Privacy Policy

1. What we collect

• Identifiers: phone number (in international format), name, shipping address, optional email address.
• Order content: the sticker image you submit, the size / quantity / cut you select, the price you paid, and any free-text notes.
• WhatsApp messages: when you choose to send your sticker via WhatsApp, the inbound message is processed by our messaging gateway and stored as part of your order. We do not initiate marketing messages on WhatsApp.
• Technical data: standard server logs (request time, status, user-agent) for security and debugging. We do not run advertising or analytics cookies.

2. Why we use it

• To fulfill the order and ship the printed stickers to you.
• To send transactional notifications by email (order confirmation, shipped notice).
• To respond when you contact us.
• To prevent fraud and abuse and to comply with the law.

3. Public "recently printed" feed

The homepage shows a small grid of sticker images from recently fulfilled orders, labeled "הודפסו לאחרונה." Only the image, the size, and the approximate timestamp are displayed — never your name, phone, address, or email. You control whether your sticker appears there: at checkout, an opt-out checkbox lets you order privately. Defaults to opt-in (the box is checked); if you uncheck it, your sticker is never shown publicly. You can also email us at tal.gurevich2@gmail.com at any time to remove a previously displayed image from the feed.

4. Who we share it with

We share the minimum amount of data necessary with third-party processors who help us run the service:

• Supabase — database and image storage (host: EU).
• Vercel — application hosting and serverless functions.
• Prodigi — print and shipping fulfillment (UK / EU).
• Resend — transactional email delivery.
• Green API — WhatsApp messaging gateway.
• PayPlus — payment processing (when payments are enabled). PayPlus handles card data directly; we do not see or store full card numbers.

We do not sell your personal data and do not share it with anyone for marketing purposes.

5. How long we keep it

• Open browsing sessions (no order placed) expire after 60 minutes and are deleted automatically along with their uploaded image.
• Unmatched WhatsApp messages expire after 15 minutes and are deleted.
• Orders (and their images) are kept while the order is active and afterwards as needed for accounting and customer-support purposes, up to the period required by Israeli tax law (typically 7 years).

6. Your rights

Subject to applicable law, you may ask us to access, correct, or delete the personal data we hold about you, and to restrict or object to certain uses. To exercise any of these rights, contact us at tal.gurevich2@gmail.com. We will respond within 30 days. Note that we may need to keep data required to fulfill an active order or to comply with a legal obligation even after a deletion request.

7. Security

We use HTTPS for all traffic, store images in a private bucket accessed via short-lived signed URLs, and limit access to production credentials to a small number of people. No system is perfectly secure; if you believe your account has been compromised, please contact us.

8. Children

The service is not intended for children under 18. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, contact us and we will delete it.

9. International transfers

Some of our processors are based outside Israel (UK, EU, US). When we transfer data internationally we rely on contractual safeguards that those processors offer (such as standard contractual clauses).

10. Changes

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change.

11. Contact

Privacy questions or requests: tal.gurevich2@gmail.com.