Privacy Policy

Last updated: January 2026

PrntFlow ("we," "our," or "us") operates the POD Mockup Uploader Shopify app ("Service"). This Privacy Policy explains how we collect, use, and protect your personal data in accordance with applicable laws, including Japan's Act on the Protection of Personal Information (APPI) and the EU GDPR.

1. Information We Collect

When you install and use POD Mockup Uploader, we may collect and process the following types of information:

From Shopify (via OAuth and APIs):

  • • Shopify store domain (for example, yourstore.myshopify.com)
  • • Basic shop and owner contact details (such as store name, owner name, and email)
  • • Product and variant information (such as titles, options, and color variants)
  • • App subscription status and plan information (for example, which app plan your store is on)

From you / within the app:

  • • Uploaded image files, including:
    • ◦ Base mockup images (for each t-shirt color)
    • ◦ Test graphics
    • ◦ Design graphics applied to t-shirt products
  • • Template configuration data:
    • ◦ Color mappings (for example, light vs dark shirt groups)
    • ◦ Placement and scale settings
    • ◦ Template names and descriptions
  • • Usage events needed to operate the Service (for example, when templates are created or applied, and store‑level lifecycle events such as when a first template is created or first applied)
  • • Support communications you send to us (for example, emails to our support address)

We do not directly collect or store your customers' payment card information or Shopify account passwords.

2. How We Use Your Information

We use the information described above to:

  • • Provide and operate the Service, including:
    • ◦ Creating and storing mockup templates
    • ◦ Generating, uploading, and assigning mockup images to product variants
  • • Authenticate your store and maintain your app session via Shopify OAuth
  • • Manage billing and subscriptions through Shopify's Billing system (we do not process card details directly; billing is handled by Shopify)
  • • Communicate with you about the Service, including support replies and important updates
  • • Monitor and improve the Service, including:
    • ◦ Understanding which features are used
    • ◦ Detecting abuse or misuse (for example, excessive automated requests)
  • • Comply with legal, regulatory, and tax obligations, where applicable

We may log limited store‑level lifecycle events (such as when the app is installed, when you create your first template, and when you first apply a template to a product) to better understand onboarding patterns and improve the Service. We don't record detailed per‑click behavior or send this lifecycle data to advertising networks.

We process this data on the basis of:

  • • Fulfilling our contract with you (providing the app you installed),
  • • Our legitimate interests in running and improving the Service, and
  • • Compliance with legal obligations.

3. Data Retention & Deletion

Uploaded images (mockups and graphics):

  • • Uploaded images and generated mockups stored in our infrastructure (for example, on Cloudflare R2) are retained for as long as your store maintains an active subscription to the app, plus up to 30 days after your subscription ends.
  • • After that period, we may delete or irreversibly anonymize these files as part of routine cleanup processes.

Account and store information:

  • • Shop and account-related information (for example, store domain, plan status, and template metadata) is retained while your store has the app installed and for a reasonable period after uninstall to:
    • ◦ Maintain accurate records,
    • ◦ Handle potential support or billing questions,
    • ◦ Comply with legal obligations.
  • • If you uninstall the app, we receive an APP_UNINSTALLED notification from Shopify and may flag your data for deletion or archival after a defined retention period, unless we are required to keep it longer by law.

Your rights to deletion:

  • • You may request deletion of your account-level data that we control by contacting us at support@prntflow.com.
  • • We may need to retain certain information if required by law (for example, for tax or accounting records).

4. Data Sharing and Third Parties

We share data only with service providers necessary to operate the Service. These include:

  • • Shopify – for authentication, billing, and integration with your Shopify store.
  • • Cloudflare, Inc. – for secure storage and delivery of uploaded image files and generated mockups (for example, using Cloudflare R2).
  • • Vercel Inc. – for hosting the application frontend and backend infrastructure that powers the embedded app.
  • • Neon.tech – for managed database hosting used to store app configuration and related operational data.
  • • Other infrastructure providers – such as logging, monitoring, or backup services that help us run and maintain the Service.
  • • Analytics or monitoring providers (if used) – to understand aggregated usage and app performance. When we use analytics, we aim to use aggregated or pseudonymized data where possible.

We do not sell your personal data.

We do not share customer-level Shopify order or payment information with third parties except as necessary to operate the Service or comply with the law.

5. International Transfers

Our Service and third-party providers may be located in countries outside your own, including outside Japan and the EU/EEA. When personal data is transferred internationally, we take steps to ensure an adequate level of protection consistent with applicable law (for example, GDPR and APPI), such as using contracts with appropriate data protection clauses.

6. Your Rights (under GDPR and APPI)

Depending on your location and applicable law, you may have some or all of the following rights regarding your personal data:

  • Access – request a copy of the personal data we hold about you.
  • Rectification – request correction of inaccurate or incomplete data.
  • Erasure – request deletion of your data, subject to legal retention requirements.
  • Restriction – request that we limit how we use your data.
  • Objection – object to certain types of processing, such as direct marketing (we currently do not use your data for direct marketing).
  • Data portability – request a copy of your data in a structured, machine-readable format where applicable.
  • Withdrawal of consent – where we rely on consent, you may withdraw it at any time (this will not affect processing carried out before withdrawal).

You can exercise these rights by contacting us at support@prntflow.com. We may need to verify your identity before fulfilling certain requests.

7. Cookies and Similar Technologies

Our app may use cookies or similar technologies:

  • • To maintain your session within the embedded app interface (for example, authentication/session cookies),
  • • To support technical operations such as CSRF protection or load balancing,
  • • If we enable analytics in the future, to collect aggregated usage information.

You can adjust your browser settings to block or delete cookies. However, some features of the Service may not work properly if cookies are disabled.

8. Security

We implement reasonable technical and organizational measures to protect your information, including:

  • • Encrypted connections (HTTPS/SSL) wherever possible,
  • • Access controls and least-privilege principles for our systems,
  • • Regular updates and security patches for our infrastructure.

No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You use the Service at your own risk.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If changes are material, we may also notify you through the app interface or by email, where appropriate.

Your continued use of the Service after an updated Privacy Policy is posted constitutes your acceptance of the changes.

10. Contact Us

PrntFlow
Email: support@prntflow.com