Privacy Policy

1. Overview

I'm Mike Bannoura. I own PostNet Denver CO149 at 1312 17th Street in downtown Denver. Been here since 2009 — back when people still faxed things. This policy covers what happens with your personal info when you use our website or walk into the shop.

Bottom line: we collect what we need to print your job and ship your package. Nothing gets sold. Ever.

2. Information We Collect

What You Give Us

When you create an account we get your name, email, phone, and password. Google sign-in sends us your name, email, and profile photo — nothing else. No Gmail access, no Google password.

Place an order and we collect billing/shipping addresses. Your credit card number goes straight to Stripe — our server never sees it. The files you upload (PDFs, images, .ai files, whatever you need printed) stay in our Supabase database so we can actually do the work.

Rent a mailbox? The USPS makes us collect two forms of government ID. Federal law, not our choice. Quote requests, emails you send us, project specs — all kept on file too.

What Gets Collected Automatically

Same as any website: your browser type, which pages you visit, how you found us, and your IP address (gives us city-level location, not your street). Cookies too — more on those in Section 4.

3. How We Use Your Information

Look, there's no hidden agenda. Your info lets us process orders, send proofs, run production on the HP Indigo and the Konica Minolta presses in back, arrange shipping, and get the finished product to you. It also keeps your account working, lets us answer your emails, and sends you receipts through Resend (our email delivery service).

Google Analytics tells us aggregate things — which pages get traffic, where people drop off. If you opted into marketing emails, we might send something when we add a new service. Unsubscribe anytime, one click, no guilt trip. And sometimes the IRS or a court order requires us to keep or share records. That's just how business works.

4. Cookies & Tracking Technologies

Three kinds of cookies run on this site:

• Essential ones (Supabase auth, cart persistence) — keep you logged in and remember your cart. Can't turn these off or the site breaks.
• Google Analytics cookies give us anonymous traffic data. How many visitors, which pages, where they came from. Anonymized, aggregate, not personal.
• A preferences cookie saves your display settings so the site doesn't ask you the same questions every visit.

Your browser controls cookies — block them if you want, but the login and cart will stop working. To opt out of Google Analytics specifically, grab the free browser add-on from Google.

5. Third-Party Services

Running a print shop website takes a few outside tools. Here's every service that touches your data in some way:

6. Data Sharing & Disclosure

Not sold. Not shared with data brokers. Not traded for advertising. The only parties who see your info:

The service providers in Section 5 — each gets only what they need. Stripe handles payments, not your browsing history. Shipping carriers (FedEx, UPS, USPS, DHL) get what's on the label and nothing more. PostNet International sees certain franchise-level business data per our agreement. Courts and law enforcement get records if they show up with a subpoena, which in 17 years has basically never happened. And if Mike ever sells the shop, account data would transfer to the new owner — but that's hypothetical.

7. Data Retention

Account data stays as long as your account exists — email us to delete and it's gone in 30 days. Order records stick around 7 years (IRS requirement). Uploaded files last up to 12 months after the job finishes, which is why we can reprint those business cards you ordered in January without asking for the file again.

Emails and support threads: 3 years. Analytics data: 26 months, then Google auto-deletes it. Mailbox records (USPS Form 1583): 3 years after you close the box — that's a postal service rule. Want anything deleted sooner? Just ask.

8. Data Security

Zero data breaches since 2009. SSL/TLS encryption on every page. Card numbers go to Stripe (PCI Level 1) and never touch our server. Passwords hashed through Supabase. Staff access is role-based — the person running the HP Latex 800W in the wide-format room doesn't have access to customer payment records.

That said, no company on earth can guarantee 100% security. Concerned about something specific? Call the shop and I'll walk you through it personally.

9. Your Rights & Choices

You can ask to see what data we have on you, correct anything wrong, or delete it entirely (tax-required records excepted). Need your data exported in a portable format? Done. Want off the marketing list? Hit unsubscribe or just tell us — you'll still get order confirmations and shipping notices since those are transactional.

Here's the deal: email co149@postnet.com or call (303) 595-0500 for any privacy request. Usually takes us a few days, never more than 30. Identity verification first, for your protection.

10. California Privacy Rights (CCPA)

California residents get extra rights under the CCPA/CPRA — right to know, delete, correct, and opt out of data sales. Since we don't sell data to anyone, the opt-out is already covered. Same contact info applies: co149@postnet.com or (303) 595-0500. Authorized agents can submit on your behalf. Response within 45 days. Exercising these rights will never affect pricing or service quality.

11. Children's Privacy

Not designed for kids under 13 and we don't knowingly collect their info. If your child somehow signed up, email co149@postnet.comand we'll delete it immediately.

12. Third-Party Links

Click a link to FedEx tracking, Stripe, Canva, or Anytime Mailbox and you're on their site with their rules. Their privacy policies are linked in Section 5.

13. Changes to This Policy

When we update this page, the date at the top changes. Big changes (new service provider, new data use) get an email to registered users. Small stuff like typo fixes just goes live.

14. Contact Information

Real people, real store, real phone number: