Privacy Policy
Last Updated: June 14, 2026
1. Who We Are and What This Policy Covers
About Printsyde
Printsyde operates the online store at printsyde.com, where customers purchase custom physical print-on-demand products. When you place an order, you purchase directly from Printsyde — Printsyde is the merchant of record for every transaction.
Legal Entities (Data Controllers)
- Printsyde Pte. Ltd. (Singapore) — primary company and data controller Registered Office: 7500A Beach Road, #04-326, The Plaza, Singapore 199591
- Printsyde LLC (Wyoming, USA) — US operations Registered Office: 2232 Dell Range Blvd, Cheyenne, WY 82009, United States
What This Policy Covers
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data.
This policy applies to:
- Our website (printsyde.com)
- Customer accounts
- Email communications from us
This policy does NOT cover:
- Payment processor websites (PayPal has its own privacy policy)
- Third-party websites we link to
- Social media platforms where we maintain pages
Who This Policy Is For
- Visitors — people browsing printsyde.com without an account
- Customers — people purchasing physical products
Markets and Privacy Laws
We serve customers in the United States, Canada, and the United Kingdom, and we follow the privacy laws that apply to them:
- United Kingdom — UK GDPR and the Data Protection Act 2018
- United States (California) — California Consumer Privacy Act, as amended by the CPRA (CCPA/CPRA)
- Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)
In addition, because Printsyde Pte. Ltd. is established in Singapore and our primary database is hosted there, our processing of personal data is also subject to the Singapore Personal Data Protection Act 2012 (PDPA).
2. Information We Collect
When You Browse Our Website (No Account Required)
We automatically collect:
- IP address, browser type, device type, operating system
- Pages you view, time spent on site, the website that referred you
- Country or region (not precise location)
When You Create a Customer Account
You provide:
- Email address
- Password (stored encrypted, never in plain text)
- Your name
We generate:
- A unique customer ID
- Account creation date
- Account status (active, suspended, closed)
When You Place an Order
You provide:
- Full shipping address (name, street, city, state/province, postal code, country)
- Phone number (for delivery notifications)
- Product selections (items, quantities, any customizations)
We generate:
- Order number, date and time
- Order total and currency
- Order status (processing, shipped, delivered)
We receive from our payment processor:
- Payment confirmation (approved or declined)
- Transaction ID
- Payment method type only (e.g., "Visa ending in 1234" — we never see full card numbers)
We receive from fulfilment partners:
- Tracking number and carrier name
- Manufacturing status updates
- Delivery confirmation
When You Sign In With Google (Optional)
If you choose "Sign in with Google," we receive your email address and basic profile information (name, profile picture) from Google to create or access your account.
When You Contact Customer Service
You provide:
- Details of your inquiry or issue
- Order number (if asking about a specific order)
- Photos or videos (if reporting a defect or return)
- Any other information you choose to share
We generate:
- A support ticket number, status, and resolution notes
- A history of our correspondence
Information We Receive From Third Parties
- Payment processor (PayPal): payment confirmations, transaction IDs, settlement status, chargeback and refund notifications
- Fulfilment partners (e.g., Merchize, ShineOn, Printify, and others): manufacturing status, quality-control reports, tracking numbers, delivery confirmations, return or damage reports
- Shipping carriers (USPS, FedEx, UPS, DHL, and regional carriers): package tracking events, delivery confirmations, delivery exceptions
- Analytics and security services: Google Analytics (website traffic, anonymised), Meta (Facebook) Pixel (advertising performance), Cloudflare (security threats blocked, performance metrics)
Sensitive Information
We do not collect sensitive personal information such as government ID numbers, precise geolocation, health information, or full payment card numbers.
