Privacy Policy

Last Updated: January 2025

Introduction

Clayton Kappaz (“we,” “our,” or “us”) provides specialized prepress services for UV flatbed printing shops. This Privacy Policy explains how we collect, use, protect, and handle information when you use our services.

Our Core Principle: We collect only the minimum data necessary to process print orders. We never access your customer’s personal information (names, addresses, emails, payment data).

1. Information We Collect

1.1 Client Business Information

When you sign up for our service, we collect:

• Company name and contact person name
• Business email address
• Phone number (optional)
• Billing information (for payment processing)
• Estimated order volume

1.2 Order Processing Data

To process your print orders, we collect:

• Order identifiers: Order IDs, SKUs, quantities
• Personalization data: Texts, images, and instructions
• Artwork files: Design templates, illustration libraries, and product images you provide
• Technical specifications: Jig dimensions, printer settings, color profiles

1.3 What We Do NOT Collect

We deliberately do not collect or access:

• ❌ Your customers’ full names (beyond what’s needed for personalization)
• ❌ Email addresses of your customers
• ❌ Phone numbers of your customers
• ❌ Shipping or billing addresses
• ❌ Payment information or credit card details
• ❌ Any contact or identification data beyond what’s printed on products

1.4 Website Usage Data

When you visit our website, we may automatically collect:

• IP address and browser type
• Pages visited and time spent on site
• Referring website (if any)
• Device and operating system information

We use this data solely to improve our website and services.

2. How We Use Information

2.1 Service Delivery

We use collected information to:

• Process your print orders (match artwork, apply personalizations, create batches)
• Generate print-ready PDFs and Table Maps
• Create gift messages and inserts when requested
• Communicate with you about order status and delivery windows
• Provide technical support and answer questions

2.2 Service Improvement

We may use aggregated, non-identifiable data to:

• Improve our processes and workflows
• Develop new features or services
• Analyze service performance and quality

2.3 Legal Compliance

We may use or disclose information when required by law or to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Enforce our Terms of Service

3. How We Protect Information

3.1 Security Measures

We implement industry-standard security practices:

• Encryption: All file transfers use HTTPS/SSL encryption
• Access Control: Only authorized personnel access client data
• Secure Storage: Files stored on password-protected, encrypted systems
• Regular Backups: Data backed up securely to prevent loss

3.2 Data Retention

We follow strict data retention policies:

• Active orders: Retained during processing (typically 24-72 hours)
• Completed orders: Archived for 90 days after delivery, then permanently deleted
• Artwork libraries: Retained for active clients; deleted within 30 days after service termination (cancellation of contract)
• Business records: Kept as required by Brazilian tax and accounting law (typically 5 years)

3.3 No Long-Term Storage

Important: We do not maintain long-term databases of your orders or customer information. Files are processed, delivered, and deleted on a rolling basis.

4. Information Sharing

4.1 We Do NOT Sell or Share Your Data

We never sell, rent, or share your information with third parties for marketing purposes.

4.2 Service Providers

We use the following trusted third-party services:

• File storage and delivery: Dropbox, Google Drive, MEGA, WeTransfer, or similar platforms (files may be processed on servers in various locations depending on the platform used)
• Business communication: Gmail, Google Workspace, WhatsApp
• Payment processing: PayPal, Stripe, Payoneer (they handle payment data directly, not us)
• Project management: Trello, Asana, Monday (when applicable)
• Order data integration: ShipStation, Order Desk (when applicable)
• Other similar tools: As needed for service delivery

These providers:

• Are bound by confidentiality agreements or terms of service
• Use data only for specified purposes
• Maintain their own privacy policies and security standards
• May process data on servers located in various countries

4.3 Legal Requirements

We may disclose information if required by law, court order, or government regulation.

5. Your Rights and Choices

5.1 Access and Correction

You have the right to:

• Request access to the information we hold about you
• Correct any inaccurate or incomplete information
• Request deletion of your information (subject to legal retention requirements)

5.2 Data Portability

You can request a copy of your data in a commonly used format (e.g., CSV, PDF).

