Skip to main content
← Back to home

Privacy Policy

Last updated: April 2026

Hills Prints (“we”, “us”) is an Australian business that makes custom map posters. We handle your personal information in line with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth). This policy explains what we collect, why, and the rights you have.

1. Information we collect

When you place an order: your name, email, shipping address, and payment details (handled by Stripe — we never see or store card numbers).

When you design a poster: the GPS coordinates, distance, elevation, and timing of the activity you choose to include. If you connect Strava, we request read access to your own activities only. We do not access private activities or friends’ data.

When you browse the site: basic, anonymous usage data via Vercel Analytics (page views, device type). We do not use advertising cookies.

2. How we use your information

  • To render and fulfil your poster order.
  • To email you order confirmation, shipping updates, and support replies.
  • To diagnose errors via Sentry (stack traces, request path — no personal data).
  • To improve our service based on aggregated, anonymous usage patterns.

We never sell your personal information and never will.

3. Third parties we share data with

Some of these providers are based overseas, which means your personal information may be disclosed to recipients outside Australia. Where that happens, we rely on each provider’s own privacy and security commitments (most are GDPR-bound or equivalent).

  • Stripe (USA, Australia) — payment processing.
  • Gelato (Norway, global print network) — print fulfilment and shipping. Your shipping address and the PDF of your poster are sent to Gelato.
  • Strava (USA, optional) — only if you connect. Governed by Strava’s own policy.
  • Resend (USA) — transactional email delivery.
  • Mapbox / MapTiler (USA / Estonia) — map tile rendering.
  • Vercel (USA) and Neon (USA) — hosting and database.

4. Data retention

Order records and the PDF files we render are retained for 5 years to meet Australian Taxation Office record-keeping obligations. Route data for completed orders is kept alongside so we can re-print a replacement if needed. You can request earlier deletion under section 5 below; we will honour it except where retention is legally required.

5. Your rights

Under the Australian Privacy Act, you can ask us to:

  • Give you a copy of the personal information we hold about you (access request).
  • Correct anything that is inaccurate or out of date.
  • Delete your personal information, unless we are legally required to keep it.

Email support@hillsprints.app with your request. We aim to respond within 30 days.

If you are in the EU or UK, GDPR / UK GDPR give you equivalent rights. If you are in New Zealand, the Privacy Act 2020 applies. The same email address covers all jurisdictions.

6. Complaints

If you believe we’ve mishandled your personal information, please contact us first so we can try to put it right. If you remain unsatisfied, you can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au, or the equivalent regulator in your jurisdiction.

7. Data storage & security

All data is transmitted over HTTPS. Payment details are tokenised by Stripe and never touch our servers. Our database (Neon/PostgreSQL) and file storage (Vercel Blob) are encrypted at rest. Admin access is restricted and logged.

8. Cookies

We set one essential cookie (payload-token) to keep you signed in to the admin and customer portal. Vercel Analytics sets a short-lived anonymous identifier. No third-party advertising cookies.

9. Changes to this policy

We may update this policy as our service evolves. We will note the date at the top, and for material changes we will email any affected customers.

10. Contact

Privacy questions or requests: support@hillsprints.app.