3. How We Use Your Information
Legal Basis for Processing (UK Users)
We process your personal information on the following bases:
- Contract performance — to fulfil your orders and provide the services you requested
- Legal obligations — to comply with tax laws, respond to legal requests, and enforce our Terms of Service
- Legitimate interests — fraud prevention, customer service, business analytics, and marketing to existing customers (with opt-out)
- Consent — for marketing to non-customers, non-essential cookies, and promotional messages (you can withdraw consent anytime)
Specific Uses
To fulfil orders:
- Assign your order to the appropriate manufacturing facility (US, Vietnam, or China, based on the product and efficiency)
- Send your shipping address to the relevant fulfilment partner for production
- Generate and provide tracking information
- Coordinate delivery and handle failed delivery attempts
- Process returns, exchanges, and refunds
To process payments:
- Send order details to PayPal for payment authorisation
- Receive payment confirmations
- Process refunds
- Defend against chargebacks with transaction evidence
To provide customer service:
- Respond to inquiries by email and phone
- Investigate order issues and quality problems
- Process refund and return requests
- Track support tickets through to resolution
For security and fraud prevention:
- Detect suspicious patterns (multiple accounts from one device, unusual transaction velocity)
- Prevent payment fraud, fake orders, and chargebacks
- Block bot activity and automated scraping
- Enforce account security (password resets, login alerts)
For legal compliance:
- Calculate and collect sales tax, VAT, and GST as required by law
- Respond to subpoenas, court orders, and government requests
- Enforce Terms of Service
For business analytics and improvement:
- Analyse sales trends and product performance (aggregate data only)
- Optimise the website experience (A/B testing, page-load speeds)
- Measure marketing-campaign effectiveness
For marketing and communications:
- Transactional emails (cannot opt out): order confirmations, shipping and delivery updates, account security alerts
- Marketing emails (opt out anytime): promotional offers, new product announcements, platform news, re-engagement campaigns
4. Who We Share Your Information With
Service Providers We Use
Service provider | Purpose | What we share |
|---|---|---|
PayPal | Process customer payments | Order details, customer name and email, transaction amounts |
Google (Sign-in / Certificate API) | Enable "Sign in with Google" | Email address and basic profile (if you link your Google account) |
Smarty | Verify and standardise shipping addresses | Shipping addresses entered at checkout |
Fulfilment / manufacturing partners (Merchize and others in Vietnam; ShineOn and others in the US; manufacturing facilities in China) | Produce custom print-on-demand products | Shipping addresses, order details, print files |
Shipping carriers (USPS, FedEx, UPS, DHL, regional carriers) | Deliver packages | Shipping addresses, phone numbers, tracking numbers |
Cloudflare (CDN, R2 storage, security) | Host website content and catalogue images, ensure fast and secure loading | Website content, catalogue images, traffic and security logs |
Postmark | Send transactional and marketing emails | Email addresses, names, order information, email content |
A third-party telephony/SMS provider | Deliver order/delivery notifications and operate our support line | Phone numbers, message content |
Google Analytics, Google Ads, Meta (Facebook) Pixel, Cloudflare Analytics | Understand website traffic, measure advertising, and retarget visitors | Anonymised browsing behaviour, page views, conversion events |
We do not sell your personal information for money.
We do "share" certain identifiers and online activity with advertising partners (Google Ads, Meta Pixel) for cross-context behavioural advertising — which California law treats like a sale. You can opt out at any time: see Section 6 (California) and Section 8 (Cookies).
Legal and Compliance Sharing
- Law enforcement and government authorities — when legally required by a valid subpoena, court order, or search warrant, by proper legal process, or in emergencies involving imminent harm to life.
- Tax authorities — sales tax, VAT, and GST reporting (aggregate where possible); specific transaction data only if legally compelled.
- Business transactions — if Printsyde is acquired, merged, or sells assets, information may be disclosed to a potential buyer under confidentiality, or transferred to a successor company. We will notify you of any ownership change, and you may close your account if you object.
5. Data Security and Retention
How We Protect Your Information
We implement reasonable security measures appropriate to the sensitivity of the data we handle:
- HTTPS encryption for all website traffic
- Firewall and DDoS protection (via Cloudflare)
- Limited staff access — only personnel who need data to do their job can access it
- Multi-factor authentication for staff accounts
- Regular security updates and patches
- Automated alerts for suspicious activity
Important limitations: No system is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your password confidential. Report suspected security issues to legal@printsyde.com.
