Information Security

This page describes Printonic’s information security practices for our website, merchant dashboard, APIs, and related services (“Services”). It is published for partners and customers who need a concise overview of how we protect data. For how we collect and use personal information, see our Privacy Policy.

1. Scope and governance

Security responsibilities are assigned to Printonic leadership and engineering. We apply these practices across production environments that store or process merchant, order, and customer data needed to operate print-on-demand fulfillment and integrations.

2. Access control

Access to production systems, source code, and cloud administration is limited to authorized personnel based on role need. We use strong authentication for administrative accounts, including multi-factor authentication where supported. Database and application access follow least-privilege principles through our cloud providers’ controls and application design.

3. Encryption and transmission

Data in transit between users and our Services is protected using industry-standard TLS (HTTPS). Data at rest is protected using the encryption and storage controls provided by our cloud database, hosting, and object storage providers.

4. Secrets and configuration

API keys, tokens, and other secrets are stored in secure environment configuration managed by our hosting platform—not in source code or public repositories. Access to those values is restricted to deployment and operations needs.

5. Subprocessors

We rely on reputable infrastructure and service providers (for example hosting, database and authentication, payments, shipping, and platform integrations) to deliver the Services. We select vendors with appropriate security posture for their role and restrict data shared to what is needed to perform the service.

6. Monitoring and vulnerability management

We use logging and monitoring appropriate to our environment to detect operational and security issues. We keep dependencies and frameworks reasonably current and address critical security issues in line with their severity.

7. Incident response

If we become aware of a security incident affecting personal data, we assess impact, contain and remediate the issue, and notify affected parties and regulators when required by applicable law or contract.

8. Review

We review this overview periodically and update it when our practices or infrastructure materially change. The publication date of substantive updates will be reflected by changes on this page.

Questions about security may be directed to the same contact as our Privacy Policy: