Privacy Policy

Last Updated: May 8, 2026

1. Introduction

At LabelInn ("we", "our", "the application"), we are committed to protecting our users' privacy. This Privacy Policy explains the information we collect when you use the LabelInn application, how we use this information, and how we share it.

2. Information We Collect

2.1. Account Information

When you register, we collect the following information:

• Email address
• Password (stored encrypted)
• First and last name
• Phone number
• Company information (optional)
• Address information (optional)

2.2. Usage Information

While using the application, we collect the following information:

• Login dates
• Label designs and projects
• Printing history
• Device information (device ID, operating system, model)

2.3. Technical Information

For the proper functioning of the application:

• IP address (for security and trial version control)
• Browser type and version
• Operating system information

2.4. Visitor Identifier & First-Touch Attribution (Website)

When you first visit the LabelInn website we generate a random identifier (UUID) and store it in your browser's localStorage under the key labelinn_visitor_id. We also record your first-touch attribution — UTM parameters, referrer, landing page — and lock those values for the lifetime of that identifier. This lets us connect your website journey to your eventual signup or download (so we can attribute marketing spend honestly) without using third-party tracking cookies. The identifier is not derived from your hardware and is not shared with any third party. You can clear it at any time by clearing your browser's site data.

2.5. Analytics & Session Recording

Subject to your cookie consent, we use the following analytics tools on our website and in our application:

• Google Analytics 4 (measurement ID G-ZLRPC3KZZP) — page views, button clicks, conversion events.
• Google Ads conversion tracking (AW-17891040154) — only triggered on signup, payment, and download events.
• Microsoft Clarity (project vt3ctpu254) — anonymised session recordings and heatmaps. We use Clarity's privacy-conscious masking (passwords, payment fields, and any element marked with data-clarity-mask never enter recordings).
• Firebase Analytics — used only inside the desktop and mobile app to understand feature usage.

Analytics are gated behind our cookie banner. You can decline analytics at any time and the gating script will neither load nor send any data to these providers.

2.6. Device Fingerprint (Desktop & Mobile App)

The LabelInn desktop and mobile applications generate a stable device identifier that is hashed locally before being sent to our servers. On Windows we hash CPU ID, motherboard serial, and the primary network adapter's MAC address; on macOS we hash the IOPlatformUUID; on Android we use the Android ID; on iOS we use the IDFV. Only the SHA-256 hash leaves your device. We use this identifier to enforce per-device licensing limits, detect abuse of the free trial, and prevent the same hardware from creating unlimited free accounts. We do not use it to track you across other websites or applications.

2.7. Payment Information

Payments are processed by Stripe (international cards) and iyzico (Türkiye). LabelInn does not store full card numbers, CVC codes, or banking details on our servers. We retain only the last 4 digits, the card brand, the cardholder name (where supplied), and the processor's customer/subscription identifiers required to manage your subscription, issue refunds, and produce invoices. Both processors are PCI-DSS compliant.

2.8. Marketplace & Cargo Integrations

If you connect a marketplace (Trendyol, Hepsiburada, ikas, Shopify, Amazon, Etsy, WooCommerce, N11, ÇiçekSepeti, Shopier, IDEASoft, Ticimax, PTT AVM) or a cargo carrier (Aras, Yurtiçi, MNG, Trendyol Express, Hepsijet, PTT, DHL, FedEx, UPS, USPS), we store the OAuth refresh token or API credentials you provide encrypted at rest. We use these credentials only to fetch your orders, generate shipping labels, and write back tracking numbers when you instruct us to. Disconnecting an integration revokes our access immediately and deletes the stored credentials within 24 hours.

2.9. Webhooks & Outbound Calls

If you configure outgoing webhooks (e.g. to receive job completion events on your own server), the destination URL and the events sent to it are logged for delivery tracking and 5-attempt retry. After 50 consecutive delivery failures we automatically disable the subscription and notify the owner.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Account creation and management
• License management and verification
• 14-day trial version control
• Providing user support
• Application improvements
• Security and fraud prevention
• Fulfilling legal obligations

4. Sharing of Information

We do not sell your personal information. We share data with the following categories of processors strictly to operate the service:

• Firebase / Google Cloud: Authentication, Firestore database, Cloud Functions, Cloud Storage. Hosted in the EU/US multi-region. Firebase privacy policy.
• Stripe (international) and iyzico (Türkiye): Payment processing. We send the cardholder name, billing address, and order amount; they return processor identifiers we store.
• Google Analytics 4 & Google Ads: Website and app analytics, conversion tracking. Anonymised IP and event data, only with consent.
• Microsoft Clarity: Session recording and heatmaps with masked PII fields, only with consent.
• Anthropic / OpenAI: If you use the in-app AI design assistant, prompts and label-design data are sent to the configured LLM provider for that specific request. We do not train models on your data.
• Marketplace & Cargo Carriers: Trendyol, Hepsiburada, ikas, Shopify, Amazon, Etsy, WooCommerce, and other connected platforms — order data and shipping labels are exchanged via their official APIs at your direction.
• Email Delivery (Zoho): Transactional emails (verification, password reset, invoices) are sent through Zoho Mail.
• Legal Obligations: We may disclose information if required by a court order or to comply with applicable law.

A current list of subprocessors is available on request from privacy@labelinn.com.

5. Data Security

Your privacy and data security are our top priorities. We employ comprehensive security measures to protect your information. All data is stored encrypted and is strictly personal and confidential to each individual user.

5.1. Encryption Standards

• All personal information is encrypted using industry-standard AES-256 encryption
• Passwords are hashed and salted using bcrypt algorithm
• Database encryption at rest and in transit
• Individual user isolation - your data is completely separate from other users
• Zero-knowledge architecture - we cannot access your unencrypted data

5.2. Security Measures

• Data transmission via HTTPS/TLS 1.3 protocol
• Firebase's enterprise-grade security infrastructure
• Regular security audits and penetration testing
• Multi-factor authentication for administrative access
• Access controls with principle of least privilege
• Continuous monitoring and threat detection

5.3. Data Isolation

Your personal information, designs, templates, and usage data are stored in encrypted, isolated containers. No user can access another user's data under any circumstances. Each user's data is encrypted with user-specific keys and can only be accessed by that specific user.

6. Data Retention

Your personal information is stored as long as your account is active. If you delete your account, your data will be permanently deleted within 30 days.

You can request account deletion at any time through our Account Deletion Page or by emailing privacy@labelinn.com.

7. Cookies

Our application uses cookies to improve user experience. Cookies can be managed through your browser settings.

8. User Rights

Under KVKK, you have the following rights:

• Access to your personal data
• Correction of your personal data
• Deletion of your personal data
• Objection to processing of your personal data
• Portability of your personal data

To exercise these rights, you can send an email to privacy@labelinn.com.

9. Children's Privacy

LabelInn does not knowingly collect personal information from children under 18 years of age. If we discover that we have collected information from a child, we will delete this information immediately.

10. Privacy Policy Changes

This Privacy Policy may be updated from time to time. We will notify you of significant changes. You can find the current policy on this page.

11. Contact

For questions about our privacy policy, you can contact us:

• Email: privacy@labelinn.com
• Web: labelinn.com

12. Legal Basis

This Privacy Policy has been prepared in accordance with Law No. 6698 on the Protection of Personal Data (KVKK) and the European Union General Data Protection Regulation (GDPR).