πŸŽ‰ LIMITED TIME OFFER: Get 10% OFF your first order! Use code WELCOME10

Printora.ai Logo

Privacy Policy

Version: 1.0

Last Updated: November 17, 2025

Effective Date: November 17, 2025

Official Document Location: https://printora.ai/privacy

πŸ“‹ What You Need to Know (Plain Language Summary)

Who we are: Printora.ai is operated by Simon Smaluhn Solesse GbR, a German company. We provide an AI-powered custom printing platform.

What data we collect:

  • Account info (name, email) when you sign up
  • Order details (shipping address, purchase history)
  • Payment info (processed securely by Stripe - we never see your full card details)
  • Images you upload or create using our AI tools
  • Usage data (how you use our website and app)

Why we collect it: To fulfill your orders, improve our AI features, provide customer support, and communicate with you about your purchases.

Who we share it with: Only trusted service providers who help us run Printora (like payment processors, cloud storage, email delivery). We never sell your data to advertisers or third parties.

Your rights: You can access, correct, delete, or download your data anytime. You can also object to certain processing or withdraw consent.

Security: We use industry-standard encryption and security measures to protect your data.

For complete details, read the full policy below. We've written it to be as clear as possible, but if you have questions, contact us at privacy@printora.ai

Table of Contents

  1. Data Controller & Contact Information
  2. What Data We Collect
  3. Why We Collect Your Data (Legal Basis)
  4. How We Use Your Data
  5. Who We Share Your Data With
  6. How Long We Keep Your Data
  7. Your Privacy Rights
  8. Data Security
  9. Cookies & Tracking
  10. International Data Transfers
  11. AI & Automated Decision-Making
  12. Children's Privacy
  13. Changes to This Policy
  14. How to File a Complaint

1. Data Controller & Contact Information

The data controller responsible for your personal data is:

Simon Smaluhn Solesse GbR

Borsteler Weg 24D
31595 Steyerberg
Germany

Email: privacy@printora.ai

Website: https://printora.ai

If you have questions about how we handle your data, or wish to exercise your privacy rights, please contact us at the email above.

2. What Data We Collect

We collect different types of data depending on how you interact with Printora:

2.1 Account Information

  • When you sign up: Name, email address, password (encrypted)
  • When you use Google Sign-In: Name, email, profile picture from your Google account

2.2 Order & Transaction Data

  • Shipping information: Delivery address, phone number
  • Order details: Products ordered, quantities, customizations, order history
  • Payment information: Processed by Stripe (we only store the last 4 digits of your card and transaction IDs)

2.3 Content You Create

  • Uploaded images: Photos and designs you upload for printing
  • AI-generated content: Images created using our AI design tools
  • Text prompts: Descriptions you provide to our AI image generator
  • Design customizations: Edits, filters, and modifications you make

2.4 Usage & Technical Data

  • Device information: Browser type, operating system, device model
  • Log data: IP address, access times, pages viewed, actions taken
  • Analytics data: How you navigate our website/app, features used, errors encountered
  • Cookies & tracking: See Section 9 for details

2.5 Communications

  • Customer support: Messages, feedback, support tickets
  • Marketing preferences: Email subscription status, communication preferences

3. Why We Collect Your Data (Legal Basis)

Under GDPR and other privacy laws, we must have a legal basis for processing your personal data. Here's why we process each type of data:

Data TypeLegal Basis (GDPR Article 6)Purpose
Account informationContract (6.1.b)Necessary to provide our service and fulfill orders
Order & shipping dataContract (6.1.b)To deliver products you ordered
Payment dataContract (6.1.b) + Legal obligation (6.1.c)Process payments and comply with tax/accounting laws
Uploaded images/designsContract (6.1.b)Print your custom products
AI training (optional)Consent (6.1.a)Improve AI models (only if you opt in)
Marketing emailsConsent (6.1.a)Send promotional content (only if you opt in)
Analytics & usage dataLegitimate interest (6.1.f)Improve our service, fix bugs, understand user needs
Error logs (Sentry)Legitimate interest (6.1.f)Detect and fix technical issues

Note: "Contract" means processing is necessary to fulfill our agreement with you. "Consent" means you explicitly opted in (you can withdraw anytime). "Legitimate interest" means we have a valid business reason, balanced against your privacy rights.

