Privacy Policy
Last updated: November 10, 2025
1. Introduction
Welcome to PrintableHandwriting.com. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our website and AI handwriting analysis services. We are committed to transparency and protecting your privacy rights. By using our services, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
We collect several types of information: (a) Account Information: When you create an account, we collect your email address, name, and password (encrypted). (b) Payment Information: Processed by Creem, our payment processor (see Payment Processing section). (c) Handwriting Images: Images you upload for AI analysis are temporarily stored and processed. (d) Usage Data: We collect information about how you use our services, including pages visited, features used, and time spent. (e) Technical Data: IP address, browser type, device information, operating system, and referring URLs. (f) Cookies and Tracking: We use cookies and similar technologies for authentication, preferences, and analytics.
3. How We Use Your Information
We use your information for the following purposes: (a) Service Delivery: To provide AI handwriting analysis, manage your account, and process credits. (b) Communication: To send transactional emails (receipts, analysis results, account notifications). We will never send unsolicited marketing emails without your explicit consent. (c) Improvement: To analyze usage patterns and improve our AI models, website features, and user experience. (d) Security: To detect and prevent fraud, abuse, and security threats. (e) Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights.
4. Payment Processing and Paddle
All payment transactions are processed by Paddle, who acts as our Merchant of Record. When you make a purchase: (a) Payment Data Collection: Paddle collects your payment card information (card number, expiration date, CVV), billing address, and payment email. We never see or store your full payment card details on our servers. (b) Paddle's Role: Paddle handles all payment processing, fraud detection, PCI DSS compliance, and refund transactions. Your credit card statement will show charges from Paddle. (c) Data Sharing: We share your account email and order details with Paddle to process payments and match transactions to your account. (d) Paddle's Privacy Policy: Your payment data is also governed by Paddle's Privacy Policy, available at https://paddle.com/privacy. We recommend reviewing their policy. (e) Purchase Records: We store transaction IDs, purchase amounts, credit package details, and purchase timestamps in our database.
5. Third-Party Services
We use trusted third-party services to operate our platform: (a) Supabase: Provides authentication services and database hosting. Stores user accounts, uploaded images, and analysis results. Data stored in secure US-based data centers. Privacy policy: https://supabase.com/privacy. (b) Google AI (Gemini): Processes handwriting images to generate AI analysis reports. Images are sent to Google's API and are not retained by Google beyond processing time according to their API terms. Privacy policy: https://policies.google.com/privacy. (c) Paddle: Payment processor and Merchant of Record (see Payment Processing section). (d) Vercel: Hosts our website infrastructure with edge caching. May process request logs and technical data. Privacy policy: https://vercel.com/legal/privacy-policy. (e) Analytics Services: We may use analytics tools to understand user behavior (cookies can be controlled via browser settings). Each service has its own privacy policy governing how they handle data.
6. Data Security
We implement industry-standard security measures to protect your information: (a) Encryption: All data transmitted between your browser and our servers uses HTTPS/TLS encryption. Passwords are hashed using bcrypt with salt. (b) Access Controls: Strict internal access controls limit employee access to personal data on a need-to-know basis. (c) Infrastructure Security: Our hosting infrastructure (Vercel, Supabase) provides DDoS protection, firewall rules, and regular security updates. (d) Image Handling: Uploaded handwriting images are automatically deleted from our servers after 30 days unless you save them in your account. (e) Payment Security: We never store full credit card numbers. Payment data is handled by PCI DSS compliant processors. (f) Monitoring: We monitor for suspicious activity and security breaches. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
7. Data Retention
We retain your data for the following periods: (a) Account Data: Retained while your account is active and for 12 months after account closure or last login (whichever is later) for legal compliance and dispute resolution. (b) Handwriting Images: Automatically deleted 30 days after upload unless saved to your account library. Saved images are retained until you delete them or close your account. (c) Analysis Reports: Retained indefinitely while your account is active to maintain your history. Deleted within 30 days of account closure. (d) Transaction Records: Retained for 7 years after the transaction date for tax compliance, accounting, and legal requirements. (e) Log Files: Server logs and technical data are retained for 90 days for security monitoring. (f) Deleted Data: When you request data deletion or close your account, we permanently delete your data within 30 days, except where we're legally required to retain it.
8. Your Privacy Rights
Depending on your location, you may have the following rights: (a) Right to Access: Request a copy of all personal data we hold about you. (b) Right to Rectification: Request correction of inaccurate or incomplete data. (c) Right to Erasure (Right to be Forgotten): Request deletion of your personal data, subject to legal retention requirements. (d) Right to Restrict Processing: Request limitation on how we use your data. (e) Right to Data Portability: Receive your data in a structured, machine-readable format for transfer to another service. (f) Right to Object: Object to processing based on legitimate interests or direct marketing. (g) Right to Withdraw Consent: Withdraw consent for data processing where we rely on consent. (h) Right to Lodge a Complaint: File a complaint with your local data protection authority if you believe we've violated your privacy rights. To exercise any of these rights, contact us at support@printablehandwriting.com with your account email and specific request. We will respond within 30 days.