How Long We Keep Your Information
Data | Retention period |
|---|---|
Active customer accounts | While your account remains open |
Order records | 7 years (tax and accounting requirements) |
Payment records | 7 years (financial regulations) |
Refund records | 7 years (accounting requirements) |
Chargeback records | 3 years after final resolution |
Support tickets | 3 years after resolution |
Deleted accounts | 30-day grace period, then permanent deletion (order records retained 7 years for tax compliance) |
Server logs | 90 days (rolling deletion) |
Security logs | 12 months |
Analytics data | 24 months for individual-level data; indefinitely for aggregate trends (no personal identifiers) |
Marketing email lists | Until you unsubscribe, plus 30 days |
Unsubscribe records | Indefinitely (to honour your opt-out) |
If a Data Breach Occurs
We will investigate immediately, secure our systems, and notify as legally required:
- UK users: notify the ICO within 72 hours where the breach poses a high risk to your rights and freedoms
- California users: notify without unreasonable delay
- Canada users: notify the Office of the Privacy Commissioner of Canada and affected individuals where there is a real risk of significant harm, and keep records of breaches
- Singapore PDPC: notify where the breach is a notifiable data breach under the PDPA
- All affected users: direct notification (email and account dashboard) where the risk is high
We will explain what happened, what data was affected, what we are doing about it, and steps you can take to protect yourself.
6. Your Privacy Rights
Your rights depend on where you live.
United Kingdom (UK GDPR)
- Access — get a copy of your data (within 1 month)
- Correct — fix inaccurate information (within 1 month)
- Delete — erase your data (within 1 month, with legal exceptions such as tax records)
- Restrict — pause how we use your data while a dispute is resolved
- Portability — receive your data in a machine-readable format (CSV/JSON)
- Object — stop processing based on legitimate interests (we must stop unless we have overriding grounds); you can always opt out of marketing, and we will stop immediately
- Withdraw consent — stop future consent-based processing anytime
We do not make automated decisions that significantly affect you; fraud alerts are advisory only, and humans make all final decisions.
Not satisfied? You can complain to the UK Information Commissioner's Office (ico.org.uk).
California (CCPA/CPRA)
- Know — what personal information we collect, where it comes from, why we use it, and who we share it with (within 45 days)
- Delete — remove your personal information (within 45 days, with legal exceptions)
- Correct — fix inaccurate information (within 45 days)
- Opt out of sale/sharing — we do not sell your data for money, but we do "share" data for cross-context behavioural advertising. Opt out via our "Do Not Sell or Share My Personal Information" page: https://printsyde.com/pages/do-not-sell-or-share-my-personal-information
- Global Privacy Control (GPC) — we honour the GPC browser signal as a valid request to opt out of sale/sharing for California residents
- Limit sensitive data use — we do not collect sensitive personal information, so no action is needed
Non-discrimination: we will not deny service, charge more, or provide worse service if you exercise your rights.
Authorised agents: you can designate someone to make a request for you (written authorisation required).
Canada (PIPEDA)
- Access — request a copy of your personal information
- Correct — request correction of inaccurate or incomplete information
- Withdraw consent — withdraw consent to processing, subject to legal or contractual restrictions
- Complain — you can complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca)
How to Make a Request
Email (fastest): legal@printsyde.com
Mail:
- Singapore: Printsyde Pte. Ltd., 7500A Beach Road, #04-326, The Plaza, Singapore 199591
- United States: Printsyde LLC, 2232 Dell Range Blvd, Cheyenne, WY 82009
Include: your name and account email, what you want (access, delete, correct, etc.), and your preferred response format. We may need to verify your identity before acting on a request.
Response time: within 1 month (UK), 45 days (California), or a reasonable period (Canada). Complex requests may take longer — we will tell you if we need extra time.
7. International Data Transfers
Where Your Data Goes
Your data is stored and processed in, or accessed from:
- Singapore — primary database servers (Printsyde Pte. Ltd.)
