PartyKit Uploadsby Tumbly HausInstall on Shopify

What's new + what's coming

We ship updates every week. Recent releases, near-term commitments, and the longer roadmap — so you know what you're getting today and where it's going.

We ship updates continuously. Recent and upcoming changes below — the most recent at the top.

Shipped since v1.0 (June 2026)

We've kept shipping since launch — hardening, reliability, and polish:

  • Moderation is now opt-in. Content moderation defaults to off so your upload widget stays fast — turn on free, in-browser NSFW screening anytime in Settings → Content safety.
  • Stronger upload security — server-side MIME magic-byte verification (rejects files whose real bytes don't match their claimed type) plus per-cart and per-shop rate limiting to stop endpoint abuse.
  • Automatic cleanup of abandoned uploads — a daily job clears artwork that was uploaded but never made it into an order after 7 days, so your storage stays tidy.
  • Clearer plan gating in admin — locked features now show "Upgrade to enable" instead of letting you configure something that won't run on your plan.
  • Public pricing page with a side-by-side plan comparison at /pricing.

v1.0 — May 27, 2026 (Initial release)

The launch version of PartyKit Uploads, shipping with everything custom-print, hat-bar, laser, vinyl, and made-to-order merchants need to collect artwork directly on the product page.

Customer experience

  • Storefront upload block for any Online Store 2.0 theme — drag-and-drop and file picker upload, right on the product page.
  • In-browser cropping with fixed aspect ratios, free-form crop, or per-variant aspect overrides.
  • Required-file gating — Add to Cart, Buy Now, Shop Pay, Apple Pay, and Google Pay all disable cleanly with a clickable hint when an upload is required but missing.
  • Photo guidelines popover so customers know what file format and quality you need before they upload.
  • Per-file fees automatically added to the cart as a transparent line item using Shopify Functions — works on every Shopify plan (Basic through Plus).
  • AI content moderation running in the customer's browser at no cost (NSFW classifier).
  • Multi-file uploads with named slots (e.g., Front / Back / Sleeve).

Merchant tools

  • Per-product configuration — required toggle, min/max files, allowed MIME types (including safely-sanitized SVG for laser/plotter merchants), print-quality minimums with warn-or-block modes, customer-facing guidelines, slot labels, per-variant crop aspect overrides, per-file fee + fee-variant GID.
  • Admin Uploads review queue with thumbnails (Google Drive, Shopify Files, S3, R2, Dropbox all supported), pending / approved / rejected filters, product + order linkage, one-click moderation actions.
  • Settings dashboard for global defaults: storage backend, allowed file types, max file size, content safety policy (warn vs hold-for-review vs block), Plus-only merge-mode fee display.

Storage

  • Five storage backends: Shopify Files (default), AWS S3, Cloudflare R2, Google Drive, Dropbox.
  • Sidecar JSON metadata written next to each file on cloud backends so your fulfillment workflow can read everything about an upload without calling our API.
  • OAuth-connected Google Drive and Dropbox with CSRF-protected sign-in flow.
  • AES-256-GCM encryption for all stored backend credentials.

Security + compliance

  • GDPR webhooks implemented for customers/data_request, customers/redact, and shop/redact.
  • App proxy HMAC verification on every storefront-facing endpoint.
  • SVG & vector for laser, vinyl & engraving — accepted safely. Most upload apps block SVG because it's an XSS risk; PartyKit sanitizes every SVG server-side via DOMPurify (scripts, event handlers, and javascript: URLs stripped), so you get the cut files your machine needs without the security hole.
  • Server-side quality enforcement — when configured to "block" mode, undersized uploads are refused at the server, not just the browser.
  • SSRF defense with manual redirect-walking and private-IP block on every server-side remote file fetch.
  • Customer-initiated deletion of unconfirmed uploads — X-button removal cascades to storage backend cleanup.

Pricing

  • Free — 50 uploads/month, Shopify Files storage, AI moderation, and the storefront block. Everything you need to test the workflow on real orders.
  • Starter ($9/mo) — 500 uploads/month, cropping, 14-day trial.
  • Pro ($19/mo) — 2,500 uploads, per-file fees, 14-day trial.
  • Studio ($39/mo) — unlimited uploads, BYO storage backends, priority support, all features.
  • Maker Growth Hub members get Studio comp'd automatically.

Coming next (v1.1 — June 2026)

  • Upload from Google Drive & Dropbox — let your customers pick artwork straight from their own cloud storage, not just their device.
  • Extended moderation — Google Vision SafeSearch and AWS Rekognition options for catching violence, drug content, and offensive symbols, beyond today's in-browser NSFW filter.

On the roadmap (v2 — PartyKit Workshop, Q3 2026)

  • Hat-bar party workflow — customer "library" of pre-approved designs they can pick from, plus the upload option.
  • Patch picker for trucker caps — Lonestar leatherette template library with per-cut auto-pricing.
  • Design preview rendering — show the customer their artwork on the product before checkout.
  • AI design upscaling for under-resolution uploads (Studio-tier add-on).

Future (v3 — PartyKit Mobile, late 2026)

  • iPhone + Android companion app for high-volume merchants — receive new orders with artwork attached, preview, approve, and send to the print queue from your phone.
  • Push notifications for new hold-for-review uploads.

Found a bug or want a feature?

Email support@tumblyhaus.com. Most fixes ship within a few days; new features land in the next monthly release.