Recipients

Hosting provider, authentication service, Stripe, email provider, and carriers receive data only as needed. Transfers outside the EEA require appropriate safeguards (e.g. Standard Contractual Clauses)—your counsel will specify.

5. Retention

Keep orders and tax records as required by law; minimise retention of uploads once fulfilment is complete unless you need them for disputes.

6. Your rights

Under GDPR/UK GDPR you may have rights to access, rectification, erasure, restriction, portability, objection, and to lodge a complaint with a supervisory authority.

7. Contact

Insert privacy contact email and response timelines.