- United States — US operations and certain cloud services
- Vietnam — accessed by our operations staff to handle orders and customer service
Our service providers and partners are located in:
- United States — PayPal, Postmark, Smarty, Google, Cloudflare
- Worldwide — Cloudflare data centres (CDN and storage)
- Fulfilment partners — Vietnam, the United States, and China. Manufacturers in China receive shipping addresses only, strictly for order fulfilment, under contractual data-protection obligations.
Safeguards for UK Data
If you are in the UK, your data may be transferred to countries that the UK has not deemed to provide an adequate level of protection. We protect these transfers using:
- The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
- The UK–US Data Bridge (UK Extension to the EU–US Data Privacy Framework) for certified US recipients, where applicable
- Encryption of data in transit and at rest, access controls, and audit trails
You can request a copy of the relevant transfer mechanism by emailing legal@printsyde.com. You may also object to certain transfers, although this may affect our ability to provide services to you.
8. Cookies and Tracking
What Cookies Are
Cookies are small text files stored on your device when you visit our website. They help the site function and improve your experience.
Types of Cookies
Essential cookies (always active — cannot opt out) Necessary for the website to work: shopping cart, login sessions, security tokens, server routing, and your cookie-consent preferences. These do not track you across other websites. Without them, checkout, login, and account access will not work.
Analytics and marketing cookies (optional)
- Analytics: Google Analytics, Cloudflare Analytics — traffic sources, popular pages, performance
- Marketing/advertising: Meta (Facebook) Pixel, Google Ads — conversion tracking, audience building, retargeting
These may remain on your device for up to 13–24 months. Marketing cookies may be used by advertising networks to show you targeted ads across the internet.
We also use small pixels in marketing emails to measure opens and clicks.
Managing Your Cookie Preferences
- UK users: we ask for your consent before setting analytics and marketing cookies. You can choose Accept All or Reject Optional Cookies, and change your choice anytime via the "Cookie Settings" link in the footer.
- US and Canada users: analytics and marketing cookies are on by default, but you can opt out anytime via "Cookie Settings," your browser settings, or the industry opt-out tools below.
California — Do Not Sell or Share: use our page at https://printsyde.com/pages/do-not-sell-or-share-my-personal-information, or send a Global Privacy Control (GPC) signal, which we honour as an opt-out of sale/sharing.
Industry opt-out tools:
- Digital Advertising Alliance: optout.aboutads.info
- Network Advertising Initiative: optout.networkadvertising.org
Browser controls: you can block or delete cookies through your browser settings (Chrome, Firefox, Safari, Edge). Blocking all cookies will disable essential features such as cart and login.
Do Not Track and Global Privacy Control
- Do Not Track (DNT): we do not respond to DNT signals, because there is no universal standard for how websites should handle them.
- Global Privacy Control (GPC): we do honour GPC as a valid opt-out of sale/sharing for California residents.
9. Children's Privacy
Our minimum age is 18. Our Terms of Service prohibit anyone under 18 from using Printsyde. We do not knowingly collect personal information from anyone under 18, and account registration requires you to confirm you are 18 or older. If we discover a user is under 18, we will terminate the account and delete the associated data.
If you are a parent or guardian and believe your child created an account, contact us at legal@printsyde.com.
10. Policy Updates
We may update this Privacy Policy to reflect changes in our practices, comply with new legal requirements, or improve clarity.
- Material changes: email notification to active account holders, a notice period before the changes take effect, and a prominent banner on our website.
- Non-material changes: the "Last Updated" date will change, and the change is effective on posting.
Continued use of Printsyde after the effective date means you accept the updated policy. Previous versions are available on request at legal@printsyde.com.
11. Contact Us
Privacy questions and requests (fastest): legal@printsyde.com
General customer support: customerservice@printsyde.com
Mail:
- Singapore: Printsyde Pte. Ltd., 7500A Beach Road, #04-326, The Plaza, Singapore 199591
- United States: Printsyde LLC, 2232 Dell Range Blvd, Cheyenne, WY 82009
END OF PRIVACY POLICY


