Autoprinter

Privacy Policy

Last updated: 2026-04-24

This Privacy Policy explains how Econocraft Materials LLC ("Econocraft," "we," "us," or "our") collects, uses, shares, and protects information when you use Autoprinter, a three-part service consisting of a Shopify embedded application, a macOS Desktop Utility, and a Chrome Extension (collectively, the "Service").

Autoprinter is a business-to-business tool sold to Shopify merchants. When a merchant installs Autoprinter, we act as a data processor on that merchant's behalf. The merchant is the data controller with respect to its own customers' information. This Privacy Policy describes our own practices and complements any privacy notice the merchant publishes to its customers.

1. Who We Are

Econocraft Materials LLC 14255 N 79th St STE 4 Scottsdale, AZ 85260 United States

Primary contact for privacy requests: garrett@econocraftmaterials.com Alternate address: support@autoprinter.app

Econocraft has not appointed a Data Protection Officer; privacy questions should be sent to the addresses above. Autoprinter does not make automated decisions about individuals and does not profile merchant customers.

2. Categories of Information We Process

We process the following categories of data. Each category is listed with its source and the purpose for which we use it.

Merchant account and shop data

  • Source: Shopify's OAuth flow, completed by the merchant installing Autoprinter; and subsequent merchant configuration in the embedded app.
  • Fields: shop domain, shop name, OAuth access tokens, company logo (if uploaded by the merchant), printer assignments, template content and settings, routing rules.
  • Purpose: authenticate the merchant, operate the Service on the merchant's behalf, render documents, and queue print jobs.

Shopify order data

  • Source: the Shopify Admin API, read using the read_orders, read_products, read_fulfillments, and read_shipping scopes granted by the merchant at install.
  • Fields: order identifiers, line items, product information, order tags, custom attributes, fulfillment status, shipping and billing addresses, customer names, customer email addresses, and customer phone numbers.
  • Purpose: render packing slips, invoices, pick slips, return slips, and gift receipts on behalf of the merchant, and route print jobs to the correct workstation and printer.

End-customer personal information

  • Source: contained within Shopify order data pulled through the API above.
  • Fields: names, shipping and billing addresses, phone numbers, email addresses.
  • Purpose: display on rendered documents and shipping labels as required by the merchant's fulfillment workflow.

Device and paired-client metadata

  • Source: generated by the merchant's own Desktop Utility install and Chrome Extension during pairing.
  • Fields: workstation name (set by the merchant), hostname, operating-system platform, device pairing timestamps, last-seen timestamps.
  • Purpose: authenticate paired clients, route print jobs to the correct workstation, and troubleshoot connectivity.

Shipping-label PDF URLs detected by the Chrome Extension

  • Source: the Chrome Extension observes completed browser network requests inside the Shopify admin and detects the shipping-label PDF URLs Shopify generates when a merchant prints a shipping label.
  • Fields: the shipping-label PDF URL, the associated Shopify order identifier, and the Shopify order name.
  • Purpose: send the URL to the Autoprinter server so the merchant's paired Desktop Utility can download and print the label on the assigned label printer. We do not use these URLs for advertising, profiling, or any purpose unrelated to the merchant-requested print automation. URLs are retained only as part of the associated print-job record and are deleted on the same schedule.

Print job records

  • Source: generated by the Service each time a merchant prints a document.
  • Fields: associated order identifier, rendered HTML, print status, timestamps, printer assignment, and error messages on failure.
  • Purpose: deliver the document to the correct printer, retry on transient failure, display job history to the merchant, and diagnose problems.

Usage and diagnostic information

  • Source: generated by the Service when errors occur or when product-analytics events fire.
  • Fields: stack traces, redacted HTTP request metadata, API endpoint usage, feature-adoption events.
  • Purpose: identify and fix defects, measure feature adoption, and plan improvements.

3. Legal Bases for Processing (GDPR)

Where the EU General Data Protection Regulation or the UK GDPR applies, we rely on the following lawful bases:

  • Performance of a contract (Art. 6(1)(b)) — to deliver the Service to the merchant under the Terms of Service.
  • Legitimate interests (Art. 6(1)(f)) — to secure the Service, prevent abuse, measure feature adoption, and diagnose errors. We balance these interests against the rights and freedoms of the data subjects concerned.
  • Legal obligation (Art. 6(1)(c)) — where applicable law requires us to preserve, disclose, or delete information. Shopify platform webhooks are handled as part of performing the Service and assisting merchants with data-rights requests rather than as a legal obligation under the GDPR.

When we process the personal information of end customers on a merchant's behalf, the merchant determines the lawful basis and we act under that merchant's instructions as data processor.

4. How We Share Information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We share data only with the subprocessors listed below, each engaged under a written contract that restricts their use of the data to our service purposes.

Subprocessor Location Purpose
Railway Delaware, United States Application hosting and PostgreSQL database hosting. Stores all data at rest and handles all data in transit.
Sentry (Functional Software Inc.) Delaware, United States Error tracking. Receives stack traces and redacted HTTP request metadata. Automatic redaction strips authorization, cookie, and x-shopify-access-token headers before upload. Does not receive order data.
Resend Delaware, United States Transactional email delivery from the autoprinter.app domain.
PostHog United States (US Cloud) Product analytics. Records feature-usage events.
Shopify Canada The platform where order data originates. The merchant's relationship with Shopify and Shopify's own Data Processing Addendum govern the data's presence on Shopify.

