Logo

Privacy Policy

Last Updated: June 14, 2026

1. Who We Are and What This Policy Covers

About Printsyde

Printsyde operates the online store at printsyde.com, where customers purchase custom physical print-on-demand products. When you place an order, you purchase directly from Printsyde — Printsyde is the merchant of record for every transaction.

Legal Entities (Data Controllers)

  1. Printsyde Pte. Ltd. (Singapore) — primary company and data controller Registered Office: 7500A Beach Road, #04-326, The Plaza, Singapore 199591
  2. Printsyde LLC (Wyoming, USA) — US operations Registered Office: 2232 Dell Range Blvd, Cheyenne, WY 82009, United States

What This Policy Covers

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights regarding your data.

This policy applies to:

  1. Our website (printsyde.com)
  2. Customer accounts
  3. Email communications from us

This policy does NOT cover:

  1. Payment processor websites (PayPal has its own privacy policy)
  2. Third-party websites we link to
  3. Social media platforms where we maintain pages

Who This Policy Is For

  1. Visitors — people browsing printsyde.com without an account
  2. Customers — people purchasing physical products

Markets and Privacy Laws

We serve customers in the United States, Canada, and the United Kingdom, and we follow the privacy laws that apply to them:

  1. United Kingdom — UK GDPR and the Data Protection Act 2018
  2. United States (California) — California Consumer Privacy Act, as amended by the CPRA (CCPA/CPRA)
  3. Canada — Personal Information Protection and Electronic Documents Act (PIPEDA)

In addition, because Printsyde Pte. Ltd. is established in Singapore and our primary database is hosted there, our processing of personal data is also subject to the Singapore Personal Data Protection Act 2012 (PDPA).

2. Information We Collect

When You Browse Our Website (No Account Required)

We automatically collect:

  1. IP address, browser type, device type, operating system
  2. Pages you view, time spent on site, the website that referred you
  3. Country or region (not precise location)

When You Create a Customer Account

You provide:

  1. Email address
  2. Password (stored encrypted, never in plain text)
  3. Your name

We generate:

  1. A unique customer ID
  2. Account creation date
  3. Account status (active, suspended, closed)

When You Place an Order

You provide:

  1. Full shipping address (name, street, city, state/province, postal code, country)
  2. Phone number (for delivery notifications)
  3. Product selections (items, quantities, any customizations)

We generate:

  1. Order number, date and time
  2. Order total and currency
  3. Order status (processing, shipped, delivered)

We receive from our payment processor:

  1. Payment confirmation (approved or declined)
  2. Transaction ID
  3. Payment method type only (e.g., "Visa ending in 1234" — we never see full card numbers)

We receive from fulfilment partners:

  1. Tracking number and carrier name
  2. Manufacturing status updates
  3. Delivery confirmation

When You Sign In With Google (Optional)

If you choose "Sign in with Google," we receive your email address and basic profile information (name, profile picture) from Google to create or access your account.

When You Contact Customer Service

You provide:

  1. Details of your inquiry or issue
  2. Order number (if asking about a specific order)
  3. Photos or videos (if reporting a defect or return)
  4. Any other information you choose to share

We generate:

  1. A support ticket number, status, and resolution notes
  2. A history of our correspondence

Information We Receive From Third Parties

  1. Payment processor (PayPal): payment confirmations, transaction IDs, settlement status, chargeback and refund notifications
  2. Fulfilment partners (e.g., Merchize, ShineOn, Printify, and others): manufacturing status, quality-control reports, tracking numbers, delivery confirmations, return or damage reports
  3. Shipping carriers (USPS, FedEx, UPS, DHL, and regional carriers): package tracking events, delivery confirmations, delivery exceptions
  4. Analytics and security services: Google Analytics (website traffic, anonymised), Meta (Facebook) Pixel (advertising performance), Cloudflare (security threats blocked, performance metrics)

Sensitive Information

We do not collect sensitive personal information such as government ID numbers, precise geolocation, health information, or full payment card numbers.

