Privacy & Cookies

We collect the minimum data needed to run your account and deliver your orders. We don't sell your data. We use a small number of trusted third parties (listed below) to operate the service. You have the right to access, correct, or delete your data at any time.

Lprint UAB, registered in Lithuania, is the data controller for personal information collected through brimlabel.com and the BrimLabel portal. For privacy matters, contact hello@brimlabel.com.

Lprint UAB acts as a processor of order-related data we share with them so they can fulfil your orders. They are the seller of record on your invoice and need your billing, shipping, and order details to do their part.

When you sign up and use BrimLabel, we collect:

• Account info: your name, email, password (hashed), company name, country.
• Billing details: billing address and VAT number if you provide one.
• Order data: the label specs you configure, artwork files you upload, softproofs, order history, payment method, shipping address.
• Communication: messages you send us via email or live chat.
• Technical data: IP address, browser type, device info, and how you use the site (pages viewed, clicks). See "Cookies and analytics" below.

We use your personal data to:

• Run your account and authenticate you
• Process and deliver your orders, including sharing necessary details with Lprint UAB and shipping carriers
• Take payment and issue invoices
• Send you transactional emails about your orders (softproofs, shipping notifications, invoices)
• Respond when you contact us
• Improve the product and understand how it's used
• Meet our legal obligations, such as accounting and tax

The legal basis for processing is either the performance of our contract with you (running your account, delivering orders), our legitimate interest (fraud prevention, product improvement), or your consent (analytics and marketing tools that require it — see below).

We share data only with the following service providers, all selected for their security and GDPR compliance:

• Lprint UAB — order fulfilment partner. Receives order details, artwork files, billing and shipping data so they can produce and ship your labels.
• Supabase (database and authentication) — hosts your account data. EU region.
• Vercel (web hosting) — serves brimlabel.com and the portal.
• Stripe (payments) — processes card payments. We never see or store your full card number.
• Resend (transactional email) — sends order emails on our behalf. EU region.
• Google Workspace — our email inbox (hello@brimlabel.com).
• Tidio — live chat on the marketing site.
• Google Analytics, Microsoft Clarity, Meta Pixel — analytics and marketing measurement, only after you accept analytics cookies.
• Shipping carriers (FedEx, DHL) — your name, shipping address, and phone for delivery.

We don't sell your data to anyone.

• Account info: as long as your account is active. You can ask us to delete it at any time.
• Orders and invoices: 10 years, as required by Lithuanian accounting law.
• Artwork files: up to 3 years from the last related order. Files unused for 3 years are automatically deleted.
• Marketing emails and live chat logs: until you ask us to delete them or unsubscribe.

Under GDPR you have the right to:

• Ask what data we hold about you
• Correct inaccurate data
• Delete your data (where we don't have a legal obligation to keep it, like invoice records)
• Export your data in a portable format
• Withdraw consent for analytics and marketing at any time
• Lodge a complaint with the Lithuanian State Data Protection Inspectorate (vdai.lrv.lt) if you believe we've mishandled your data

To exercise any of these rights, email hello@brimlabel.com. We'll respond within 30 days.

We use cookies to make the site work and to understand how it's used. There are two categories:

Essential cookies are needed for the site to function — keeping you signed in, remembering your cart, securing your session. These don't require consent because the site doesn't work without them. They include cookies set by Supabase (authentication) and Vercel (hosting).

Analytics and marketing cookies help us measure how the site is used and what content works. These only run if you accept them. They include:

• Google Analytics — measures site usage and traffic sources.
• Microsoft Clarity — records how visitors interact with pages (heatmaps, session replay) so we can improve the experience.
• Meta Pixel — measures the effectiveness of any marketing we run on Facebook or Instagram.
• Tidio — sets a cookie when you use the live chat so we can respond to follow-ups.

You can change your cookie preferences at any time using the link in the footer or by clearing cookies in your browser.

We protect your data using industry-standard practices: encrypted connections (HTTPS), encrypted storage at rest, hashed passwords, access controls on our databases, and regular security reviews. Payment card data never touches our servers — Stripe handles it directly.

If we ever discover a data breach affecting your information, we'll notify you and the relevant authorities as required by law.

Most of our infrastructure is in the EU. Some service providers (Stripe, Google) operate globally and may transfer data to the United States under standard contractual clauses approved by the European Commission, which provide GDPR-equivalent protection.

We may update this policy as our service evolves. The "last updated" date at the top reflects the latest version. Material changes will be communicated by email.