Temply
HomeProductsDemosOrders
Temply
HomeProductsDemosOrders
templystudiosupport@gmail.com

© 2026 Temply Studio. All rights reserved.

Privacy Policy
Legal

Privacy Policy

How Temply handles information used to create, purchase, deliver, and share personalized digital invitations and greetings.

Effective July 16, 2026

On this page

  1. 01Who operates Temply
  2. 02Information we collect
  3. 03Cookies and analytics
  4. 04How we use information
  5. 05Public invite links
  6. 06Providers and disclosures
  7. 07Retention and deletion
  8. 08Security
  9. 09Your rights
  10. 10Changes and contact

Temply Studio respects your privacy. This policy explains what personal information we process, why we process it, who may receive it, how long we keep it, and the choices and rights available to people in the Philippines.

This policy is a notice about our practices. It is not, by itself, a request for or record of consent.

Who operates Temply

Temply Studio is the personal information controller for the processing described in this policy. This policy applies to templystudio.shop and Temply's order, checkout, order-status, and invite experiences.

For privacy questions or verified data-subject requests, email templystudiosupport@gmail.com.

Information we collect

Information customers provide

Depending on the product, this may include:

  • Your email address.
  • Recipient names, endearments, sender names, greetings, personalized questions and answers, messages, letters, PINs, and PIN hints.
  • Photos you upload and file details such as content type and size.
  • Product selection, order code and status, amount, applied promo code, and order timestamps.
  • A GCash or bank payment reference number and the screenshot or image you upload as proof of payment.
  • Messages you send to our support address.

Temply does not collect your GCash account credentials or connect directly to a GCash API. We receive only the payment reference and proof image you choose to submit.

Personalized content can contain information about recipients and other people, not only the purchaser. Submit and share only content that you are authorized to use.

Information collected automatically

  • Page views, timestamps, referring site or origin, approximate location, browser, operating system, and device category.
  • Product-view and checkout events.
  • Product slug, name, category, PHP value, promo code, discount value, and payment-proof-submitted event data sent to Google Analytics.
  • Technical request information ordinarily processed by our hosting and infrastructure providers.

Our custom Google Analytics setup normalizes dynamic order and checkout routes. We do not intentionally send customer emails, raw customer access tokens, order codes, uploaded content, or payment proof images as custom analytics event values.

Cookies and similar technologies

temply_customer_orders

A strictly functional cookie that stores up to 50 order-code and access-token entries so your browser can reopen your orders. It is HTTP-only, SameSite=Lax, Secure in production, and has a maximum age of one year.

temply_has_customer_orders

A strictly functional presence flag used to show the saved order indicator. It contains only whether saved orders exist, is SameSite=Lax and Secure in production, and has a maximum age of one year.

_ga and _ga_<measurement-id>

Google Analytics uses these cookies to distinguish visitors and sessions. Google documents a default expiration of two years. See Google's Analytics cookie documentation.

Vercel Web Analytics

Vercel Web Analytics receives page-view information for aggregated analytics and does not use third-party cookies. Vercel states that visitor-session identification is discarded after 24 hours and is not tied to an IP address or persistent personal identifier. Read Vercel's Web Analytics privacy documentation.

How we use information

We use information to:

  • Create and maintain draft and finalized orders.
  • Validate template customization and uploaded images.
  • Provide previews, checkout, order status, and approved invite experiences.
  • Review proof of payment and resolve rejected submissions.
  • Apply promotions and calculate the amount due.
  • Generate share links and deliver order-approval emails.
  • Respond to support and privacy requests.
  • Prevent unauthorized order access and maintain service security.
  • Maintain audit, idempotency, and operational records.
  • Understand aggregate storefront and checkout usage.
  • Comply with legal obligations and establish or defend legal claims.

We process this information as necessary to provide the service and transaction you request, for legitimate operational and security interests, and where required by law.

Important sharing notice

Public invite links and recipient information

An approved order receives a share URL and QR code. Anyone who obtains that link can view the approved invite and its personalized content.

That content can include recipient names, messages, questions, answers, letters, PIN-protected template content, and uploaded photos. The purchaser controls who receives the link and should treat it as shareable, not as private authentication for order management.

Link-preview services and social platforms may receive the URL and preview metadata when it is shared. Approved invite metadata may include the recipient's name. Temply uses time-limited signed image URLs internally, but copying or sharing an invite can still expose displayed content to its recipients.

Service providers and disclosures

We use providers to operate Temply. They may process information outside the Philippines using their infrastructure and applicable contractual safeguards.

  • Vercel — application hosting and privacy-oriented web analytics.
  • Google Cloud Storage — customer photos and proof-of-payment images.
  • MongoDB-backed database infrastructure — orders, customization data, payment records, invite records, audit records, and notification state.
  • Google Analytics — page, device, approximate-location, and ecommerce-style event analytics.
  • Resend — transactional approval emails and email-delivery metadata.

Information may also be provided to administrators reviewing orders and payment proofs; when legally required; to protect users, Temply, or others from fraud, abuse, or security threats; or as part of a business transfer subject to applicable privacy requirements.

Temply does not sell personal information.

Retention and deletion

  • Draft, pending-payment, and proof-rejected orders are eligible for automatic hard deletion after seven days without an update. The purge includes associated order-scoped customer photos and payment-proof objects.
  • Proof-submitted orders awaiting review are not part of the seven-day stale-order purge.
  • Approved orders and public invite content are retained to keep the purchased experience available until Temply completes a verified deletion request, an administrator deletes the order, or retention is no longer necessary for legitimate business or legal purposes.
  • Manual order deletion removes the order, payment submissions, published invite, email-notification state, associated idempotency records, and order-scoped storage objects.
  • Idempotency-key records have a database expiry of approximately 24 hours. Functional order cookies expire after one year unless cleared or rewritten sooner.
  • Google Analytics cookies follow provider-defined retention. Resend, Google, Vercel, MongoDB infrastructure, and Google Cloud may retain processor-side records according to their settings and obligations.
  • Audit records may remain after order deletion where required for security, accountability, fraud prevention, legal compliance, or legal claims.

Deletion may therefore require verification and may not remove every audit record, backup, provider log, or record that Temply must lawfully retain immediately.

Security

Our safeguards include:

  • Requiring a customer access token—not the visible order code alone—for customer order-management requests, while storing a hash of that token on the server.
  • Using an HTTP-only customer-order cookie that is Secure in production.
  • Order-scoped, purpose-specific upload signing and content-type and size restrictions for customer photos and payment proofs.
  • Expiring signed URLs for storage reads.
  • Restricting administrator routes to the configured Google-authenticated administrator email.
  • Recording administrative payment decisions and deletions in audit records.

No internet transmission or storage system can be guaranteed to be completely secure.

Your Philippine privacy rights

Subject to applicable law, you may have the right to:

  • Be informed about processing.
  • Object to processing.
  • Access your personal information.
  • Correct inaccurate or incomplete information.
  • Request erasure or blocking where applicable.
  • Data portability where applicable.
  • Claim damages where legally available.
  • File a complaint with the National Privacy Commission.

Send a request to templystudiosupport@gmail.com. We may need to verify your identity and authority before exposing, correcting, or deleting an order, especially when a request concerns another person's content.

Changes and contact

We may update this policy when our practices, providers, or legal requirements change. We will update the effective date at the top when we publish a material revision.

Temply Studio

Personal information controller

templystudiosupport@gmail.com