Privacy Policy

Who does this policy apply to?

This privacy policy applies to you if you are a Merchize customer, a subscriber to our services, or simply visiting our website.

If your customers are purchasing goods through your store via Merchize but are not registered users of our platform, we act as the “data processor” on your behalf, the merchant. This means we process their data solely to deliver our services to you, following your instructions or as required by law. As the merchant, you are responsible for ensuring that your customers’ personal data is handled in compliance with all applicable data protection laws. This includes notifying them about how we, as a service provider, collect and use their data to support your business.

Our responsibilities

For registered Merchize customers and visitors to our website, we serve as the “data controller” of your personal data. In this role, we decide how and why your data is processed to provide and manage our services.

Your responsibilities

Please review this Privacy Policy carefully.

If you provide us with personal information about others—such as when registering on someone else’s behalf or sharing data about your customers—or if someone else submits your information to us, we will only use that data for the specific purpose it was provided. By submitting this information, you confirm that you have the authority to permit us to process it on your behalf in line with this Privacy Policy.

Merchize collects information from you as you engage with our platform and services. This collection occurs in two ways: with your explicit consent for certain activities and automatically to enable the functionality of our services. Below, we outline the specific circumstances under which your data is gathered.

Information Collected with Your Consent

We collect data when you voluntarily interact with Merchize in the following situations:

• Account Registration: When you create a Merchize account to access our services.
• Content Submission: When you upload designs, artwork, or other materials using our tools.
• API Connections: When you integrate Merchize with your store or other third-party platforms, such as storefronts or website builders, through application programming interfaces (APIs).
• Product Listing: When you publish or list products on external sales channels via Merchize.
• Communications: When you contact us by email, reach out to our support team (please note that we may record telephone conversations for quality assurance, with prior notification during the call), or engage with us through social media.
• Marketing Preferences: When you opt in to receive marketing communications, including emails, newsletters, or promotional updates from Merchize.
• Additional Engagements: When you request a demonstration of our services, participate in a user feedback study, enter contests or sweepstakes, register for promotional offers, or join our referral program.

Information Collected Automatically

Certain data is collected automatically as you use our platform, without requiring your direct input, to support its operation and enhance your experience:

• Website Navigation: When you visit or explore any section of the Merchize website.
• Product Development: When you utilize Merchize’s Mockup Generator to design or create products.
• Support Resources: When you access our help section or review support documentation.
• Order Management: When you submit or oversee orders processed through Merchize.

To deliver our print-on-demand and fulfillment services, Merchize collects various types of information from you, the merchant, and your customers. This data is essential for providing our services, enhancing your experience, and maintaining the security and functionality of our platform. 

Adhering to the principle of data minimization, we collect and process only the personal data required to provide and improve our services.

Below are the specific categories of information we collect:

• Contact and Basic Information
  This includes your name, address, telephone number, email address, and other similar details required for account setup and communication.
• Financial Information
  We collect data related to transactions and payments, such as product prices, order revenue, and your payment method details (e.g., PayPal account email or credit/debit card information).
• Content and Product Data
  This covers any designs, artwork, or other materials you upload or create using our tools, as well as details about the products you offer through Merchize.
• Contractual and Order Data
  We gather information about your sales and orders, including order details, customer information (such as names, addresses, and contact details), your store name, and other transactional data accessed via your store account.
• Technical and Usage Data
  Certain information is automatically collected to understand how you use our platform, including:
  • Your IP address, browser type and version, operating system, and device details.
  • Login credentials and time zone settings.
  • Usage data, such as pages visited, features used, time spent on our platform, and any errors encountered.

Important Notes on Data Collection

• Sensitive Information
  Merchize does not collect or process sensitive personal data, including information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, sexual orientation, or criminal history.
• Children’s Information
  Our services are intended for business users aged 18 and over. We do not knowingly collect personal information from individuals under 16. If we learn that such data has been collected, we will promptly delete it.

