Privacy Policy
How GW Prints collects, uses, and protects your data and your customers' data.
1. Data We Collect
We collect the minimum data necessary to operate our print-on-demand fulfillment service:
| Data Category | Examples | Purpose |
|---|---|---|
| Account Information | Email, company name, store URL | Account management, authentication |
| Recipient Data | Name, shipping address, phone number | Order fulfillment, shipping labels |
| Order Data | SKU codes, quantities, design files | Production, quality control |
| API Usage Data | Request logs, IP addresses, timestamps | Security, rate limiting, debugging |
2. How We Use Your Data
- Order Fulfillment: Recipient data is used solely to produce, package, and ship orders to the specified delivery address.
- Service Operation: Account data is used for authentication, billing, and customer support.
- Security: API logs are monitored to detect abuse, prevent fraud, and maintain system integrity.
- Improvements: Aggregated, anonymized usage statistics help us improve API performance and reliability.
3. Data Sharing & Third Parties
We share data only when necessary for order fulfillment:
- Shipping Carriers: Recipient name and address are shared with logistics partners (e.g., DHL, FedEx, local carriers) to deliver orders.
- Payment Processors: Billing data is processed by PCI-compliant payment providers.
- No Data Selling: We never sell, rent, or trade your data or your customers' personal information to third parties for marketing purposes.
4. Data Retention
We retain data according to the following schedule:
- Order & recipient data: Retained for 90 days after delivery, then anonymized.
- Design files: Deleted within 30 days after production is complete.
- API access logs: Retained for 12 months for security auditing.
- Account information: Retained until you request account deletion.
5. Data Security
We implement industry-standard security measures to protect your data:
- All API communication is encrypted via TLS/HTTPS.
- API keys are hashed and stored securely — we cannot retrieve your key after initial generation.
- Database access is restricted by role-based permissions and encrypted at rest.
- Regular security audits and penetration testing are conducted.
6. Your Rights (GDPR & Global Privacy)
Regardless of your location, you have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your personal data (subject to legal retention requirements).
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing of your data for specific purposes.
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
7. Cookies & Tracking
Our website uses only essential cookies for session management and user preferences (e.g., language selection, dark/light theme). We do not use third-party tracking cookies or advertising trackers.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be notified via email at least 30 days before taking effect. The latest version is always available on this page.