Privacy Policy

Last updated: May 19, 2026

Effective: May 19, 2026

This Privacy Policy explains how Roaming Aarau LLC, a New York limited liability company doing business as PrintByPost ("PrintByPost," "we," "us," or "our"), handles personal information in connection with the website at printbypost.com and the printing and mailing services offered through it (collectively, the "Service"). By using the Service you confirm that you have read and understood this Policy.

1. Scope

This Policy applies to:

  • Visitors who browse the public pages of printbypost.com.
  • Customers who place orders, with or without a signed-in account.
  • Recipients of mail sent through the Service, to the limited extent we hold information about them (typically a name and postal address provided by the sender).
  • People who contact us for support, feedback, or business inquiries.

This Policy does not apply to third-party websites or services we link to (for example, USPS tracking pages), even if you reach them through the Service.

2. Information We Collect

a. Information you provide directly

  • Account information if you choose to sign in: name, email address, and a Google account identifier returned by Google Sign-In.
  • Order information: shipping name, shipping address, email address for receipts, and any optional custom return address you provide.
  • Uploaded content: the PDF documents you submit for printing, along with technical metadata about them (page count, file size, MIME type).
  • Communications: messages you send to support, including any contact details and attachments included in them.

b. Information about recipients

If you are sending mail to a third party, you provide us with the recipient's name and postal address. We use that information only to print the address block, generate a shipping label, and hand the piece of mail to USPS. We do not contact recipients on our own initiative.

c. Payment information

Payments are processed by Stripe, Inc. Card numbers are entered directly into Stripe's secure payment element and are never transmitted to or stored on our servers. We retain only the Stripe payment intent ID, the brand and last four digits of the card, the billing ZIP code if Stripe returns it, the amount, and the transaction status.

d. Information collected automatically

  • Log data: IP address, user-agent string, pages visited, referrer, and timestamps. We use this for security, abuse prevention, and basic operational monitoring.
  • Cookies and similar technologies: see Section 6.
  • Address autocomplete: when you type in the shipping or return-address field, partial address fragments are sent to Google Maps Platform to fetch suggestions. Google processes that data under its own privacy policy.

3. How We Use Information

  • To accept, process, print, and mail your order, including generating shipping labels and tendering mail to USPS.
  • To send transactional messages: order confirmations, shipping notifications, refund notices, and replies to support requests.
  • To take payment and issue refunds via Stripe.
  • To detect, investigate, and prevent fraud, abuse, security incidents, and violations of our Terms of Service.
  • To comply with applicable law, lawful requests from authorities, tax and accounting obligations, and to enforce our agreements.
  • To operate, maintain, debug, and improve the Service.

We do not sell or rent personal information. We do not use uploaded documents to train machine-learning models. We do not use uploaded documents for advertising.

4. Legal Bases for Processing (EEA / UK)

If you are located in the European Economic Area or the United Kingdom, we rely on the following legal bases under GDPR:

  • Performance of a contract — to print and mail the order you placed and to provide customer support.
  • Legitimate interests — to secure the Service, prevent fraud, and improve the Service in ways that do not override your rights.
  • Legal obligation — for tax, accounting, and responding to lawful requests.
  • Consent — where you have given it, for example for any optional non-essential cookies. You may withdraw consent at any time.

5. How We Share Information

We share personal information only as described below. We do not sell personal information.

  • Service providers that process data on our behalf under written contracts:
    • Google Firebase (Google LLC) — authentication, database, file storage, and application hosting.
    • Stripe — payment processing.
    • EasyPost — shipping rate lookup and USPS label generation. The shipping address and parcel dimensions/weight are shared with EasyPost.
    • USPS — actual carriage of mail. USPS receives the sender, recipient, and address information printed on each piece of mail.
    • Google Maps Platform — address autocomplete and validation.
    • Gmail SMTP (Google LLC) — sending order receipts and notifications.
    • Twilio — SMS notifications to the operator about new orders. Recipient phone numbers, if any, are not used for SMS.
  • Legal compliance and safety: we may disclose information to comply with a subpoena, court order, or other legal process; to enforce our Terms; or to protect the rights, property, or safety of PrintByPost, our customers, or others.
  • Business transfers: if PrintByPost or its assets are acquired, merged, or transferred, personal information may be transferred as part of that transaction, subject to this Policy.
  • With your direction: we will share information with other third parties at your written request.

