Legal
Privacy Policy
We run a small print shop, not an ad business. This page explains what we collect, why, and how long we keep it.
- 01
Who we are
SKC Copy Center, a sole proprietorship owned by Stavros Christofi, at Nikou & Despinas Pattichi 116C, 3070 Limassol, Cyprus. We are the data controller for the personal information described on this page.
You can reach us with privacy questions by email at skccopy@icloud.com or by phone at +357 25 004346.
- 02
What we collect
Send Files form: your name, phone number, optional email address, the details you write in the message, your turnaround and colour preferences, and the files you upload.
Visiting the site: standard server logs (IP address, user agent, requested URL, timestamp) kept for a short window so we can run the site reliably. Our /visit page loads map tiles from a third-party CDN (OpenFreeMap), which sees your IP address when the map renders.
Bot and abuse protection: the upload form is protected by Cloudflare Turnstile, which processes your IP address and signals from your browser to tell humans apart from bots. We also keep a short-lived record of your IP address in our rate-limit store to enforce per-IP submission limits.
Malware scanning: when you upload files, we compute a SHA-256 hash of each file and look it up against an industry-standard malware database. The hash leaves our infrastructure; your files themselves do not.
We don't use third-party advertising trackers, behavioural analytics, or social-media pixels on this site.
- 03
Why we collect it, and our legal basis
Form submissions are used to review your job and get back to you with a quote, turnaround time and any questions. Legal basis: steps taken at your request before entering a contract (GDPR Art. 6(1)(b)).
Server logs, bot protection, rate limiting and malware scanning are used to keep the site available, prevent abuse of the upload form, and avoid accepting hostile files. Legal basis: our legitimate interests in operating and protecting the service (Art. 6(1)(f)).
Customer records for completed jobs are kept to meet our tax and accounting obligations. Legal basis: legal obligation under Cypriot tax law (Art. 6(1)(c)).
- 04
How long we keep it
Uploaded files: automatically deleted 30 days after upload, whether or not the job went ahead.
Contact details associated with a completed job: kept for up to 6 years for tax and accounting purposes, as required by Cypriot law.
Server logs: kept for up to 30 days.
Rate-limit IP records: short-lived sliding windows — older entries fall out automatically.
Bot-check tokens (Turnstile): short-lived (minutes) and used only to validate a single submission.
- 05
Who sees it
Inside the shop and our small technical team: Stavros, anyone he employs to handle the work, and the developer who maintains the website.
We rely on the following service providers to run the site. They process data only on our instructions and don't use it for their own purposes.
Vercel Inc. — hosts the website and runs our server code (Frankfurt region, EU).
Vercel Blob — stores your uploaded files until deletion.
Resend — delivers the notification email from our website to our inbox.
Apple iCloud Mail — the inbox the notification email arrives in (skccopy@icloud.com).
Cloudflare — runs the Turnstile bot check on the upload form.
Upstash — runs the Redis store we use for per-IP rate limiting.
A third-party malware-database service — receives the SHA-256 hash of each uploaded file for malware lookup.
OpenFreeMap — serves the map tiles on the /visit page; sees your IP address when the map loads.
We don't sell personal information and we don't share it with anyone for marketing.
- 06
International transfers
Several of the providers above are based in or operated from the United States (Vercel, Resend, Cloudflare, Upstash, Apple, and the malware-database service). Where personal data is transferred outside the European Economic Area, we rely on the European Commission's Standard Contractual Clauses and, where the provider is certified under it, on the EU–US Data Privacy Framework adequacy decision. You can ask us for a copy of the safeguards by emailing skccopy@icloud.com.
- 07
How we keep it safe
All traffic to and from the site uses HTTPS. Uploads are scanned for malware before we open them. Access to our inbox and storage is restricted to the people listed above. Files are placed at unguessable URLs, but those URLs are not access-controlled — please don't share your upload links.
- 08
Automated decisions
We don't make automated decisions about you that have legal or similarly significant effects. Cloudflare Turnstile scores requests to decide whether to show an interactive challenge, but if it ever blocks you we'll still respond to anything you send us by phone or email.
- 09
Your rights
Under the GDPR and Cypriot data-protection law you can ask us to: confirm what we hold about you, give you a copy, correct anything inaccurate, delete it, restrict our use of it, transfer it to another provider, or object to our processing.
Email skccopy@icloud.com with your request and we'll respond within a month. If you're unhappy with how we handle it, you can complain to the Office of the Commissioner for the Protection of Personal Data, 1 Iasonos Street, 1082 Nicosia (www.dataprotection.gov.cy).
- 10
Cookies and similar storage
We don't set our own cookies for analytics, advertising or tracking. The Cloudflare Turnstile widget on the Send Files form loads from challenges.cloudflare.com and uses cookies and local storage on that domain to run its bot challenge — these are strictly necessary for the form to work and don't require consent under EU law.
- 11
Children
Our services are intended for general use. Under Cypriot law (Law 125(I)/2018), the age at which a child can consent to information-society services on their own is 14. If you are under 14, please ask a parent or guardian to send the files for you.
- 12
Changes
We may update this policy. The 'last updated' date at the top reflects the most recent change. Material changes will be flagged on the website.
Last updated · 28 May 2026
Terms of Service