Skip to main content

Privacy Policy

InkReef  ·  Version 1.1  ·  Effective date: April 21, 2026  ·  Last updated: April 21, 2026

1. What We Collect

We collect the following categories of information:

  • Account information — your name, work email address, and company name provided at signup.
  • Billing information — processed exclusively by Stripe. InkReef never sees or stores full card numbers; only the last four digits and card type are retained for display.
  • Tenant customer data — names, email addresses, phone numbers, order history, quotes, and invoices that you enter for your own customers. You remain the data controller for this information.
  • Uploaded files — artwork, mockups, and production files you upload to the platform.
  • Log data — audit logs, email delivery logs, and notification records (see Retention Schedule below).

2. Where It's Stored

All tenant data is stored in the United States:

  • Neon (PostgreSQL) (US region) — per-tenant relational database (orders, quotes, customers, invoices, users).
  • Cloudflare R2 (US region) — object storage for uploaded files (artwork, mockups, production files).

3. Retention Schedule

Log data is automatically purged on the following schedule:

Data TypeRetention Period
Audit logs180 days
Email delivery logs90 days
Read notifications60 days
Portal sessionsUntil expiry

Business records (orders, quotes, invoices, customers) are retained until you delete your account or request deletion. A 30-day grace period applies after account deletion.

4. Third-Party Services

InkReef shares limited data with the following third parties to operate the service:

Stripe

Data shared: Name, email, billing address for payment processing. Purpose: Subscription billing and invoicing.

stripe.com/privacy →

Resend

Data shared: Recipient email addresses and message content for transactional emails (account verification, password reset, quote notifications). Purpose: Transactional email delivery.

resend.com/legal/privacy-policy →

Printavo (optional integration)

Data shared: Order and customer data you choose to sync. Purpose: Two-way sync with your existing Printavo account. Only active when you configure the integration.

printavo.com/privacy →

S&S Activewear (optional integration)

Data shared: Product catalog queries and order details. Purpose: Catalog browsing and inventory lookup. Only active when you configure the integration.

ssactivewear.com/privacy-policy →

QuickBooks Online (optional integration)

Data shared: Invoice and customer data you choose to sync. Purpose: Accounting export. Only active when you configure the integration.

intuit.com/privacy/statement →

SanMar (optional integration)

Data shared: Product catalog queries and inventory lookups. Purpose: Catalog browsing and purchasing. Only active when you configure the integration.

sanmar.com/privacy-policy →

5. Your Rights

  • Access your data — export individual record types via /api/export?type=....
  • Export everything — full account data export is available via Settings → Account → Data Export.
  • Delete your account — available via Settings → Danger Zone. Data is purged after a 30-day grace period.
  • Correct inaccuracies — contact privacy@inkreef.com to request corrections to data we hold about you directly.

6. Cookies and Tracking

InkReef uses session cookies solely to maintain your authenticated session. We do not use third-party advertising cookies, cross-site tracking pixels, or behavioral profiling. No data is sold to advertisers. See our Cookie Policy for a complete list of cookies set by this service.

6a. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete — request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to opt out of sale — InkReef does not sell, rent, or share personal information with third parties for monetary or other valuable consideration. There is nothing to opt out of.
  • Right to non-discrimination — we will not discriminate against you for exercising any CCPA rights.

To exercise your rights, contact privacy@inkreef.com. We will respond within 45 days as required by law.

7. Security

InkReef implements and maintains commercially reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

  • Encryption in transit — TLS 1.3 for all connections. Insecure connections are rejected.
  • Encryption at rest — AES-256 managed by Cloudflare for all stored data.
  • Per-tenant isolation — each tenant's data lives in a dedicated database instance. Tenant data cannot bleed across accounts.
  • Immutable audit log — all significant data actions are logged and retained for 180 days.
  • Multi-factor authentication — TOTP and WebAuthn/passkey support for staff accounts.
  • Rate limiting — API endpoints are rate-limited to prevent credential stuffing and abuse.

No security system is impenetrable. If you believe there has been unauthorized access to your account, contact us immediately at security@inkreef.com. For our full breach notification commitments, see the Data Processing Agreement.

7. International Data Transfers

All data is stored and processed in the United States. If you are located in the European Union, UK, or another jurisdiction with data transfer restrictions, please be aware that your data will be transferred to and processed in the US. By using InkReef, you consent to this transfer. We do not currently maintain EU Standard Contractual Clauses; if your organization requires them, please contact privacy@inkreef.com.

8. Children's Privacy

InkReef is a business-to-business platform intended for use by adults operating print shops and apparel businesses. The service is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@inkreef.com and we will delete it promptly.

9. Changes to This Policy

InkReef may update this Privacy Policy from time to time. For material changes — such as new data categories, new sub-processors, or changes to your rights — we will notify you via email at least 30 days in advance. The effective date at the top of this page will always reflect the date of the most recent update. Your continued use of the platform after a change becomes effective constitutes your acceptance of the revised policy.

10. Contact

For privacy-related inquiries, contact us at privacy@inkreef.com. For security concerns, contact security@inkreef.com.

Version 1.1  ·  Last updated: April 21, 2026