Privacy Policy

Last Updated: December 29, 2025

REACH.GR ("we", "us") is committed to protecting your privacy and the privacy of your customers. This Privacy Policy explains how we collect, use, and store data when you install the Imprint Shopify App.

1. Information We Collect

We collect information from two sources: the Merchant (you) and your End-Customers.

1.1. From the Merchant (You)

When you install the App, we collect the following via the Shopify API:

  • Store Information: Shop URL, shop name, email, and country/currency settings.
  • App Usage Data: Plan selection, feature usage, and installation date.
  • Cookies & Session Data: We use session cookies to maintain your login session within the App dashboard.

1.2. From Your End-Customers

To provide the watermarking and delivery service, we process the following data when an order is placed:

  • Personal Information: Customer Name, Surname, Email Address.
  • Order Details: Shopify Order ID, Purchase Date, Product SKUs.
  • Technical Data: IP address, Browser User-Agent (used for download audit logs and fraud prevention).

Note on Watermarking: The customer's Email and Order ID are stamped visibly onto the PDF files they download. This is a core function of the Service.

2. How We Use Your Information

We use the collected data to:

  1. Provide the Service: Generate unique download links and stamp PDFs with customer data.
  2. Billing: Process subscription payments via Shopify.
  3. Communication: Send transactional emails (download links) to your customers on your behalf.
  4. Security & Abuse Prevention: Detect excessive download attempts, scan file metadata for prohibited content (as defined in our Terms of Service), and prevent fraud.
  5. Legal Compliance: Comply with applicable laws, regulations, and legal requests.

3. Data Security & Encryption

We take the security of your data seriously. We employ industry-standard security measures to protect Personally Identifiable Information (PII):

  • Encryption in Transit: All data transferred between your customers, Shopify, and our servers is encrypted using TLS 1.2+ (Transport Layer Security).
  • Encryption at Rest: Sensitive customer information stored in our database (specifically Name, Surname, and Email Address) is encrypted using AES-256 encryption. This ensures that even in the unlikely event of a database breach, the raw personal data remains unreadable.

4. Sharing Your Information

We do not sell your data. We only share data in the following circumstances:

4.1. Service Providers (Subprocessors)

We authorize these third parties to process data on our behalf to provide the Service:

ProviderServiceLocationPurpose
Cloudflare R2Object StorageGlobalStoring your encrypted PDF files.
ShopifyE-commerce PlatformGlobalAuthentication, Billing, and Order Data.
RedisQueue ManagementEU/USProcessing background jobs (file stamping).

4.2. Legal Requirements

We may disclose your information or your customers' information if we are required to do so by law, or if we believe in good faith that such action is necessary to:

  • Comply with a legal obligation, court order, or government request (including Greek and EU authorities).
  • Protect and defend the rights or property of REACH.GR.
  • Prevent or investigate possible wrongdoing in connection with the Service (e.g., piracy, distribution of illegal content).

5. Data Retention and Deletion

We adhere to a strict data minimization policy:

  • Active Stores: Data is retained as long as the App is installed to ensure service continuity.
  • Uninstalled or Terminated Stores: If you uninstall the App, or if your account is terminated for violating our Terms of Service, your data is queued for deletion. 48 hours after uninstallation/termination, all data is permanently wiped from our databases and storage buckets.

6. GDPR Compliance (Europe)

Since we are located in Greece (EU), we are fully compliant with the General Data Protection Regulation (GDPR).

  • Data Controller: You (the Merchant) are the Controller of your customers' data.
  • Data Processor: REACH.GR acts as the Processor.
  • Your Rights: You have the right to request access to, correction of, or deletion of your data. You may export your data or request deletion by contacting us or uninstalling the App.

7. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. We will notify you of any material changes via the App dashboard or email.

8. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact:

REACH.GR
Privacy Officer
85300 Kos, Greece
Email: [Insert Support Email]