9. GDPR Compliance (EU/EEA Users)
If you are located in the European Union or European Economic Area, additional protections apply: (a) Legal Basis: We process your data based on: (i) Contractual necessity to provide our services; (ii) Your explicit consent; (iii) Legitimate interests (fraud prevention, service improvement); (iv) Legal obligations. (b) Data Controller: PrintableHandwriting.com acts as the data controller for your personal information. (c) Data Protection Officer: For GDPR inquiries, contact support@printablehandwriting.com. (d) Cross-Border Transfers: Your data may be transferred to and processed in the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to protect international data transfers. (e) Your EU Rights: All rights listed in Section 8 apply, including the right to lodge a complaint with your supervisory authority.
10. CCPA Compliance (California Users)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA): (a) Right to Know: You can request disclosure of the categories and specific pieces of personal information we've collected, the sources, purposes, and third parties we share it with. (b) Right to Delete: Request deletion of your personal information, subject to exceptions. (c) Right to Opt-Out: We do not sell your personal information to third parties. (d) Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. (e) Authorized Agent: You may designate an authorized agent to submit requests on your behalf. (f) Verification: We will verify your identity before processing requests by matching your email address and account information. (g) Response Time: We will respond to verified requests within 45 days. To exercise your CCPA rights, email support@printablehandwriting.com with 'CCPA Request' in the subject line.
11. Children's Privacy (COPPA Compliance)
Our services are intended for users aged 13 and older. We comply with the Children's Online Privacy Protection Act (COPPA): (a) Age Restriction: We do not knowingly collect personal information from children under 13 years of age. (b) Parental Consent: If a parent or guardian discovers their child under 13 has created an account without permission, please contact us immediately at support@printablehandwriting.com. (c) Account Deletion: We will promptly delete accounts and associated data of children under 13. (d) Educational Use: Teachers and parents may use our services to help children practice handwriting. In such cases, the adult user is responsible for compliance with COPPA and must not upload personally identifiable information of children. (e) School Use: Schools using our services must ensure they have appropriate parental consent and comply with FERPA and COPPA requirements.
12. Cookies and Tracking Technologies
We use cookies and similar technologies to enhance your experience: (a) Essential Cookies: Required for authentication, security, and core functionality. These cannot be disabled without breaking the service. Examples: session cookies, CSRF tokens. (b) Functional Cookies: Remember your preferences and settings (language, theme). (c) Analytics Cookies: Help us understand how users interact with our site to improve performance and features. We may use services like Vercel Analytics or Google Analytics. (d) Third-Party Cookies: Our payment processor (Creem) and hosting provider may set their own cookies. (e) Managing Cookies: You can control cookies through your browser settings. Blocking essential cookies may limit functionality. Most browsers allow you to: (i) View and delete cookies; (ii) Block third-party cookies; (iii) Block all cookies (not recommended); (iv) Delete cookies when closing browser. (f) Do Not Track: We respect Do Not Track (DNT) signals where technically feasible.
13. International Data Transfers
Our services are operated from the United States, and your data may be transferred to, stored, or processed in the US or other countries: (a) Data Location: Primary data storage is in US-based data centers (Supabase US regions, Vercel edge network). (b) Legal Basis for Transfers: We transfer data internationally based on: (i) Your consent; (ii) Standard Contractual Clauses (SCCs) approved by the European Commission; (iii) Adequacy decisions by relevant authorities. (c) Data Protection: All international transfers comply with applicable data protection laws, including GDPR and CCPA. (d) Third-Party Transfers: Our service providers (Supabase, Google AI, Creem, Vercel) may also process data internationally under their own privacy frameworks. (e) Questions: If you have concerns about international data transfers, contact us at support@printablehandwriting.com.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations: (a) Notification: We will notify you of material changes by: (i) Updating the 'Last Updated' date at the top of this policy; (ii) Sending an email to your registered email address; (iii) Displaying a prominent notice on our website. (b) Effective Date: Changes become effective 30 days after notification, unless a longer period is required by law. (c) Your Consent: Your continued use of our services after changes take effect constitutes acceptance of the updated policy. (d) Review: We encourage you to review this Privacy Policy periodically. (e) Previous Versions: We maintain an archive of previous policy versions upon request.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: support@printablehandwriting.com. Response Time: We aim to respond to all privacy inquiries within 2-3 business days. For GDPR or CCPA requests, we will respond within the legally required timeframes (30 days for GDPR, 45 days for CCPA). Mailing Address: Available upon request for formal legal notices. We are committed to working with you to resolve any privacy concerns fairly and promptly.