4. How We Use Your Data

We use your personal data for the following purposes:

4.1 Provide Our Service

  • Process and fulfill your orders
  • Print your custom designs on products
  • Deliver products to your address
  • Manage your account and preferences
  • Process payments and refunds

4.2 Customer Support

  • Respond to your questions and support requests
  • Troubleshoot problems with orders or designs
  • Handle returns and complaints

4.3 Improve Our Platform

  • Analyze how users interact with our website/app
  • Fix bugs and technical issues
  • Develop new features and products
  • Improve our AI image generation and design tools

4.4 Communications (with your consent)

  • Send order confirmations and shipping updates (transactional - always sent)
  • Send marketing emails about new products and offers (only if you opt in)
  • Notify you about important changes to our service

4.5 Legal & Security

  • Comply with legal obligations (tax, accounting, law enforcement requests)
  • Prevent fraud and abuse
  • Protect our rights and property
  • Enforce our Terms of Service

5. Who We Share Your Data With

We NEVER sell your personal data to advertisers or third parties.

We only share data with trusted service providers who help us operate Printora. All these providers are contractually required to protect your data and only use it for the specific purposes we authorize.

5.1 Third-Party Service Providers

Stripe (Payment Processing)

  • What they receive: Payment card information, billing address, transaction details
  • Why: Process payments securely (we never see your full card details)
  • Location: United States (Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080)
  • Safeguards: GDPR Standard Contractual Clauses, PCI-DSS Level 1 certified
  • Privacy Policy: stripe.com/privacy

Google Cloud Platform (Infrastructure & AI)

  • What they process: All data (hosting, storage, database, AI processing)
  • Why: Cloud infrastructure, file storage, PostgreSQL database, AI image generation (Vertex AI/Gemini)
  • Location: United States (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043)
  • Safeguards: GDPR Standard Contractual Clauses, ISO 27001 certified
  • Privacy Policy: cloud.google.com/privacy

Vercel (Frontend Hosting)

  • What they process: Website access logs, IP addresses, usage data
  • Why: Host and deliver our website/application
  • Location: United States (Vercel Inc., 340 S Lemon Ave #4133, Walnut, CA 91789)
  • Safeguards: GDPR Standard Contractual Clauses, SOC 2 Type II certified
  • Privacy Policy: vercel.com/legal/privacy-policy

Resend (Email Delivery)

  • What they receive: Email address, name, email content (order confirmations, shipping updates)
  • Why: Send transactional and marketing emails
  • Location: United States (Resend, Inc.)
  • Safeguards: GDPR Standard Contractual Clauses
  • Privacy Policy: resend.com/legal/privacy-policy

Sentry (Error Monitoring)

  • What they receive: Error logs, stack traces, IP addresses, user IDs
  • Why: Monitor and fix technical issues and bugs
  • Location: United States (Functional Software, Inc. dba Sentry, 45 Fremont Street, San Francisco, CA 94105)
  • Safeguards: GDPR Standard Contractual Clauses
  • Privacy Policy: sentry.io/privacy

Google Analytics (Usage Analytics)

  • What they receive: Website usage data, anonymized IP addresses, device info, pages viewed
  • Why: Understand how users interact with our platform to improve it
  • Location: United States (Google LLC)
  • Safeguards: IP anonymization enabled, GDPR Standard Contractual Clauses
  • Privacy Policy: policies.google.com/privacy
  • Opt-out: You can opt out using browser settings or cookie preferences

Facebook/Meta Pixel (Marketing Analytics)

  • What they receive: Website activity, IP address, device info, cookie identifiers
  • Why: Measure ad performance and create targeted advertising campaigns
  • Location: United States (Meta Platforms, Inc., 1601 Willow Road, Menlo Park, CA 94025)
  • Safeguards: GDPR Standard Contractual Clauses
  • Privacy Policy: facebook.com/privacy/policy
  • Opt-out: You can manage preferences via cookie settings or Facebook Ad Preferences

5.2 Legal Disclosure

We may disclose your data if required by law or in response to valid legal requests (court orders, subpoenas, law enforcement requests). We will notify you of such requests unless prohibited by law.

5.3 Business Transfers

If Printora is acquired, merged, or undergoes a business reorganization, your data may be transferred to the new entity. We will notify you and ensure the new entity honors this privacy policy.

6. How Long We Keep Your Data

We only keep your personal data as long as necessary for the purposes outlined in this policy, or as required by law.

Data TypeRetention PeriodReason
Account informationUntil you delete your account + 30 daysAllow recovery period, then permanently deleted
Order history10 years after orderGerman tax law requirement (HGB, AO)
Payment records10 years after transactionGerman tax law requirement
Uploaded images (after order)90 days after deliveryHandle reprints/returns, then deleted
Uploaded images (no order)30 days of inactivityAllow you to complete designs, then deleted
Analytics data26 months (Google Analytics default)Usage analysis, aggregated after 14 months
Error logs (Sentry)90 daysDebug issues, then automatically deleted
Marketing consentUntil you withdraw consentYou can unsubscribe anytime

Note: The 10-year retention for orders and payments is required by German commercial and tax law (Handelsgesetzbuch and Abgabenordnung). Even if you delete your account, we must retain basic transaction records for this period.