3. How We Use Your Information

Legal Basis for Processing (UK Users)

We process your personal information on the following bases:

  1. Contract performance — to fulfil your orders and provide the services you requested
  2. Legal obligations — to comply with tax laws, respond to legal requests, and enforce our Terms of Service
  3. Legitimate interests — fraud prevention, customer service, business analytics, and marketing to existing customers (with opt-out)
  4. Consent — for marketing to non-customers, non-essential cookies, and promotional messages (you can withdraw consent anytime)

Specific Uses

To fulfil orders:

  1. Assign your order to the appropriate manufacturing facility (US, Vietnam, or China, based on the product and efficiency)
  2. Send your shipping address to the relevant fulfilment partner for production
  3. Generate and provide tracking information
  4. Coordinate delivery and handle failed delivery attempts
  5. Process returns, exchanges, and refunds

To process payments:

  1. Send order details to PayPal for payment authorisation
  2. Receive payment confirmations
  3. Process refunds
  4. Defend against chargebacks with transaction evidence

To provide customer service:

  1. Respond to inquiries by email and phone
  2. Investigate order issues and quality problems
  3. Process refund and return requests
  4. Track support tickets through to resolution

For security and fraud prevention:

  1. Detect suspicious patterns (multiple accounts from one device, unusual transaction velocity)
  2. Prevent payment fraud, fake orders, and chargebacks
  3. Block bot activity and automated scraping
  4. Enforce account security (password resets, login alerts)

For legal compliance:

  1. Calculate and collect sales tax, VAT, and GST as required by law
  2. Respond to subpoenas, court orders, and government requests
  3. Enforce Terms of Service

For business analytics and improvement:

  1. Analyse sales trends and product performance (aggregate data only)
  2. Optimise the website experience (A/B testing, page-load speeds)
  3. Measure marketing-campaign effectiveness

For marketing and communications:

  1. Transactional emails (cannot opt out): order confirmations, shipping and delivery updates, account security alerts
  2. Marketing emails (opt out anytime): promotional offers, new product announcements, platform news, re-engagement campaigns

4. Who We Share Your Information With

Service Providers We Use


Service provider

Purpose

What we share

PayPal

Process customer payments

Order details, customer name and email, transaction amounts

Google (Sign-in / Certificate API)

Enable "Sign in with Google"

Email address and basic profile (if you link your Google account)

Smarty

Verify and standardise shipping addresses

Shipping addresses entered at checkout

Fulfilment / manufacturing partners (Merchize and others in Vietnam; ShineOn and others in the US; manufacturing facilities in China)

Produce custom print-on-demand products

Shipping addresses, order details, print files

Shipping carriers (USPS, FedEx, UPS, DHL, regional carriers)

Deliver packages

Shipping addresses, phone numbers, tracking numbers

Cloudflare (CDN, R2 storage, security)

Host website content and catalogue images, ensure fast and secure loading

Website content, catalogue images, traffic and security logs

Postmark

Send transactional and marketing emails

Email addresses, names, order information, email content

A third-party telephony/SMS provider

Deliver order/delivery notifications and operate our support line

Phone numbers, message content

Google Analytics, Google Ads, Meta (Facebook) Pixel, Cloudflare Analytics

Understand website traffic, measure advertising, and retarget visitors

Anonymised browsing behaviour, page views, conversion events

We do not sell your personal information for money.

We do "share" certain identifiers and online activity with advertising partners (Google Ads, Meta Pixel) for cross-context behavioural advertising — which California law treats like a sale. You can opt out at any time: see Section 6 (California) and Section 8 (Cookies).

Legal and Compliance Sharing

  1. Law enforcement and government authorities — when legally required by a valid subpoena, court order, or search warrant, by proper legal process, or in emergencies involving imminent harm to life.
  2. Tax authorities — sales tax, VAT, and GST reporting (aggregate where possible); specific transaction data only if legally compelled.
  3. Business transactions — if Printsyde is acquired, merged, or sells assets, information may be disclosed to a potential buyer under confidentiality, or transferred to a successor company. We will notify you of any ownership change, and you may close your account if you object.

5. Data Security and Retention

How We Protect Your Information

We implement reasonable security measures appropriate to the sensitivity of the data we handle:

  1. HTTPS encryption for all website traffic
  2. Firewall and DDoS protection (via Cloudflare)
  3. Limited staff access — only personnel who need data to do their job can access it
  4. Multi-factor authentication for staff accounts
  5. Regular security updates and patches
  6. Automated alerts for suspicious activity

Important limitations: No system is 100% secure, and we cannot guarantee absolute security. You are responsible for keeping your password confidential. Report suspected security issues to legal@printsyde.com.

