Odemly — Privacy Policy
Last updated: 24 June 2026
This Privacy Policy explains how Odemly L.L.C FZ ("Odemly", "we"), a Free Zone Company registered in the United Arab Emirates (registered address: The Meydan Hotel, Dubai, United Arab Emirates), collects, uses, shares, and protects personal data in connection with our on-demand production and fulfillment service (the "Service"), including our Shopify app.
Our two roles. For data about our Merchants (the businesses that use Odemly), we act as a controller. For data about a Merchant's end customers that we process to fulfill orders (e.g., a recipient's name, address, and uploaded photo), we act as a processor / service provider on the Merchant's behalf and process it only to provide the Service.
1. Data we collect
From Merchants (controller):
- Account & contact details: name, email, business name, and similar information you provide at registration.
- Billing data: billing name and address, and card details — card numbers are collected and stored by our payment processor (Stripe), not by Odemly; we keep only limited information such as the card brand and last four digits.
- Usage data: log data, device/technical information, and how you use the App.
From end customers, to fulfill orders (processor):
- Order & recipient details: name, shipping address, contact details, and order contents.
- Uploaded images/photos submitted for production, plus customization options (e.g., scent, crop).
2. How we use data
- To provide the Service: produce, package, label, and ship orders; match shipping labels; provide tracking.
- To take payment for the cost of goods and to prevent fraud.
- To communicate with Merchants about their account, orders, and support.
- To operate, secure, and improve the Service.
- To comply with legal obligations.
For Merchant (controller) data, our legal bases under the GDPR are: performance of our contract with you; our legitimate interests in operating and securing the Service; your consent (where required); and legal obligation.
3. How we share data
We share personal data only as needed to run the Service:
- Shopify — the platform connecting your store to Odemly (order intake).
- Stripe — payment processing of Merchant charges.
- Shipping carriers (e.g., USPS, UPS, Royal Mail, DPD, Foxpost) — to deliver products.
- Cloud & storage providers — hosting and file/image storage (including object storage and a Google Drive backup used by Odemly for production files).
- Professional advisers and authorities — where required by law or to protect rights.
- Successors — in a merger, acquisition, or asset sale, subject to this Policy.
We do not sell personal data.
4. Data retention
We keep personal data only as long as needed for the purposes above:
- Order files (uploaded photos, print-ready files, shipping labels): retained while needed for production and for a limited period afterwards, then deleted. By default, an order's production files and shipping label are purged approximately 60 days after dispatch; abandoned-upload images with no order are purged after about 30 days; production-file backups are pruned after about 60 days.
- Account and transaction records: kept for as long as your account is active and afterwards as needed for legal, tax, accounting, and dispute-resolution purposes.
5. Your rights
Depending on your location, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, and to withdraw consent. End customers should direct such requests to the Merchant they ordered from (the controller of that data); Odemly will assist the Merchant as their processor. To exercise rights regarding data for which Odemly is the controller, contact us at the address below. You may also have the right to lodge a complaint with your data-protection authority.
6. Security
We use technical and organizational measures designed to protect personal data (such as encryption in transit and access controls). No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
7. International transfers
We are based in the United Arab Emirates and may process data in the UAE and other countries. Where we transfer personal data from the EEA/UK, we rely on appropriate safeguards (such as Standard Contractual Clauses). The UAE Personal Data Protection Law (Federal Decree-Law No. 45 of 2021) may also apply.
8. Children
The Service is for businesses and is not directed to children. We do not knowingly collect personal data from children. Merchants are responsible for ensuring any end-customer data they send complies with applicable law.
9. Changes
We may update this Policy; the "Last updated" date will change, and we will notify Merchants of material changes through the App or by email.
10. Contact
Odemly L.L.C FZ, The Meydan Hotel, Dubai, United Arab Emirates. Privacy questions: connect@odemly.com.
© Odemly L.L.C FZ · The Meydan Hotel, Dubai, United Arab Emirates · connect@odemly.com