7. Your Privacy Rights

Under GDPR, CCPA, and other privacy laws, you have the following rights regarding your personal data:

πŸ” Right to Access

Request a copy of all personal data we hold about you. We'll provide it in a readable format (PDF or JSON).

✏️ Right to Rectification

Correct any inaccurate or incomplete personal data. You can update most info in your account settings.

πŸ—‘οΈ Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data, except where we have a legal obligation to keep it (e.g., tax records for 10 years).

⏸️ Right to Restrict Processing

Limit how we use your data while we verify its accuracy or our legal basis for processing it.

πŸ“¦ Right to Data Portability

Receive your data in a machine-readable format (JSON) to transfer to another service.

β›” Right to Object

Object to processing based on legitimate interests (e.g., analytics, marketing). We'll stop unless we have compelling legal reasons.

🚫 Right to Withdraw Consent

Withdraw consent for marketing emails, AI training, or other optional processing anytime (does't affect past processing).

πŸ€– Rights Related to Automated Decision-Making

Not be subject to decisions based solely on automated processing (including AI) that significantly affects you. See Section 11 for details on our AI use.

How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: privacy@printora.ai
  • Account Settings: Some rights can be exercised directly in your account (update info, download data, delete account)

We will respond to your request within 30 days (GDPR requirement). If we need more time, we'll let you know why and when you can expect a response.

No fees required

Exercising your privacy rights is free. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

8. Data Security

We take data security seriously and implement industry-standard measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.

8.1 Technical Safeguards

  • Encryption: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS)
  • Password security: Passwords are encrypted using bcrypt hashing (never stored in plain text)
  • Database security: PostgreSQL database with access controls, encrypted at rest
  • File storage: Uploaded images stored in Google Cloud Storage with restricted access
  • API security: JWT tokens for authentication, rate limiting to prevent abuse

8.2 Organizational Safeguards

  • Access controls: Only authorized personnel have access to personal data
  • Third-party agreements: All service providers sign data processing agreements (DPAs)
  • Regular audits: We review security practices and update as needed
  • Incident response: Documented procedures for handling data breaches

8.3 Data Breach Notification

In the unlikely event of a data breach that risks your rights and freedoms, we will:

  • Notify the relevant data protection authority within 72 hours of becoming aware (GDPR requirement)
  • Notify affected users without undue delay
  • Describe the nature of the breach, likely consequences, and measures taken
  • Provide contact information for further inquiries

8.4 Your Responsibilities

You also play a role in keeping your data secure:

  • Use a strong, unique password for your Printora account
  • Do't share your password with anyone
  • Log out of your account when using shared devices
  • Contact us immediately if you suspect unauthorized account access

9. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to improve your experience and understand how you use Printora.

9.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences and provide analytics about website usage.

9.2 Types of Cookies We Use

πŸ”’ Strictly Necessary Cookies

Purpose: Essential for the website to function (login sessions, shopping cart, security)

Can you opt out? No - these are required for the service to work

Examples: Authentication tokens, CSRF protection, shopping cart state

πŸ“Š Analytics Cookies

Purpose: Understand how you use our website (pages visited, features used, time spent)

Can you opt out? Yes - via cookie preferences or browser settings

Examples: Google Analytics (_ga, _gid cookies)

🎯 Marketing/Advertising Cookies

Purpose: Track your activity across websites to show relevant ads

Can you opt out? Yes - via cookie preferences

Examples: Facebook Pixel, Google Ads conversion tracking

βš™οΈ Functional Cookies

Purpose: Remember your preferences (language, theme, notification settings)

Can you opt out? Yes, but some features may not work as expected

Examples: Language preference, UI customizations

9.3 Managing Cookies

You can control cookies through:

Note: Blocking strictly necessary cookies will prevent you from using certain features like logging in or placing orders.

10. International Data Transfers

Printora is operated from Germany, but some of our service providers are located in the United States and other countries. This means your personal data may be transferred and processed outside the European Economic Area (EEA).