6. Cookies and Similar Technologies

We use two categories of cookies and similar technologies:

Strictly necessary / functional — always active, no consent required:

  • Session cookies set by Firebase Authentication if you sign in, to keep you signed in.
  • CSRF and security tokens required to safely submit forms.
  • Browser storage used to remember your cart between steps of the checkout flow.

Analytics — consent-based:

  • Google Analytics 4 (via the Firebase Analytics SDK), used to measure aggregate traffic — which pages are visited, how visitors arrived, and basic device/browser stats. No advertising, no retargeting, no cross-site tracking. If you are visiting from the EU, UK, EEA, or Switzerland, this is disabled by default until you click “Accept” on the cookie banner. Elsewhere, it is enabled by default.

You can also block or delete cookies through your browser settings, but the Service may not function correctly if you disable the strictly necessary ones.

7. Data Retention

We keep personal information only as long as needed for the purposes described in this Policy:

  • Uploaded PDF files are deleted from our cloud storage no later than 30 days after the order is marked shipped, or earlier on request.
  • Order metadata (order ID, status, addresses, amounts, payment intent ID) is retained for at least seven years to satisfy U.S. tax, accounting, and chargeback-defense requirements.
  • Account records are retained while your account is active and for a reasonable period afterward.
  • Logs are retained for up to 90 days, then automatically purged unless tied to an open investigation.

8. Security

We use industry-standard technical and organizational measures to protect personal information, including encryption in transit (HTTPS/TLS), encryption at rest for files stored in Firebase Storage, scoped access controls, and the principle of least privilege for staff access. No system is perfectly secure, however, and we cannot guarantee absolute security. You are responsible for keeping any account credentials confidential.

9. International Data Transfers

PrintByPost is operated from the United States, and our service providers are located primarily in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, which may have data-protection laws that differ from those of your country. Where required, we rely on appropriate transfer mechanisms such as the Standard Contractual Clauses.

10. Your Privacy Rights

a. All users

You may email info@printbypost.com at any time to access, correct, or delete information we hold about you. We may need to verify your identity before responding and may decline requests where retention is required by law.

b. California residents (CCPA / CPRA)

Subject to certain exceptions, you have the right to:

  • Know what categories of personal information we have collected about you, the sources, the purposes, and the categories of recipients.
  • Receive a copy of the personal information we hold.
  • Request correction of inaccurate information.
  • Request deletion of your information.
  • Limit the use of sensitive personal information (we do not use sensitive personal information for purposes that would trigger this right).
  • Opt out of the "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
  • Be free from discrimination for exercising any of these rights.

c. EEA / UK residents (GDPR)

You have the right to:

  • Access your personal data.
  • Have inaccurate data corrected.
  • Have data erased (right to be forgotten).
  • Restrict or object to certain processing.
  • Receive your data in a portable format.
  • Withdraw consent for any processing based on consent, without affecting the lawfulness of processing before the withdrawal.
  • Lodge a complaint with your local data-protection authority.

d. Do Not Track and Global Privacy Control

We do not track users across third-party sites and therefore do not respond differently to Do Not Track signals. Because we do not sell or share personal information, GPC signals do not change our handling, but we honor them as an additional confirmation of that fact.

11. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Third-Party Links and Services

The Service may contain links to third-party websites, including USPS tracking pages. We are not responsible for the privacy practices or content of those websites. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Policy from time to time. When we make material changes we will update the "Last updated" date and, where appropriate, provide additional notice (for example, by email or an in-product notice). Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

14. Contact Us

If you have questions about this Policy or our handling of personal information, contact:

Roaming Aarau LLC
d/b/a PrintByPost
Email: info@printbypost.com