Privacy Policy

Last updated: March 2026

This Privacy Policy explains how Printara s.r.o. ("Printara", "we", "us", or "our"), a company incorporated in Slovakia, collects, uses, shares, and protects personal data when you use our platform at printara.co and related services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR) and applicable Slovak data protection law.

1. Data Controller

Printara s.r.o. is the data controller for all personal data processed through the Printara platform.

When you place an order, the seller (artist or partner) who fulfills that order receives your shipping information and becomes an independent data controller for the shipping data they process. Sellers are responsible for handling that data in compliance with GDPR.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address
  • Name
  • Password (stored only as a cryptographic hash via Supabase Auth — we never store or have access to your plaintext password)

2.2 Profile Data

  • Display name
  • Avatar image
  • Location (city/country, if provided)

2.3 Order Data

  • Shipping address
  • Order history and status
  • Communication between buyer and seller related to orders

2.4 Payment Data

Payments are processed entirely by Stripe. We do not store, process, or have access to your full credit card number, CVV, or other sensitive payment credentials. We receive only a transaction reference, payment status, and the last four digits of your card for display purposes.

2.5 Usage Data

  • Pages visited and features used
  • AI generation history (text prompts, generation parameters, results)
  • Device type, browser, operating system, and IP address
  • Referral source

2.6 Files and Content

  • Images you upload (reference photos, marketing photos)
  • 3D models generated through our AI tools
  • AI-generated marketing photos (Nano Banana)
  • Model metadata (titles, descriptions, tags, pricing)

3. Legal Basis for Processing

Under GDPR Article 6, we process your personal data based on the following legal grounds:

Legal Basis Purpose
Contract performance (Art. 6(1)(b)) Creating and managing your account, processing orders, facilitating communication between buyers and sellers, delivering purchased models
Legitimate interest (Art. 6(1)(f)) Platform security and fraud prevention, analytics to improve our services, technical troubleshooting
Consent (Art. 6(1)(a)) Marketing emails and newsletters, non-essential cookies and tracking
Legal obligation (Art. 6(1)(c)) DAC7 tax reporting obligations, responding to lawful requests from authorities, accounting and financial record-keeping

4. Third-Party Processors

We share personal data with the following third-party service providers who process data on our behalf under appropriate data processing agreements:

Processor Purpose Data Location
Supabase Authentication, user database, application data storage EU
Stripe Payment processing, payouts to sellers US (EU-US Data Privacy Framework)
Cloudflare R2 File storage (3D models, images, generated content) Global CDN
Tripo3D AI 3D model generation (text/image prompts are sent for processing) Data sent for processing
Google Gemini AI-generated marketing photos, content optimization US (EU-US Data Privacy Framework)
Resend Transactional and marketing email delivery US
Hetzner Backend server hosting Germany (EU)
Etsy Marketplace integration — listing creation, photo uploads, digital file delivery via Etsy API (OAuth 2.0). We access only the data you authorize via Etsy OAuth and process it solely to manage your Etsy shop listings on your behalf. US (EU-US Data Privacy Framework)
Cults3D Marketplace integration — listing creation via Cults3D API France (EU)
MyMiniFactory Marketplace integration — listing creation via MyMiniFactory API (OAuth 2.0) UK

4.1 Etsy Data Handling

When you connect your Etsy shop to Printara via OAuth 2.0, we access and process the following data from your Etsy account solely to provide listing management services:

  • Shop information — shop name and shop ID, used to identify which shop to publish listings to
  • OAuth tokens — stored securely in our database, used only to authenticate API requests on your behalf

We do not access buyer personal data, order details, financial information, or any data beyond what is necessary for listing management. OAuth tokens are encrypted at rest and can be revoked at any time by disconnecting your Etsy account from Printara or by revoking access in your Etsy account settings.

The term “Etsy” is a trademark of Etsy, Inc. This application uses the Etsy API but is not endorsed or certified by Etsy, Inc.

We only share the minimum data necessary for each processor to perform its function. All processors are contractually bound to process data solely on our instructions and in compliance with GDPR.

5. International Data Transfers

Some of our processors are based outside the European Economic Area (EEA), primarily in the United States. Where personal data is transferred to the US, we rely on the following safeguards:

  • EU-US Data Privacy Framework (DPF): Stripe and Google are certified under the EU-US Data Privacy Framework, which has been recognized by the European Commission as providing an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): Where the DPF does not apply, we use EU-approved Standard Contractual Clauses to ensure adequate protection of your data.

You can request a copy of the safeguards in place by contacting us at hello@printara.co.

6. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

Data Type Retention Period
Account data (email, name, profile) Until you request account deletion
Order data (transactions, shipping addresses, invoices) 5 years after the order date (legal and tax obligations)
Generated 3D models and files Until you delete them from your account
Server logs (IP addresses, request data) 30 days
Marketing consent records Until consent is withdrawn, plus 1 year for record-keeping

When data is no longer needed, it is securely deleted or anonymized so that it can no longer be linked to you.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights regarding your personal data:

  • Right of access — You can request a copy of all personal data we hold about you.
  • Right to rectification — You can ask us to correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — You can request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability — You can request your data in a structured, commonly used, machine-readable format.
  • Right to restriction of processing — You can ask us to limit how we use your data in certain circumstances.
  • Right to object — You can object to processing based on legitimate interest, including profiling.
  • Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@printara.co. We will respond within 30 days.

Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with the Slovak Data Protection Authority:

Urad na ochranu osobnych udajov Slovenskej republiky
Hranicna 12, 820 07 Bratislava 27, Slovak Republic
Website: dataprotection.gov.sk

8. Cookies

We use cookies and similar technologies to operate our platform, remember your preferences, and understand how you use our services.

  • Essential cookies are required for the platform to function (authentication, session management). These do not require consent.
  • Analytics and non-essential cookies are only placed with your explicit consent.

For full details on the cookies we use, how to manage them, and how to withdraw consent, please see our Cookie Policy.

9. Children's Privacy

Printara is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a person under 18 without appropriate parental consent, we will take steps to delete that data promptly. If you believe a child has provided us with personal data, please contact us at hello@printara.co.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you at least 30 days in advance via the email address associated with your account.

Continued use of the platform after the effective date of a revised policy constitutes your acceptance of the changes.

Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please reach out: