Privacy Policy

Information you provide

• Account and profile details — name, email address, phone number, and password.
• Business details — shop name, address, tax or registration details, logo, and branding.
• Billing details — processed through our payment provider; we store limited identifiers and the last four digits of a card, never full card numbers.
• Content you upload — artwork, designs, product images, fonts, gang sheets, and related files.
• Communications — support requests, contact-form submissions, and survey responses you send us.

Information your shop’s customers and staff generate

When you operate a shop on Kohezn, your customers and staff create data through normal use — orders, quotes, work orders, payments, shipping addresses, loyalty activity, messages, and uploaded artwork. We process this on your behalf as your service provider, as described in our agreement with you.

Information we collect automatically

• Device and usage data — browser type, operating system, pages viewed, actions taken, and timestamps.
• Log and diagnostic data — IP address, request paths, and error reports captured by our self-hosted monitoring.
• Approximate location — derived from your IP address.
• Cookies and similar technologies — see "Cookies & Tracking" below.

• Provide, operate, secure, and maintain the platform.
• Authenticate users and keep sessions active.
• Process orders, payments, payouts, shipping, and accounting sync that you initiate.
• Generate, store, and (where applicable) automatically delete print files and other artifacts.
• Provide AI-assisted features you choose to use.
• Communicate with you about your account, transactions, security, and support.
• Send marketing communications where permitted, which you can opt out of at any time.
• Detect, prevent, and investigate fraud, abuse, security incidents, and violations of our terms.
• Comply with legal obligations and enforce our agreements.
• Improve the platform using aggregated or de-identified data.

We use cookies and similar technologies to keep you signed in, remember preferences, secure requests, and understand how our marketing site and dashboard are used.

Types we use

• Strictly necessary — session and authentication cookies (set as secure, HTTP-only, and scoped to our domain) and request-protection (CSRF) tokens, without which the service cannot function.
• Functional — remember your settings and preferences.
• Analytics — help us understand usage and improve the product.

You can control or disable cookies in your browser settings. Disabling strictly necessary cookies will prevent you from signing in or using core features. We honor Global Privacy Control (GPC) signals where required by law.

We do not sell your personal information. We share information only with service providers ("sub-processors") that help us run the platform, and only as needed to deliver the features you use. Each is bound by contractual obligations to protect your data and to use it only to provide services to us.

Categories and key sub-processors

• Payments — Stripe, Inc., to process payments, store payment methods as tokens, manage payouts and seller accounts, and handle billing and disputes.
• Cloud hosting & email — Amazon Web Services, to host application infrastructure, send transactional and marketing email (Amazon SES), and screen uploaded images for unsafe content (Amazon Rekognition).
• Storage, CDN & edge — Cloudflare, to store uploaded files and rendered outputs, deliver and optimize images, and protect and route traffic.
• AI features — OpenAI and Anthropic, to power generative and assistive features you choose to use, processing the prompts, text, and images involved.
• Image processing — Replicate, to perform tasks such as background removal and image upscaling on images you submit.
• Messaging — Twilio, to send SMS and push notifications that you or your shop’s customers have opted into.
• Shipping — carriers and shipping APIs such as UPS, to obtain rates, generate labels, and track shipments using sender/recipient addresses and package details.
• Error monitoring — a self-hosted Sentry instance we operate, to capture diagnostic and error data; this data stays within infrastructure we control.
• Secrets management — Doppler, to manage application configuration and credentials; no customer data is sent.
• Optional integrations you connect — Google Drive, Dropbox, and Canva (to import files you select); QuickBooks Online and Xero (to sync orders, invoices, and payments to your accounting); and online sales channels such as Etsy. These run only when you authorize them.
• Security — the "Have I Been Pwned" service, to check passwords against known breaches; we send only a short, partial hash of a password, never the password itself.

Other disclosures

• To comply with law, regulation, legal process, or an enforceable governmental request.
• To enforce our terms and protect the rights, property, and safety of Kohezn, our users, and the public.
• In connection with a merger, acquisition, financing, or sale of assets, subject to this policy.

Our platform runs on cloud infrastructure provided by Amazon Web Services and Cloudflare, hosted primarily in the United States. Our primary application database (PostgreSQL), cache and job queues (Redis), and search index (Typesense) hold the structured data described above; uploaded files and rendered outputs are stored in Cloudflare object storage.

If you access Kohezn from outside the United States, your information will be transferred to and processed in the United States and other countries where we or our sub-processors operate. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses for these transfers.

We retain personal information for as long as your account is active and as needed to provide the service, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and the purpose for which it was collected.

Print files (gang sheets and rendered artwork)

Rendered, print-ready output files (for example, flattened gang sheet PNGs) are large and are automatically and permanently deleted approximately 90 days after the related order reaches a fulfilled status. Deleting a rendered print file does not delete the underlying design: the design document, layout, and your source artwork are retained on your account so the print file can be regenerated on demand. This is described in more detail in our Terms of Service.

Account closure

When an account is closed, we delete or de-identify personal information within a commercially reasonable period, except where retention is required for legal, accounting, security, or legitimate business purposes (for example, transaction records needed for tax and fraud prevention). Backups are purged on a rolling schedule.

We use technical and organizational measures to protect information, including: encryption in transit (TLS) and at rest; strict tenant isolation enforced at the database layer (row-level security) so one shop’s data is not accessible to another; hashed passwords; scoped, HTTP-only session cookies; malware scanning and content moderation on uploads; least-privilege access controls; and ongoing monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Some features use artificial intelligence to assist you — for example, generating content, mapping data during setup, suggesting designs, or moderating uploads. When you use these features, the relevant inputs (such as text or images) are processed by the AI providers listed above solely to return a result to you. These features assist your decisions and do not make legal or similarly significant decisions about individuals on their own. Content moderation may automatically flag or hold an upload for human review.

EEA, UK & Switzerland (GDPR)

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the right to access, correct, delete, or port your personal data; to restrict or object to certain processing; and to withdraw consent. Our legal bases for processing are performance of a contract, our legitimate interests in operating and securing the platform, your consent (for example, for certain marketing or cookies), and compliance with legal obligations. You may lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

If you are a California resident, you have the right to know what personal information we collect and how it is used and shared, to request access and deletion, to correct inaccurate information, and to limit the use of sensitive personal information. We do not sell your personal information and do not share it for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.

Over the past 12 months we have collected the following categories of personal information: identifiers (such as name, email, and IP address); commercial information (such as orders and transactions); internet or other network activity (such as usage and log data); approximate geolocation (from IP address); and content you upload. We collect this for the business purposes described above and disclose it to the service providers listed above.

How to exercise your rights

When Kohezn is the controller of your information, email us at privacy@kohezn.com and we will respond within the time required by law. If you are a shopper or staff member of a shop that uses Kohezn, please direct your request to that shop, which controls your data; we will assist the shop as its service provider. We may need to verify your identity before acting on a request, and you may use an authorized agent where the law permits.

Kohezn is a business tool and is not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date and, where appropriate, provide additional notice. Your continued use of the platform after an update takes effect constitutes acceptance of the revised policy.

If you have questions about this policy or your information, contact our privacy team at privacy@kohezn.com, or write to us at Kohezn, Inc., [mailing address]. For general inquiries you can also use our contact page.