5.3 Withdrawal of Consent

You can withdraw consent for data processing at any time by:

• Canceling our service
• Requesting deletion of your data
• Revoking access to any systems (e.g., ShipStation, Order Desk)

5.4 Marketing Communications

We only send service-related emails (order updates, delivery confirmations). We do not send marketing emails unless you explicitly opt in.

6. Cookies and Tracking

6.1 Website Cookies

Our website uses cookies for:

• Essential cookies: For site functionality (login, form submissions)
• Analytics cookies: To understand site usage (Google Analytics or similar)

When you first visit our website, you will see a cookie consent banner allowing you to accept or decline non-essential cookies.

You can disable cookies in your browser settings, though some site features may not work properly without essential cookies.

6.2 Managing Cookie Preferences

You can change your cookie preferences at any time by:

• Using the cookie settings link in our website footer
• Adjusting your browser settings to block or delete cookies
• Opting out of Google Analytics: https://tools.google.com/dlpage/gaoptout

7. International Data Transfers

We are based in Brazil. If you are located outside Brazil, your information may be transferred to, stored, and processed in Brazil.

Additionally, some of our service providers (such as cloud storage platforms) may process data on servers located in various countries, including the United States, European Union, and others.

We take appropriate measures to ensure your data is protected in accordance with this Privacy Policy, regardless of where it is processed.

7.1 LGPD Compliance (Brazilian Clients)

We comply with Brazil’s Lei Geral de Proteção de Dados (LGPD – Law 13.709/2018).

Under LGPD, you have the right to:

• Access and correct your personal data
• Request deletion or anonymization of your data
• Obtain portability of your data to another service provider
• Withdraw consent for data processing

To exercise these rights, contact us at: clayton@ecommerceprintprep.com

7.2 GDPR Compliance (EU Clients)

Brazil’s LGPD is modeled after the European Union’s General Data Protection Regulation (GDPR) and provides similar protections.

If you are in the European Union, you have additional rights under GDPR:

• Right to access, rectify, or erase your data
• Right to restrict or object to processing
• Right to data portability
• Right to lodge a complaint with a supervisory authority

For international data transfers to Brazil, we rely on:

• Your explicit consent for the transfer
• Necessity for contract performance
• Standard Contractual Clauses (SCCs) when required

8. Children’s Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect information from children. If we learn that we have collected information from a child, we will delete it immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website with a new “Last Updated” date
• Sending you an email notification (for significant changes)

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

10. Data Breach Notification

In the event of a data breach that affects your information, we will:

• Notify you within 72 hours of becoming aware of the breach (as required by GDPR)
• Provide details about what information was affected
• Explain the steps we are taking to address the breach
• Advise you on steps you can take to protect yourself
• Report to relevant authorities as required by applicable law (LGPD, GDPR, or other regulations)

11. Your Responsibilities & Legal Basis

Your Responsibilities

As our client, you are responsible for:

• Ensuring you have the legal right to share any data you provide to us
• Obtaining necessary consents from your customers (where applicable)
• Complying with privacy laws applicable to your business and customers
• Keeping your account credentials secure

Our Legal Basis for Processing

We process your data based on the following legal grounds:

• Contract performance: To deliver the services you contracted
• Legitimate interest: To improve our services and prevent fraud
• Legal obligation: To comply with tax, accounting, and regulatory requirements
• Consent: For any optional processing activities

12. Data Protection Officer

For matters related to data protection and privacy:

Name: Clayton Kappaz
Email: clayton@ecommerceprintprep.com
Role: Data Protection Officer (DPO)

The DPO is responsible for:

• Ensuring compliance with privacy laws (LGPD, GDPR)
• Receiving and addressing data subject requests
• Communicating with data protection authorities when required

Questions About This Policy?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: clayton@ecommerceprintprep.com
WhatsApp: +55 11 985580068
Response Time: Within 48 hours on business days

By using our services, you acknowledge that you have read and understood this Privacy Policy.