Purposes for Processing Your Information

1. Operating Merchize Services
   We use your information to provide our core services, such as:
   • Processing and fulfilling orders, managing product designs, and handling transactions.
   • Integrating with your store and other third-party platforms.
   • Authenticating your login, remembering your preferences, and ensuring secure access.
   • Processing payments and maintaining our platform’s infrastructure.
     Legal Basis: This processing is necessary to fulfill our contract with you and to support our legitimate interests in delivering a reliable service.
2. Improving Merchize
   We use your data to enhance our platform, including:
   • Testing new features and collecting feedback through surveys or user studies.
   • Analyzing platform usage (e.g., page views, navigation patterns) to improve user experience.
   • Conducting data research, using tools like machine learning, sometimes with third-party assistance, to optimize our services.
     Legal Basis: This processing is based on our legitimate interests in improving our platform to benefit you and other users.
3. Providing Customer Support
   Your information helps us notify you about service updates, resolve issues through live chat, email, or phone support, and address technical problems, such as fixing bugs.
   Legal Basis: This processing is necessary to fulfill our contract with you, as support is part of our service agreement.
4. Marketing and Promotions (With Your Consent)
   We may use your information for promotional purposes, such as:
   • Sending emails about new features, products, or services.
   • Sharing newsletters, promotional offers, or industry updates.
     Legal Basis: This processing relies on your explicit consent. You can opt out at any time by following the instructions in our communications or by contacting us.

Understanding the Legal Bases for Processing

Here’s what each legal basis means:

Consent: This applies when you explicitly agree to let us use your data for a specific purpose, such as receiving marketing emails. You can withdraw your consent at any time by emailing [[email protected]].

Contract: Processing your data is required to fulfill our agreement with you, such as providing order fulfillment and platform access.

Legitimate Interests: We process your data to support our business interests, provided they don’t override your rights. These interests include:

• Understanding how you use our website or app to improve your experience.
• Developing and refining our services and communications.
• Evaluating the success of our marketing efforts.
• Strengthening platform security.

We ensure these interests are balanced against your privacy rights.

At Merchize, we are committed to protecting your privacy and ensuring you have control over your personal information. This section outlines your key rights regarding the data we collect and the choices you have in managing how we use it. 

These rights apply to all users—whether you are a merchant or a visitor to our website—and comply with relevant data protection laws, including the General Data Protection Regulation (GDPR).

Your Rights Regarding Your Personal Data

• Right to Access
  You may request details about the personal data we hold about you, including the categories of data we process, the purposes of processing, and how long we retain it.
  
  
• Right to Erasure (Right to Be Forgotten)
  You may request the deletion of your personal data when it is no longer necessary for the purposes it was collected, or if you withdraw your consent.
  
  
• Right to Withdraw Consent
  If we process your data based on your consent (e.g., for marketing communications), you can withdraw that consent at any time without affecting prior processing.
  
  
• Right to Lodge a Complaint
  If you are dissatisfied with our handling of your data, you may contact us directly. EU residents may also lodge a complaint with their local data protection authority.
• Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., CSV or JSON) and, where feasible, have it transferred to another service. 

• Right to Rectification

If your personal data is inaccurate or incomplete, you can request that we correct or update it. 

Your Choices Regarding Your Personal Data

You have several options to manage how we collect and use your information:

• Providing Personal Data
  You may choose not to provide certain personal data. However, this may limit your ability to use some features, such as order processing or account personalization.
• Marketing Communications
  If you have consented to receive marketing emails, newsletters, or promotions, you can opt out at any time by:

1. Clicking the “unsubscribe” link in any marketing email.
2. Emailing [[email protected]].
3. Updating your preferences in your account settings.
   We will notify you before collecting your data for marketing purposes and your consent is optional and can be revoked as described above.

• Cookies and Tracking Technologies
  You can manage cookies and tracking technologies through your browser settings. Disabling cookies may affect website functionality.

Merchize is dedicated to protecting your personal information, including sensitive customer data. We use industry-standard security measures, such as encryption, secure servers, and access controls, to protect your personal data from unauthorized access, loss, or disclosure.

