Privacy Policy

This Privacy Policy explains how Imprintsy ("we", "us", "our") collects, uses, and protects your personal information when you use our website at imprintsy.com and related services. We are based in Brisbane, Queensland, Australia, and we comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. What we collect

Information you provide

• Order details: name, email address, shipping address, and (optionally) phone number when you place an order.
• Design files: images, photos, or artwork you upload to apply to a product.
• Reviews: name, email, and the content of any product review you submit.
• Contact form messages: if you reach out to us directly.

Information we collect automatically

• Usage data: pages viewed, products clicked, time on site, referrer (e.g. whether you came from Instagram, TikTok, Google).
• Device data: browser, operating system, approximate location (country/state level via IP), and an anonymous session identifier.
• Marketing pixels: if Meta Pixel or TikTok Pixel are enabled, these tools record on-site events (page views, add-to-cart, purchase) to measure ad performance and build retargeting audiences.

What we do not store

We never store full payment card details. All payments are processed by Stripe — only a Stripe transaction ID is held by us.

2. How we use your information

• To process and fulfil your orders (including sharing your shipping address with our print partner).
• To send order confirmations, shipping notifications, and respond to support enquiries.
• To screen uploaded design files for compliance with our content policy using automated AI systems (see section 3).
• To improve our website, products, and customer experience.
• To measure marketing performance and (where lawful) show you relevant ads on Meta and TikTok platforms.
• To detect and prevent fraud or abuse.
• To comply with our legal obligations (e.g. tax, accounting, consumer law).

3. Who we share your information with

We share information only with trusted service providers who help us run the store. These include:

• Stripe (payment processing) — your name, email, billing/shipping address, and order amount.
• Printful (print and fulfilment partner) — your shipping address, name, and uploaded design files. Printful operates printing facilities in the United States and Europe.
• Anthropic / Claude Vision API (content screening) — your uploaded design images for analysis to check compliance with our content policy. Only the image is analysed; personal information is not included. Anthropic is based in San Francisco and processes data according to their privacy practices.
• Resend or SMTP email provider — your email address and order details, used to deliver transactional and notification emails.
• Meta Platforms (Facebook/Instagram) and TikTok — anonymous event data (no name, address, or design files) for ad measurement and retargeting, only if marketing pixels are enabled.
• Australian authorities — if required by law or court order.

We do not sell your personal information.

4. International transfers

Some of our service providers (notably Printful, Stripe, Meta, and TikTok) operate outside Australia, including in the United States and the European Union. By using our services you consent to your information being processed in those jurisdictions, where data protection standards may differ from Australia's. We take reasonable steps to ensure these providers handle your data with appropriate safeguards.

5. Cookies and tracking

We use cookies and similar storage to keep your shopping cart, remember your preferences, and (where enabled) operate marketing pixels. You can clear cookies at any time through your browser settings, although doing so may affect site functionality (for example, your cart will reset).

If you don't want to be tracked by Meta or TikTok pixels, you can use ad blockers or opt out of personalised advertising in your Meta and TikTok account settings.

6. Data retention

We retain order records for at least 7 years as required by Australian tax and consumer law. Customer accounts and design files are kept while your account is active; you can request deletion at any time (see your rights below).

6a. Design content screening

When you upload a design file, we automatically analyse it using Claude Vision API (Anthropic) to check compliance with our content policy. This screening process:

• Sends your image to Anthropic's servers for AI analysis; we do not send your name, email, or order details.
• Generates automated risk assessments that may flag designs for human review.
• Results are retained in our database to support your order and any refund process.
• If your order is rejected, we retain the screening record for dispute resolution and legal compliance purposes.

You can opt out of screening by contacting us before uploading your design, though this may result in order rejection and will void the guarantee against policy-breach claims. Screening is performed in accordance with Anthropic's privacy practices and data protection agreements.

7. Complaints and your rights

Under the Privacy Act and (where applicable) other privacy laws, you have the right to:

• Request access to the personal information we hold about you.
• Ask us to correct any inaccurate or out-of-date information.
• Request that we delete your information (subject to our legal retention obligations).
• Withdraw consent for marketing emails or ad personalisation.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) if you believe we've mishandled your data.

To exercise any of these rights or lodge a privacy complaint:

• First step: Email us at hello@imprintsy.com with your request. We'll respond within 10 business days.
• Not satisfied with our response? You can lodge a formal complaint with the Office of the Australian Information Commissioner (OAIC). They investigate breaches of the Privacy Act at no cost to you. Visit www.oaic.gov.au/individuals/how-to-make-a-complaint/ for details.

8. Children's privacy

Imprintsy is not intended for children under 16. We do not knowingly collect information from anyone under that age. If you believe a child has provided us with information, please contact us so we can delete it.

9. Security

We use HTTPS encryption across the entire site, store passwords using strong hashing (bcrypt), and limit access to customer data to authorised staff. No system is perfectly secure, but we work to protect your information against unauthorised access, alteration, or disclosure.

10. Changes to this policy

We may update this policy from time to time. The "last updated" date at the top will reflect any changes. For material changes we'll notify customers by email or a prominent notice on the site.

11. Contact