How Long We Keep Your Information


Data

Retention period

Active customer accounts

While your account remains open

Order records

7 years (tax and accounting requirements)

Payment records

7 years (financial regulations)

Refund records

7 years (accounting requirements)

Chargeback records

3 years after final resolution

Support tickets

3 years after resolution

Deleted accounts

30-day grace period, then permanent deletion (order records retained 7 years for tax compliance)

Server logs

90 days (rolling deletion)

Security logs

12 months

Analytics data

24 months for individual-level data; indefinitely for aggregate trends (no personal identifiers)

Marketing email lists

Until you unsubscribe, plus 30 days

Unsubscribe records

Indefinitely (to honour your opt-out)

If a Data Breach Occurs

We will investigate immediately, secure our systems, and notify as legally required:

  1. UK users: notify the ICO within 72 hours where the breach poses a high risk to your rights and freedoms
  2. California users: notify without unreasonable delay
  3. Canada users: notify the Office of the Privacy Commissioner of Canada and affected individuals where there is a real risk of significant harm, and keep records of breaches
  4. Singapore PDPC: notify where the breach is a notifiable data breach under the PDPA
  5. All affected users: direct notification (email and account dashboard) where the risk is high

We will explain what happened, what data was affected, what we are doing about it, and steps you can take to protect yourself.

6. Your Privacy Rights

Your rights depend on where you live.

United Kingdom (UK GDPR)

  1. Access — get a copy of your data (within 1 month)
  2. Correct — fix inaccurate information (within 1 month)
  3. Delete — erase your data (within 1 month, with legal exceptions such as tax records)
  4. Restrict — pause how we use your data while a dispute is resolved
  5. Portability — receive your data in a machine-readable format (CSV/JSON)
  6. Object — stop processing based on legitimate interests (we must stop unless we have overriding grounds); you can always opt out of marketing, and we will stop immediately
  7. Withdraw consent — stop future consent-based processing anytime

We do not make automated decisions that significantly affect you; fraud alerts are advisory only, and humans make all final decisions.

Not satisfied? You can complain to the UK Information Commissioner's Office (ico.org.uk).

California (CCPA/CPRA)

  1. Know — what personal information we collect, where it comes from, why we use it, and who we share it with (within 45 days)
  2. Delete — remove your personal information (within 45 days, with legal exceptions)
  3. Correct — fix inaccurate information (within 45 days)
  4. Opt out of sale/sharing — we do not sell your data for money, but we do "share" data for cross-context behavioural advertising. Opt out via our "Do Not Sell or Share My Personal Information" page: https://printsyde.com/pages/do-not-sell-or-share-my-personal-information
  5. Global Privacy Control (GPC) — we honour the GPC browser signal as a valid request to opt out of sale/sharing for California residents
  6. Limit sensitive data use — we do not collect sensitive personal information, so no action is needed

Non-discrimination: we will not deny service, charge more, or provide worse service if you exercise your rights.

Authorised agents: you can designate someone to make a request for you (written authorisation required).

Canada (PIPEDA)

  1. Access — request a copy of your personal information
  2. Correct — request correction of inaccurate or incomplete information
  3. Withdraw consent — withdraw consent to processing, subject to legal or contractual restrictions
  4. Complain — you can complain to the Office of the Privacy Commissioner of Canada (priv.gc.ca)

How to Make a Request

Email (fastest): legal@printsyde.com

Mail:

  1. Singapore: Printsyde Pte. Ltd., 7500A Beach Road, #04-326, The Plaza, Singapore 199591
  2. United States: Printsyde LLC, 2232 Dell Range Blvd, Cheyenne, WY 82009

Include: your name and account email, what you want (access, delete, correct, etc.), and your preferred response format. We may need to verify your identity before acting on a request.

Response time: within 1 month (UK), 45 days (California), or a reasonable period (Canada). Complex requests may take longer — we will tell you if we need extra time.