Security Measures

We implement the following safeguards to protect your data:

• Infrastructure Security: Our platform uses secure cloud servers from trusted providers, meeting high industry standards. Access is restricted to authorized personnel via multi-factor authentication (MFA), and data is encrypted in transit (e.g., using TLS) and at rest.
• Physical Protections: Our platform infrastructure is housed within Amazon Web Services (AWS) data centers, which employ stringent physical security measures to safeguard the hardware and data. Key protections featured at these facilities include data centers feature 24/7 security staff, intrusion detection, and environmental controls (e.g., fire suppression) to ensure server safety.
• Monitoring: We monitor systems 24/7, with immediate alerts for any issues, and use a Web Application Firewall (WAF) to guard against threats.

Data Storage Locations

Your data is stored primarily in secure facilities in the US, managed by reputable cloud providers like AWS. Additional processing may occur at our offices in Vietnam.

Your Responsibilities

While we employ strong security measures, no online system is entirely risk-free. You are responsible for:

• Account Security: Keeping your username and password confidential.
• Breach Notification: If you suspect your account or data has been compromised, immediately change your password and notify us at [[email protected]] or through our support chat feature.

7. How long do we store your data?

Merchize retains your personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, and to comply with applicable legal obligations. 

Retention Periods

Your contact details (e.g., name, email, address) and store-related data (e.g., store name, uploaded designs) are kept as long as your Merchize account remains active. If you close your account or your account is deactivated, we retain this data and allow for later reactivation unless you request immediate deletion. 

We will delete your personal data from our archives no later than 6 years after your last use of Merchize, or earlier if you ask us to remove it.

Legal Basis: Contractual necessity and legitimate interests—to maintain your account and support service continuity.

Deletion of Data

• Upon Request: You may request the deletion of your personal data at any time by emailing [[email protected]]. We will promptly delete your data unless we are legally required to retain it (e.g., for tax purposes), in which case we will inform you of the reason.
• When Purpose Expires: Data is automatically deleted or anonymized once its retention period ends or the purpose for its collection (e.g., order fulfillment) is complete unless a legal obligation applies.

To provide our print-on-demand and fulfillment services effectively, Merchize collaborates with trusted third-party service providers worldwide. These partners assist us in delivering core functionalities, such as order fulfillment, customer support, and platform operations. This section explains who we share your data with, why we share it, and how we ensure it remains protected.

Why We Share Data

We partner with third parties to perform tasks we cannot handle alone, including manufacturing products, managing communications, and maintaining our app’s infrastructure. Your personal data is shared only when necessary to deliver these services and is protected under the safeguards outlined in this Privacy Policy.

Our Key Third-Party Partners

Below are the main categories of third-party providers we work with, the types of data shared, and the purposes for sharing:

• Manufacturing Services
  Data Shared: Customer contact details (e.g., name, address), order details, product designs.
  Purpose: To produce and fulfill orders placed through your store.
• Hosting and Infrastructure Providers
  Data Shared: Usage data (e.g., how you interact with our app), account details.
  Purpose: To host and maintain our platform securely.
• Communication and Support Services
  Data Shared: Your email address, support messages.
  Purpose: To manage customer support and send service-related communications.
• Payment Processors
  Data Shared: Payment information, order details.
  Purpose: To process transactions for your purchases or sales.
• Analytics Providers (Optional, with Consent)
  Data Shared: Usage data, identifiers (e.g., IP address).
  Purpose: To analyze and improve our app’s performance, only if you opt in.
• Legal and Compliance Entities
  Data Shared: Any relevant data as required.
  Purpose: To comply with legal obligations, such as responding to lawful requests or protecting our rights.
• Business Customers (Merchants)
  Data Shared: Order-related data (e.g., customer details).
  Purpose: To provide services on behalf of merchants using our app.

Safeguards and Legal Compliance

We share data only with third parties that agree to comply with applicable data protection laws. Sharing is limited to what’s required for these purposes, and we may also share de-identified or aggregated data unless prohibited by law.

We may update this Privacy Policy periodically, and any modifications will be reflected on this page. We recommend reviewing it regularly to stay informed of any changes.

We will notify you of significant changes to this privacy policy via email or through a notice in the App, ensuring you stay informed of updates.