Privacy Policy

Last updated: 25 May 2026

1. What we collect

• Account data: email, name, password hash (via Supabase Auth), phone (optional), preferred language, marketing consent.
• Order data: shipping/billing addresses, order contents, payment status. Payment card details are handled by Shopify Checkout and never reach our servers.
• Design data: your 3D design configurations, uploaded images and logos, preview renders.
• Technical data: IP address, browser type, pages visited, timestamps. Used for security, abuse detection and aggregate analytics.
• Cookies: a session cookie for login, a cart cookie (kryts_cart_id) to remember items, and analytics cookies if you consent.

2. Why we use it

• Provide and ship the products you order
• Save your designs and order history
• Operate team stores and Pro Design jobs
• Detect and prevent scraping, fraud and abuse
• Send transactional emails (order status, team-store deadlines)
• Send marketing emails only if you opt in

3. Who we share with

• Shopify Inc.— processes checkout, payments and order fulfilment.
• Supabase Inc.— stores account, design and order data.
• Cloudflare R2 / Cloudflare— stores and delivers design files and provides edge security.
• Vercel Inc.— serves the website.
• Production partners (factories)— receive the print files needed to produce your order.

Some of these processors are outside Australia (US, EU). Where this applies we've taken reasonable steps to ensure equivalent protections, as required by APP 8.

4. Your rights

You can request access to, correction of, or deletion of your data by emailing privacy@kryts.com. We aim to respond within 30 days. Some records (order history) may be retained for tax / consumer-law obligations.

5. Security

Data in transit is encrypted via TLS. Data at rest in Supabase and Cloudflare R2 is encrypted by those providers. Internal access is scoped via role-based access control. We don't store payment card numbers — those live exclusively at Shopify.

6. Children

The site is not intended for users under 16. If we learn we've collected data from a minor without parental consent, we'll delete it.

7. Changes

We'll post any material change on this page and notify you by email if it affects your account.

8. Complaints

If you believe we've breached the Australian Privacy Principles, contact privacy@kryts.com. Unresolved concerns can be escalated to the Office of the Australian Information Commissioner.

⚠ This is a template. Replace placeholders and have it reviewed before going live.