7. International Data Transfers

Where Your Data Goes

Your data is stored and processed in, or accessed from:

  1. Singapore — primary database servers (Printsyde Pte. Ltd.)
  2. United States — US operations and certain cloud services
  3. Vietnam — accessed by our operations staff to handle orders and customer service

Our service providers and partners are located in:

  1. United States — PayPal, Postmark, Smarty, Google, Cloudflare
  2. Worldwide — Cloudflare data centres (CDN and storage)
  3. Fulfilment partners — Vietnam, the United States, and China. Manufacturers in China receive shipping addresses only, strictly for order fulfilment, under contractual data-protection obligations.

Safeguards for UK Data

If you are in the UK, your data may be transferred to countries that the UK has not deemed to provide an adequate level of protection. We protect these transfers using:

  1. The UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses
  2. The UK–US Data Bridge (UK Extension to the EU–US Data Privacy Framework) for certified US recipients, where applicable
  3. Encryption of data in transit and at rest, access controls, and audit trails

You can request a copy of the relevant transfer mechanism by emailing legal@printsyde.com. You may also object to certain transfers, although this may affect our ability to provide services to you.

8. Cookies and Tracking

What Cookies Are

Cookies are small text files stored on your device when you visit our website. They help the site function and improve your experience.

Types of Cookies

Essential cookies (always active — cannot opt out) Necessary for the website to work: shopping cart, login sessions, security tokens, server routing, and your cookie-consent preferences. These do not track you across other websites. Without them, checkout, login, and account access will not work.

Analytics and marketing cookies (optional)

  1. Analytics: Google Analytics, Cloudflare Analytics — traffic sources, popular pages, performance
  2. Marketing/advertising: Meta (Facebook) Pixel, Google Ads — conversion tracking, audience building, retargeting

These may remain on your device for up to 13–24 months. Marketing cookies may be used by advertising networks to show you targeted ads across the internet.

We also use small pixels in marketing emails to measure opens and clicks.

Managing Your Cookie Preferences

  1. UK users: we ask for your consent before setting analytics and marketing cookies. You can choose Accept All or Reject Optional Cookies, and change your choice anytime via the "Cookie Settings" link in the footer.
  2. US and Canada users: analytics and marketing cookies are on by default, but you can opt out anytime via "Cookie Settings," your browser settings, or the industry opt-out tools below.

California — Do Not Sell or Share: use our page at https://printsyde.com/pages/do-not-sell-or-share-my-personal-information, or send a Global Privacy Control (GPC) signal, which we honour as an opt-out of sale/sharing.

Industry opt-out tools:

  1. Digital Advertising Alliance: optout.aboutads.info
  2. Network Advertising Initiative: optout.networkadvertising.org

Browser controls: you can block or delete cookies through your browser settings (Chrome, Firefox, Safari, Edge). Blocking all cookies will disable essential features such as cart and login.

Do Not Track and Global Privacy Control

  1. Do Not Track (DNT): we do not respond to DNT signals, because there is no universal standard for how websites should handle them.
  2. Global Privacy Control (GPC): we do honour GPC as a valid opt-out of sale/sharing for California residents.

9. Children's Privacy

Our minimum age is 18. Our Terms of Service prohibit anyone under 18 from using Printsyde. We do not knowingly collect personal information from anyone under 18, and account registration requires you to confirm you are 18 or older. If we discover a user is under 18, we will terminate the account and delete the associated data.

If you are a parent or guardian and believe your child created an account, contact us at legal@printsyde.com.

10. Policy Updates

We may update this Privacy Policy to reflect changes in our practices, comply with new legal requirements, or improve clarity.

  1. Material changes: email notification to active account holders, a notice period before the changes take effect, and a prominent banner on our website.
  2. Non-material changes: the "Last Updated" date will change, and the change is effective on posting.

Continued use of Printsyde after the effective date means you accept the updated policy. Previous versions are available on request at legal@printsyde.com.

11. Contact Us

Privacy questions and requests (fastest): legal@printsyde.com

General customer support: customerservice@printsyde.com

Mail:

  1. Singapore: Printsyde Pte. Ltd., 7500A Beach Road, #04-326, The Plaza, Singapore 199591
  2. United States: Printsyde LLC, 2232 Dell Range Blvd, Cheyenne, WY 82009

END OF PRIVACY POLICY

Subscribe to get
special offers and updates.

Subscribe