We also disclose information when required by law, court order, or legal process, or to protect the rights, property, or safety of Econocraft, our users, or others.

5. Data Retention

  • Merchant account data, template configurations, routing rules, workstation records, and active order/print-job records are retained while the merchant's Autoprinter installation remains active.
  • Completed print job records, including rendered HTML and any shipping-label PDF URLs forwarded by the Chrome Extension, are automatically pruned 30 days after completion.
  • Shopify OAuth access tokens are retained while Autoprinter is installed and the token remains valid, and are deleted on uninstall, token rotation, or credential revocation.
  • When the merchant uninstalls Autoprinter (Shopify app/uninstalled webhook), all remaining merchant data is purged within 30 days.
  • On receipt of a Shopify shop/redact webhook, the specified shop's remaining data is purged immediately.
  • On receipt of a Shopify customers/redact webhook, the specified customer's data is purged within 30 days, in compliance with Shopify's service-level requirement.
  • Error events captured by Sentry are retained for 90 days.
  • Audit log entries for print-job lifecycle events (create, claim, complete, fail) are retained for 90 days.

Detailed retention rules are set out in our Data Retention Policy.

6. Your Rights

Rights under the GDPR (EEA, UK, Switzerland)

  • Access — obtain a copy of the personal information we hold about you.
  • Rectification — request correction of inaccurate or incomplete information.
  • Erasure — request deletion of your personal information, subject to legal exceptions.
  • Restriction — request that we limit processing in specified circumstances.
  • Objection — object to processing based on our legitimate interests.
  • Portability — receive your personal information in a structured, machine-readable format.
  • Lodge a complaint — with your local supervisory authority.

Rights under the CCPA / CPRA (California residents)

  • Right to know what personal information we collect, use, disclose, and share.
  • Right to delete personal information we have collected about you.
  • Right to correct inaccurate personal information we maintain about you.
  • Right to opt out of the sale or sharing of personal information. We do not sell or share personal information as those terms are defined under the CCPA.
  • Right to limit use of sensitive personal information. We do not use sensitive personal information for purposes that trigger this right.
  • Right to non-discrimination for exercising any of these rights.

How to exercise your rights

End customers of a Shopify merchant. We act as a processor on the merchant's behalf. Send your request to the merchant from whose store you purchased. The merchant will forward the request to us if our assistance is needed. We also respond to authenticated Shopify customers/data_request webhooks by providing the merchant with the responsive customer and order data that remains in Autoprinter, and to authenticated customers/redact webhooks by deleting the identified data.

Merchants and all other individuals. Email garrett@econocraftmaterials.com (or support@autoprinter.app). We respond within 30 days. We may request identity verification before acting on a request.

7. International Data Transfers

Our servers and primary subprocessors are located in the United States. Where a merchant or end customer resides outside the United States, personal information is transferred to the United States for processing. For transfers from the European Economic Area we rely on the European Commission's Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), with Econocraft Materials LLC acting as data importer. For UK transfers, the UK International Data Transfer Addendum (version B1.0) to the EU Standard Contractual Clauses, issued by the UK Information Commissioner's Office, applies. For Swiss transfers, the EU Standard Contractual Clauses apply with the adaptations required for Swiss data-protection law and recognized by the Swiss Federal Data Protection and Information Commissioner. Further detail is set out in our Data Processing Agreement.

8. Security

We protect your information using administrative, technical, and physical safeguards, including:

  • TLS 1.2 or higher for all data in transit.
  • PostgreSQL at-rest encryption provided by Railway.
  • SHA-256 hashing of device pairing tokens; raw tokens are returned to the paired client once and never stored.
  • Redaction of authorization, cookie, and x-shopify-access-token headers before any error event is sent to Sentry.
  • OAuth-scoped Shopify API access; the Service never requests scopes beyond read_orders, read_products, read_fulfillments, and read_shipping.
  • Rate-limiting of public endpoints to prevent abuse.

No method of transmission or storage is perfectly secure. We cannot guarantee absolute security of the information you provide to us.

9. Cookies, Chrome Extension Data Use, and Chrome Web Store Limited Use

The Autoprinter embedded Shopify app does not set tracking cookies and does not use third-party advertising identifiers. Authentication relies on short-lived Shopify session tokens managed by Shopify's App Bridge runtime, used solely to authenticate requests. The Chrome Extension and Desktop Utility do not set browser cookies.

The Autoprinter Chrome Extension uses browser data only to detect Shopify shipping-label PDF URLs and forward them to the Autoprinter server so the merchant's paired Desktop Utility can print the label. The use of information received from Google APIs and from the Chrome browser adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not sell or transfer Chrome Extension user data to third parties for advertising, creditworthiness, or data-brokerage purposes, and we do not use Chrome Extension user data for any purpose unrelated to the merchant-requested print automation.

10. Children

Autoprinter is a business-to-business service sold to Shopify merchants. It is not directed at or intended for individuals under 13 years of age, and we do not knowingly collect personal information from children. If you believe a child has provided personal information to us, contact garrett@econocraftmaterials.com and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted at autoprinter.app at least 30 days before they take effect. The date at the top of this policy reflects the most recent revision.

12. Contact

Questions or requests under this Privacy Policy:

Econocraft Materials LLC 14255 N 79th St STE 4 Scottsdale, AZ 85260 United States Email: garrett@econocraftmaterials.com (canonical) or support@autoprinter.app