PODatlas.co

Privacy Policy

Last reviewed: 22 May 2026

This is the Privacy Policy for PODatlas. It explains what personal data I collect, why I collect it, how I use it, and the rights you have over it. I have written it in plain English. If anything is unclear, please get in touch using the details below.

Who runs this site

PODatlas is a directory of print-on-demand suppliers, tools, marketplaces, and sales channels. It is run by Mike Savage, trading as a sole trader in the United Kingdom. I am the data controller for any personal data this site collects.

The site is published from podatlas.co.

How to contact me about privacy

For anything relating to your personal data or this policy — access requests, corrections, deletions, complaints — email legal@podatlas.co.

For general questions about the directory itself, please use the contact form.

What personal data I collect

I keep the data I collect deliberately small. There are three ways your data might end up on this site:

The newsletter signup. If you subscribe to the PODatlas newsletter, I collect your email address and your IP address at the moment you sign up. The IP address is recorded to prove consent under UK GDPR if it is ever challenged. Subscriptions use double opt-in, so the email address is not added to the list until you click the confirmation link.

The supplier submission form. If you submit a print-on-demand supplier, tool, marketplace, or sales channel for review, I collect the details you enter into the form. That usually includes a company name, a website URL, and free-text notes. If you choose to leave your own name or email address in the notes, that becomes part of the submission. The form does not require you to identify yourself.

The contact form. If you contact me, I receive whatever you write into the form, plus the email address you provide so I can reply.

I do not run user accounts. There is no login. There are no comments. There is no checkout.

Analytics

I use Plausible Analytics to understand which pages people visit and where traffic comes from. Plausible does not use cookies, does not collect any personal data, and does not build a profile of you across sites. It is hosted in the EU. The script is loaded through a first-party proxy on this domain so it loads quickly and is not blocked by privacy tools.

There is no Google Analytics on this site. There is no Facebook pixel. There are no advertising trackers.

Cookies

This site does not set tracking cookies. If a cookie banner is added in future — for example because a partner tool requires one — it will only appear when there is genuinely something to consent to. The current Cookie Policy is at /cookies.

Why I process this data and on what legal basis

Under UK GDPR every use of personal data needs a lawful basis. Here are mine:

The newsletter list runs on consent. You opt in, you confirm, and you can unsubscribe from any email. The IP address recorded at signup is kept under the same consent.

Supplier submissions and contact-form messages run on legitimate interests. I need a way for the public to send me directory submissions and questions, and processing the message you send is the minimum data I need to act on it.

Analytics runs on legitimate interests, balanced against the fact that Plausible is cookieless and collects no personal data — so the impact on your privacy is low.

Who I share data with

I do not sell your data. I do not share it with advertisers. I share it only with the small set of tools that run the site:

  • Mailerlite stores the newsletter list and sends the emails.
  • Airtable stores supplier submissions and the records that power the directory.
  • Cloudflare serves the site and handles the form endpoints.
  • Plausible records aggregate analytics.

Each of these has its own privacy policy and data processing agreement. I do not move your data anywhere else.

International transfers

Some of the tools above are based outside the UK. Here's where your data goes and what protects it:

  • Mailerlite is based in Ireland and stores data in the EU. The UK government has decided the EU offers an adequate level of data protection, so no extra safeguard is needed for this transfer.
  • Plausible is based in Estonia and stores data in Germany. Same UK→EU adequacy decision applies.
  • Airtable is based in the United States. Transfers to the US rely on Airtable's certification under the UK Extension to the EU–US Data Privacy Framework, with the UK International Data Transfer Agreement (IDTA) as a fallback safeguard built into Airtable's data processing terms.
  • Cloudflare is based in the United States with a global edge network. Same protection: Data Privacy Framework certification plus the UK IDTA in Cloudflare's data processing addendum.

If you want a copy of any of these safeguard documents, email legal@podatlas.co and I will point you to the current version.

How long I keep data

Newsletter subscribers stay on the list until you unsubscribe. Unsubscribed addresses are removed from the active list.

Supplier submissions are kept indefinitely as part of the directory record. If you submitted information about yourself that you no longer want on file, email legal@podatlas.co and I will remove it.

Contact-form messages are kept for as long as I need them to act on the message and any follow-up. Once a thread is clearly closed, they get deleted.

Analytics data in Plausible is aggregate and retained according to Plausible's standard retention.

Your rights

Under UK GDPR you have the right to:

  • ask what personal data I hold about you (right of access)
  • ask me to correct it if it is wrong (rectification)
  • ask me to delete it (erasure)
  • ask me to restrict how I use it
  • ask for a copy in a portable format where the right applies
  • withdraw consent for the newsletter at any time (every email has an unsubscribe link)
  • complain to the Information Commissioner's Office at ico.org.uk if you think I have got something wrong

To use any of these rights, email legal@podatlas.co. I aim to respond within a few working days, and at the latest within one month, as UK GDPR requires.

Your right to object

You have a separate right to object to processing that relies on legitimate interests. On this site, that covers the supplier submission form, the contact form, and the Plausible analytics.

If you object, I will stop processing your personal data for that purpose unless I can show compelling legitimate grounds that override your rights, or the processing is needed for legal claims. To object, email legal@podatlas.co and tell me what you are objecting to.

This right is called out separately because UK GDPR requires me to bring it to your attention clearly and on its own.

Security

The site is served over HTTPS. Form endpoints run on Cloudflare. Data lives in Mailerlite and Airtable, both of which provide their own security controls. I do not store passwords for any user accounts, because the site does not have user accounts.

Realistically, no online service is risk-free. If a data incident affects information you have given me, I will inform you as required by UK GDPR.

Children

This site is aimed at people who run or want to start a print-on-demand business. It is not directed at children, and I do not knowingly collect personal data from anyone under 13.

Changes to this policy

If I change how the site handles personal data, I will update this page and bump the "last reviewed" date below. For material changes — anything that affects what data is collected or who it is shared with — I will also note the change in the newsletter.

Last reviewed

22 May 2026.