P
Photopress

Privacy Policy

Last updated: March 26, 2024

1. Introduction

Photopress ("we", "our", or "us") operates a photobook building platform designed for Shopify merchants. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of personal information when you use our platform, whether as a merchant ("Vendor") or as a customer of a merchant using our services.

2. Information We Collect

2.1 From Shopify Merchants (Vendors)

When you install Photopress on your Shopify store, we collect:

  • Account Information: Your name, email address, company name, and encrypted credentials.
  • Store Data: Your Shopify domain, shop email, and access tokens required to sync products and orders.

2.2 From Customers

When a customer places an order containing a Photopress product, we receive from Shopify:

  • Order Details: Shopify order ID, order number, and specific line item properties.
  • Contact Information: Customer email only.
  • User-Generated Content: Images, text, and layout configurations uploaded or created in the Photopress editor.

3. Data Retention and Deletion

We prioritize data minimization through automated maintenance routines:

Cleanup Cycles

  • Drafts: Designs not updated for 30+ days are purged daily.
  • Unused Assets: Orphaned images are deleted after 24 hours.
  • PDF Jobs: Processing records are cleared 30 days after completion.

Permanent Storage

We do not maintain permanent copies of generated PDFs on our servers. We store only the design metadata required to recreate your documents upon authorized request.

4. Security and Deduplication

  • Image Hashing: We use secure cryptographic hashing to represent unique images and designs. This allows us to store only a single copy of identical assets, significantly reducing our data footprint.
  • Encrypted Transmission: All data is transmitted over secure TLS connections. Shopify access tokens are stored with industry-standard encryption protocols.
  • Authenticated Access: Assets are stored in private cloud buckets. Public access is strictly controlled via temporary, short-lived presigned URLs.

5. GDPR and Data Rights

We fully support Shopify's GDPR mandatory webhooks:

  • Data Requests: We provide full transparency into customer data held upon merchant request.
  • Right to be Forgotten: Upon receiving a redaction request, we anonymize customer emails and shipping data across all associated order records.
  • Store Redaction: When an app is uninstalled and the 48-hour grace period passes, we permanently delete all orders, products, and configuration data associated with that store domain.

6. Sub-processors

We share data only with the following essential service providers:

  • Shopify: For order, product, and customer management.
  • Cloudflare: For secure asset storage and content delivery.

7. Contact Information

For any privacy-related inquiries, data requests, or to exercise your rights, please reach out to our privacy officer at:
[email protected]