10.1 Safeguards for International Transfers

When we transfer your data to countries without adequate data protection laws (like the USA), we use the following safeguards:

  • Standard Contractual Clauses (SCCs): Legally binding contracts approved by the European Commission that require US-based processors to protect your data according to GDPR standards
  • Additional security measures: Encryption, access controls, regular audits
  • Data Processing Agreements (DPAs): Contracts with all third-party processors specifying how they must handle your data

10.2 Countries Where Data Is Processed

  • Germany (EEA): Primary operations, data controller location
  • United States: Google Cloud Platform, Stripe, Vercel, Resend, Sentry, Meta/Facebook (all using SCCs)
  • Other locations: Google Cloud may process data in other regions with adequate protections

10.3 Your Rights Regarding International Transfers

You have the right to:

  • Request information about where your data is processed
  • Request copies of the safeguards we use (SCCs, DPAs)
  • Object to transfers if you believe adequate protections aren't in place

Contact privacy@printora.ai for more information.

11. AI & Automated Decision-Making

Printora uses artificial intelligence (AI) to power our image generation and design tools. Here's how we use AI and what it means for you:

11.1 How We Use AI

  • AI Image Generation: Create custom designs from text prompts using Google Gemini/Vertex AI
  • Image Enhancement: Improve photo quality, remove backgrounds, apply filters
  • Content Moderation: Detect inappropriate content (nudity, violence, hate speech) to comply with our policies
  • Design Suggestions: Recommend products, templates, or design elements based on your preferences

11.2 Automated Decisions

We use automated processing (including AI) for the following decisions:

  • Content Moderation: Images may be automatically rejected if AI detects prohibited content. However, you always have the right to request human review of the decision.
  • Fraud Detection: Suspicious orders may be flagged or blocked automatically. You can contact support for human review.

Important: You are NOT subject to decisions based solely on automated processing that significantly affect you, without human review. You always have the right to:

  • Request human review of automated decisions
  • Express your point of view
  • Contest the decision

11.3 AI Training & Your Images

We do NOT use your uploaded images or AI-generated designs to train our AI models without your explicit consent.

If we offer an opt-in AI training program in the future, we will:

  • Ask for your separate, specific consent
  • Clearly explain how images would be used
  • Allow you to withdraw consent anytime
  • Never use images marked as private or containing personal/sensitive content

11.4 AI Accuracy & Limitations

AI-generated content may not always be accurate or suitable. We make no guarantees about:

  • Quality, accuracy, or suitability of AI-generated images
  • Compliance with intellectual property rights (you are responsible for ensuring your designs do't infringe copyrights/trademarks)
  • Appropriateness for your specific use case

Always review AI-generated content before using it commercially.

12. Children's Privacy

Printora is not intended for children under 16 years old. We do not knowingly collect personal data from children under 16.

If you are under 16, please do not:

  • Create an account
  • Make purchases
  • Upload images or personal information

If you are a parent/guardian and believe your child has provided us with personal data, please contact us at privacy@printora.ai. We will delete such data promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

13.1 How We Notify You

  • Material changes: We'll email you at least 30 days before the changes take effect
  • Minor changes: We'll update the "Last Updated" date at the top and may show an in-app notification
  • Version history: We'll maintain a changelog showing what changed and when

13.2 Your Options

If you do't agree with the changes:

  • For material changes requiring new consent: You can decline (we'll stop processing under the new terms)
  • For other changes: You can close your account before the effective date
  • Continuing to use Printora after the effective date means you accept the updated policy

14. How to File a Complaint

We're committed to resolving privacy concerns fairly and promptly. If you believe we've mishandled your personal data:

14.1 Contact Us First

Please contact us at privacy@printora.ai so we can try to resolve the issue.

14.2 Supervisory Authority (GDPR Right)

If you're not satisfied with our response, you have the right to lodge a complaint with a data protection supervisory authority:

German Data Protection Authority (Our Lead Authority)

Die Bundesbeauftragte fΓΌr den Datenschutz und die Informationsfreiheit (BfDI)
Graurheindorfer Str. 153
53117 Bonn, Germany

Phone: +49 (0)228-997799-0
Email: poststelle@bfdi.bund.de
Website: www.bfdi.bund.de

You can also contact the supervisory authority in your country of residence, place of work, or where you believe the violation occurred. Find your local authority at: EDPB Member List

15. Version History

Version 1.0 - November 17, 2025

Initial Release

  • Comprehensive privacy policy meeting GDPR standards
  • Full disclosure of third-party processors with safeguards
  • Clear explanation of AI processing and automated decision-making
  • Detailed data retention schedule including German tax law requirements
  • Plain language summary for accessibility

Questions About This Privacy Policy?

Contact us at privacy@printora.ai

This privacy policy is written in plain language to be accessible to all users. We're always happy to clarify anything that's unclear.