Privacy Policy
Last Updated: January 3, 2026
Privacy Policy
Last Updated: April 1, 2026
1. Introduction
Welcome to TshirtLoop ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
2. Information We Collect
2.1 Personal Information
We collect information that you provide directly to us, including:
- Account Information: Name, email address, password, phone number
- Payment Information: Credit card details, billing address (processed securely via Stripe/PayPal)
- Shipping Information: Delivery address, contact details
- Design Data: Custom designs, text, images you upload
- Communication: Messages, customer support inquiries, reviews
2.2 Automatically Collected Information
- Usage Data: Pages visited, time spent, click patterns
- Device Information: IP address, browser type, operating system
- Cookies: Session data, preferences (see our Cookie Policy)
3. How We Use Your Information
We use your information for the following purposes:
- Order Processing: To fulfill your orders, process payments, and ship products
- Account Management: To create and manage your account
- Communication: To send order confirmations, shipping updates, and customer support
- Personalization: To customize your experience and show relevant products
- Marketing: To send promotional emails (with your consent - you can opt-out anytime)
- Analytics: To understand user behavior and improve our services
- Legal Compliance: To comply with applicable laws and regulations
- Security: To detect and prevent fraud, abuse, and security incidents
4. AI-Generated Designs
Important Notice: When you use our AI design generation features:
- Your text prompts and uploaded images may be processed by third-party AI services (OpenAI, Replicate)
- These services are located outside your country and subject to their own privacy policies
- We do not store your raw prompts indefinitely - only the generated designs
- By using AI features, you consent to this processing
5. Information Sharing and Disclosure
We share your information only in the following circumstances:
5.1 Service Providers
- Payment Processors: Stripe, PayPal (PCI-DSS compliant)
- Shipping Partners: ShipStation, USPS, FedEx, UPS
- Email Services: SendGrid (transactional emails)
- AI Services: OpenAI (design generation) - optional feature
- Cloud Infrastructure: DigitalOcean, AWS (secure hosting)
5.2 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights and safety.
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.
6. Data Retention
- Account Data: Retained while your account is active or as needed for services
- Order History: Retained for 7 years for tax and legal purposes
- Payment Data: Not stored by us (handled by Stripe/PayPal)
- Marketing Data: Until you unsubscribe or request deletion
- Designs: Retained while you use our services, deletable from your account
7. Your Rights
7.1 GDPR Rights (EU/UK Users)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Delete your data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Restriction: Limit how we process your data
- Objection: Object to processing for marketing purposes
7.2 CCPA Rights (California Users)
- Know: What personal information we collect and how it's used
- Delete: Request deletion of your personal information
- Opt-Out: Opt-out of sale of personal information (we don't sell data)
- Non-Discrimination: Equal service regardless of privacy choices
7.3 Texas Data Privacy and Security Act (TDPSA) Rights
If you are a Texas resident, you have the following rights under the TDPSA (effective July 1, 2024):
- Right to Access: Confirm whether we are processing your personal data and access that data
- Right to Correct: Correct inaccuracies in your personal data
- Right to Delete: Delete personal data you have provided to us
- Right to Data Portability: Obtain a copy of your data in a portable, readily usable format
- Right to Opt Out: Opt out of the processing of your personal data for targeted advertising, sale of personal data, or profiling that produces legal or similarly significant effects
To exercise these rights, contact [email protected]. We will respond within 45 days. You may appeal any decision by contacting us or filing a complaint with the Texas Attorney General.
We do not process sensitive personal data (racial/ethnic origin, religious beliefs, health data, biometric data, geolocation) without your consent. We do not sell your personal data as defined under the TDPSA.
8. Security
We implement industry-standard security measures:
- Encryption: HTTPS/TLS for all data transmission
- Password Security: Bcrypt hashing with salt
- Payment Security: PCI-DSS compliant processors (no card data stored)
- Access Control: Limited employee access, role-based permissions
- Monitoring: Regular security audits and vulnerability scans
- Backups: Daily encrypted backups
9. Cookies and Tracking
We use cookies for:
- Essential: Authentication, security, cart functionality
- Analytics: Understanding site usage (anonymized)
- Preferences: Language, theme, settings
You can control cookies through your browser settings. See our Cookie Policy for details.
10. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. Please review their privacy policies.
11. Children's Privacy
Our services are not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.
12. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States. We ensure appropriate safeguards are in place (standard contractual clauses, adequacy decisions) for such transfers.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or website notice. Your continued use constitutes acceptance of the updated policy.
14. Do Not Track Signals
Some web browsers transmit "Do Not Track" (DNT) signals. We currently honor DNT signals and do not track, plant cookies, or use advertising when a DNT browser mechanism is in place. We also honor the Global Privacy Control (GPC) signal as a valid opt-out of sale/sharing of personal information under applicable law.
15. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify affected users within 72 hours of becoming aware of the breach (as required by GDPR)
- Notify the relevant supervisory authority where required by law
- Provide details about what information was affected, steps we are taking, and what you can do to protect yourself
- Maintain a record of all data breaches and our response actions
SMS/Text Message Communications
By providing your phone number and opting in to text notifications, you consent to receive automated text messages from TshirtLoop regarding:
- Order confirmations and status updates
- Shipping and delivery notifications
- Account security alerts
Message frequency: Varies based on order activity. Message and data rates may apply. Carrier fees are your responsibility.
Opt-out: Reply STOP to any message to unsubscribe from text notifications. Reply HELP for assistance. You may also opt out by updating your account notification preferences or contacting [email protected].
Consent: Consent to receive text messages is not a condition of purchase. You may place orders without providing a phone number or opting in to SMS notifications.
This SMS program is governed by our Privacy Policy and compliant with the Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227.
16. Contact Us
For privacy-related questions, concerns, or to exercise your rights, contact us:
- Email: [email protected]
- Data Protection Officer: [email protected]
- Mail: TshirtLoop, Inc., TshirtLoop LLC, Houston, TX, USA
Response Time: We will respond to your request within 30 days (GDPR) or 45 days (CCPA).