PrintFlow AIHome

Legal

Privacy information (draft)

Draft placeholders only. This is not a final privacy policy or GDPR Article 13/14 statement. A qualified advisor should review it before a public launch. Processors and purposes below reflect the types of services used in the product codebase — not a complete record of your deployment or legal roles.

Controller

TODO: privacy controller (legal name + address + contact email for privacy requests)

What this app does (summary)

PrintFlow AI lets signed-in users submit briefs and receive AI-generated listing-related text (e.g. titles, tags, descriptions). Usage limits and optional subscriptions are tracked in a database. Product analytics may run in the browser and server.

Optional walkthrough & feedback form

If you use the optional Request a guided walkthrough form on the marketing site, we store your email, optional Etsy shop URL, niche, and free-text answers in our Supabase database to schedule onboarding conversations, seller interviews, or feedback. Public signup for PrintFlow runs through normal account creation (Supabase authentication) and does not depend on this form. TODO: retention period for stale form rows; legal basis wording

This draft does not claim that privacy compliance is complete—have qualified counsel review before a broad public launch.

Categories of processing (placeholders)

  • Account & authentication (Supabase) — email and credentials (or magic links, depending on your Supabase settings), session cookies. TODO: legal basis (e.g. contract / legitimate interest)
  • Application data (Supabase database) — briefs, generated outputs stored as history, usage counters, billing-related fields synced from Stripe. TODO: legal basis + retention
  • Payments (Stripe) — checkout, subscriptions, invoices; Stripe processes payment data according to its own terms and privacy policy. TODO: DPA / SCCs as applicable
  • AI generation (OpenAI) — prompts and model outputs are sent to OpenAI for completion. Do not submit unlawful content or unnecessary personal data in briefs. TODO: legal basis, subprocessors, retention
  • Analytics (PostHog) — product events and optional session replay (if enabled in your environment). TODO: consent / legitimate interest assessment, cookie banner if required, opt-out
  • Hosting (Vercel) — application and serverless routes run on Vercel infrastructure. TODO: DPA / region

Cookies / local storage

Authentication may use cookies set by Supabase. PostHog may use cookies or local storage depending on configuration. TODO: list cookies, purposes, and consent basis (e.g. strictly necessary vs. analytics)

Retention (placeholders)

TODO: how long accounts, generations, logs, and analytics events are kept; deletion after account closure; Stripe/OpenAI/PostHog retention references

Your rights

Depending on applicable law, you may have rights to access, rectify, erase, restrict, or object to processing, and to lodge a complaint with a supervisory authority. TODO: describe how to exercise rights and response timelines

Contact

General product support: see Support.

Support email configured for this deployment: benuxa.studio@gmail.com

TODO: dedicated privacy inbox if different from general support

International transfers

TODO: if personal data leaves the EEA/UK/CH, describe mechanisms (e.g. SCCs) with subprocessors