Privacy Policy

Last updated: April 1, 2026

Merch Legion ("we", "our", "us") operates the Merch Legion platform. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture through Google OAuth or email authentication.

Platform Credentials

To automate uploads to Amazon Merch on Demand and other print-on-demand platforms, we store encrypted session cookies for your platform accounts. These credentials are encrypted using AES-256-GCM encryption and stored in our database. We never store your platform passwords.

Design Data

We store the designs you create or upload, including images, titles, descriptions, and listing metadata. Design images are stored on BunnyCDN.

Usage Data

We collect basic usage information such as pages visited, features used, and timestamps to improve the service.

Research Data

Search queries made through our research tool are cached temporarily to improve performance. We do not share your search queries with third parties beyond the search API provider (SerpAPI).

How We Use Your Information

Provide the service: Create and manage your designs, publish to platforms, track sales
Improve the platform: Analyze usage patterns to prioritize features and fix issues
Communicate: Send important service updates and respond to support requests
Security: Protect your account and detect unauthorized access

Data Storage and Security

All platform session data is encrypted at rest using AES-256-GCM
Design images are stored on BunnyCDN with unique hashed filenames
Our database is hosted on a private server and is not publicly accessible
We use HTTPS for all data transmission

Third-Party Services

We use the following third-party services:

Google OAuth: For authentication (Google Privacy Policy applies)
BunnyCDN: For image storage and delivery
FAL.ai: For AI image generation (images are processed and not stored by FAL)
OpenRouter: For AI text generation (prompts are processed and not retained)
SerpAPI: For Amazon product research data
Amazon Merch on Demand: Browser automation for design publishing

Data Retention

Account data: Retained as long as your account is active
Designs: Retained until you delete them or close your account
Platform cookies: Automatically expire based on platform session limits
Research cache: Cached for 24 hours, then automatically deleted

Your Rights

You have the right to:

Access: Request a copy of your personal data
Delete: Delete your account and all associated data
Export: Download your designs and listing data
Correct: Update your account information

To exercise these rights, contact us at the email below.

Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies.

Children's Privacy

Merch Legion is not intended for children under 18. We do not knowingly collect information from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform.

Contact

For privacy-related questions, contact us at: privacy@merchlegion.com