Privacy Policy

Son güncelleme: June 27, 2026

1. Who we are

ZPLCraft (“we”, “us”, “our”) is the controller for the online ZPL label designer available at label-designer.app. This policy explains what personal data we collect when you use the service, why we collect it, who we share it with, how long we keep it, and the choices you have. For any privacy request, security notice or legal question, contact us at yodabisp@gmail.com.

2. Information we collect

  • Account information. ZPLCraft uses Google sign-in through Supabase Auth. When you create or use an account, we receive and store your email address, a unique account identifier and limited Google profile information that Google provides to the sign-in flow, such as your display name. We do not receive or store your Google password.
  • Label, team and sharing content. Label designs you save to your account, including label names, sizes, canvas layout data and generated ZPL code, are stored so you can reopen them across sessions and devices. We also store custom start-design presets, built-in template favorites, label sharing records, recipient email addresses, team names, team memberships, team roles, team invitations and shared team-space labels when you use those features.
  • Imports, previews and print data. Files and data you import, such as DOCX, CSV, image or ZPL input, are processed in your browser unless you save the resulting label or use a rendering feature. When you request real-time previews, PNG/PDF downloads or PNG/PDF output through the label API, the generated ZPL and any label text or variables inside it are sent to Labelary to create the rendered file. WebUSB, browser print, network print and the optional local print bridge send print data from your browser or local machine to your printer; that print stream does not pass through our Supabase database.
  • Usage, API, feedback and optional analytics records. We record label creation and export events to enforce free-plan monthly limits. If you create API keys, we store the key name, key prefix, SHA-256 hash of the key, creation time, last-used time and rate-limit counters; the full secret key is shown only once and is not stored. If you submit feedback, we store your category, message, route, browser user-agent and account identifier. To understand how the service is used and improve it, we record limited product interaction events and workflow summaries for signed-in users, including event name, route, per-tab session identifier, limited non-content metadata, browser user-agent and timestamp. We intentionally filter these analytics to exclude label content, ZPL, file names, feedback text, printer addresses, tokens, secrets, passwords and similar sensitive values. If you would prefer that we not use your data for product analytics, contact us using the details in the Contact section below and we will exclude your account and delete the related records.
  • Payment, error and diagnostic data. Subscriptions, trials, invoices and billing-portal sessions are processed by Stripe. We never see or store your full card number or card security code. We store your Stripe customer and subscription identifiers, plan, billing interval, subscription status, seat count where applicable and billing period end so we can provide the features you paid for and prevent duplicate billing. If something goes wrong while you are signed in, the app may automatically report the error to us, including the error message, stack trace, page route, limited context and browser user-agent string. Reports are sanitized before sending to redact tokens, keys, ZPL/canvas data, passwords and other credentials, and reporting is rate-limited.

We do not use third-party analytics or advertising trackers, and we do not sell personal data or share it for cross-context behavioral advertising.

3. How we use your information

  • To provide the service: authenticate you, store and load your label designs, import content, render previews, print and export labels, operate label sharing, team workspaces and API access.
  • To operate billing and plan access: start trials, create checkout sessions, manage subscriptions, apply plan limits, manage seats, prevent duplicate billing, process payments through Stripe and enforce rate limits.
  • To protect, maintain and improve the service: diagnose errors, investigate abuse, secure accounts and infrastructure, keep the service reliable, use feedback and use product analytics.
  • To communicate with you about your account, billing, support requests, privacy requests, security notices or important changes to the service. If privacy laws such as the GDPR or UK GDPR apply, our legal bases are contract necessity for account, service, billing and team features; legitimate interests for security, abuse prevention, diagnostics, support, product analytics and product improvement; and legal obligations for tax, accounting, compliance and dispute handling.

4. Third-party services

We rely on a small number of service providers to run ZPLCraft:

  • Supabase hosts our database, authentication and serverless functions. Your account data, saved labels, sharing/team records, usage records, product analytics records, feedback, API key hashes and error reports are stored or processed there. See the Supabase privacy policy.
  • Google provides sign-in. Google’s handling of your Google account data is governed by the Google privacy policy.
  • Stripe processes subscriptions, trials, invoices, payment methods and the customer billing portal. See the Stripe privacy policy.
  • Labelary renders label previews and PNG/PDF label outputs. When you use those rendering features, the ZPL code being rendered, including any text, barcode data or variables it contains, is sent to the Labelary API.

Printing over WebUSB, browser print, network printer endpoints or the optional local print bridge happens directly from your browser or local machine to the selected printer or bridge endpoint. Printer addresses, copy counts and related print preferences are stored locally in your browser when saved.

5. Cookies and local storage

Supabase stores your sign-in session in browser storage so you can stay signed in. ZPLCraft stores small local preferences and temporary state, such as language choice, printer settings, copy count, a temporary ZPL import during sign-in, a one-time chunk-retry flag, a product analytics session ID and a short queue of pending analytics events. These are used for authentication, preferences, reliability or product analytics. We do not use advertising or cross-site tracking cookies.

6. Data retention and deletion

We keep your account, saved labels, presets, favorites, shares, teams, API key records and preferences for as long as your account exists or the feature is active. Usage logs, product analytics, feedback, error reports, billing records and security records are kept for as long as needed to operate the service, comply with law, resolve disputes, prevent abuse and maintain backups. If you want your account and associated data deleted, email yodabisp@gmail.com from the address linked to your account and we will delete or anonymize it within 30 days where reasonably possible, except for records we are legally required or permitted to keep, such as billing, tax, security, abuse-prevention or dispute records, and except for data already de-identified or aggregated.

7. Your rights

Depending on where you live, you may have rights to access, correct, export, restrict the processing of, object to the processing of, or delete your personal data. If you are in the European Economic Area, United Kingdom or a similar jurisdiction, you may also have the right to object to our use of your data for product analytics and to lodge a complaint with your local data protection authority. If you are a California consumer, you may have rights to know, access, correct, delete and opt out of sale or sharing; we do not sell personal data or share it for cross-context behavioral advertising. To exercise any privacy right, contact us at yodabisp@gmail.com.

8. Security

Data is transmitted over encrypted connections (HTTPS) and stored with row-level access controls so that your saved labels and account data are available only to your account, authorized team members or share recipients where you enabled those features, and to us where necessary to operate, secure and support the service. API keys are stored as hashes, not as reusable secrets. No method of transmission or storage is completely secure, but we work to protect your data using industry-standard practices and least-privilege access.

9. Children

ZPLCraft is not directed at children and is not intended for use by anyone under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it where required.

10. Changes to this policy

We may update this policy from time to time. We will post the updated version on this page and change the “Last updated” date above. If a change is significant, we will make reasonable efforts to notify you, for example by email or an in-app notice before or when the change takes effect.

11. Contact

Questions about this policy or your data? Email yodabisp@gmail.com.