Last updated
Last updated: [insert date]
Privacy / Datenschutz
Privacy Policy
This MVP privacy policy explains how Stitchra may process personal data for the website, T-shirt configurator, quote workflow, emails, payments, and service security. It is not legal advice and must be completed with final operator details before production/legal launch.
Legal owner details are placeholders until the site operator adds the correct company or individual information. This page is not legal advice.
Controller / Verantwortlicher
Site / service name: Stitchra
Owner / Betreiber: [Owner or legal company name]
Address / Anschrift: [Street, postal code, city, country]
Email: [contact email address]
Phone: [optional phone number]
VAT ID / USt-IdNr.: [if applicable]
The final operator details above must be inserted before production/legal launch. Until then, this privacy policy is an MVP draft for the Stitchra service.
Privacy contact for now: orders@stitchra.com / [privacy contact email]. A dedicated privacy address can replace this later.
Short overview
Stitchra processes data to operate the website, provide the T-shirt configurator, handle uploaded logos and design settings, prepare embroidery offers, communicate with customers, process payments, and protect the service.
We aim to keep public customer pages separate from internal studio information. Internal cost calculations, profit, margin, production notes, and private workflow details are intended for the Studio only and should not be shown on public pages.
Website hosting and technical logs
Stitchra may be hosted on Vercel. Hosting and security systems may process technical access data such as IP address, date and time of access, requested pages, referrer, browser and device information, error logs, and security logs.
The legal basis is our legitimate interest (berechtigtes Interesse) in providing a secure, stable, and reliable website.
Vercel Web Analytics
Stitchra may use Vercel Web Analytics to understand public website page views and basic usage patterns. This analytics setup is intended for public website traffic only and should not use third-party cookies.
Private Studio pages, API endpoints, order-token pages, and payment-token pages should be excluded where technically configured. The legal basis is legitimate interest in improving the public website experience.
Configurator and logo upload
When you use the configurator, you may upload logo or design files and choose embroidery placement, shirt color, logo size, quantity, and other design settings. These files and settings are processed to create previews, prepare quotes, and process order requests.
Please only upload logos, images, and other content that you are allowed to use for embroidery design and production. Do not upload unlawful, infringing, confidential, or sensitive content.
Order requests and quote workflow
If you request a quote or order, Stitchra may process your name, email address, optional phone number, quantity, customer notes, uploaded design, pricing estimate, offer status, customer responses, and workflow status.
The legal basis may be contract preparation or contract performance (Vertragsanbahnung / Vertragserfüllung) and legitimate interest in managing quote and order workflows.
Email communication
Stitchra may use Resend as a transactional email provider when email sending is configured. Emails may include secure quote links, order status messages, support replies, and operational notifications.
Email processing may include your email address, message content, delivery metadata, and related technical logs. The legal basis may be contract preparation, contract performance, and legitimate interest in customer communication.
Payments
Stitchra may use Stripe for payment checkout when payments are activated. Payment processing is handled by Stripe. Stitchra may receive payment status, payment session ID, payment provider information, timestamps, and limited transaction metadata linked to your order.
Stitchra should not receive full card details. The legal basis may be contract performance and legal obligations, for example accounting and tax retention duties.
Database and storage
Stitchra may use Supabase for database and storage systems. Order data, uploaded design references, customer details, public-token workflow status, and internal studio status data may be stored there.
Internal business data such as cost breakdowns, internal cost, profit, margin, labor, studio payback, production notes, and private workflow notes are intended for internal Studio use only and should not be exposed publicly.
AI and image processing
If Stitchra uses AI or automated image processing, uploaded files, design prompts, placement settings, or generated previews may be processed to analyze logo complexity, generate or improve mockups, clean up design assets, or estimate production effort.
Add the real provider name, processing region, retention settings, and agreement details here before production use: [AI/image processing provider, if used].
Processors / service providers
Stitchra may use processors (Auftragsverarbeiter) and service providers for hosting, storage, email, analytics, payments, and optional image processing. The actual use depends on the active configuration and provider agreements or data processing agreements (DPA / Auftragsverarbeitungsvertrag) where applicable.
| Provider | Purpose | Data types | Notes |
|---|---|---|---|
| Vercel | Website hosting, deployment, technical logs, and Vercel Web Analytics where enabled. | Technical access data, page views, device/browser data, error and security logs. | Processing depends on the deployed configuration and Vercel provider terms or agreements where applicable. |
| Supabase | Database and storage for order workflow data and uploaded design references. | Customer details, order requests, quote status, uploaded design references, internal workflow status. | Use and region depend on the active Supabase project configuration and applicable provider terms. |
| Resend | Transactional emails, such as quote links, order status messages, and customer support replies. | Recipient email address, message content, delivery metadata, and related email logs. | Applies when transactional email sending is configured and activated. |
| Stripe | Payment checkout and payment status handling. | Payment session ID, payment status, limited transaction metadata, order reference, customer contact data where needed. | Card details are handled by Stripe. Stitchra should not receive full card numbers. |
| [AI/image processing provider, if used] | Logo analysis, design preparation, mockup generation, or production-effort estimation. | Uploaded logo/design files, prompts, placement settings, and generated/processed preview data. | Only applies if such provider processing is activated. Add the real provider and agreement details before production use. |
International transfers
Some providers may process data outside the EU/EEA. Where required, appropriate safeguards may be used, such as Standard Contractual Clauses or provider transfer mechanisms. Final transfer details depend on the selected provider settings and agreements.
Storage periods
- Technical logs: as needed for security and operation, depending on provider settings.
- Order inquiries and quotes: as long as needed to handle the inquiry and reasonable follow-up.
- Uploaded logos/designs: as long as needed for quote, order, or production, or until a valid deletion request, unless retention is required.
- Payment and accounting records: according to applicable legal retention obligations.
- Support emails: as long as needed for communication, documentation, and dispute handling.
Your rights / Ihre Rechte
Depending on applicable law, you may have the right to request access (Auskunft), rectification (Berichtigung), erasure (Löschung), restriction (Einschränkung), data portability (Datenübertragbarkeit), and objection (Widerspruch). Where processing is based on consent, you may withdraw consent with effect for the future.
You may also contact a competent data protection supervisory authority, for example the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) if applicable.
Security
Stitchra uses practical security measures such as access controls, secure hosting configurations, encryption in transit where available, limited team access, and separation between public customer data and internal Studio pricing/production data. No system can be guaranteed completely secure, so these measures should be reviewed regularly as the platform grows.
Contact
For privacy questions or data subject requests, contact orders@stitchra.com for now, or replace it with [privacy contact email] before final legal launch.