/ legal — privacy

Privacy
policy.

Short version: we collect what we need to run the shop, ship your order, and let you know when a new drop opens. Nothing more. Long version below.

Last updated: 1 January 2026

What's in here

Who we are
What we collect
Why we collect it
Who we share it with
Cookies and tracking
Your rights
How long we keep it
How we protect it
International transfers
Children
Changes
Contact

1. Who we are

Teeshit is a clothing label operated by [REGISTERED BUSINESS NAME], registered at [BUSINESS ADDRESS]. We're the data controller for personal data collected through teeshit.com and our newsletter.

2. What we collect

We try to keep the list small. We collect:

Things you give us directly: name, email, shipping address, billing address, phone number (if you give one), and order history when you place an order or sign up for the newsletter.
Payment data: handled by our payment processors (Shopify Payments, Stripe, PayPal, Apple Pay, Google Pay — depending on which option you choose at checkout). We don't store full card numbers ourselves.
Browsing data: IP address, browser type, device type, pages visited, referring site, approximate location (from IP), and timestamps. Collected automatically via cookies and analytics tags.
Age-confirmation status: a single yes/no stored in your browser so we don't ask every visit.
Support correspondence: emails you send us and our replies.

3. Why we collect it

To run the shop — process orders, take payment, send order confirmations, ship packages, handle returns.
To send the newsletter — only if you opted in. You can unsubscribe at any time using the link in any email.
To improve the site — aggregate analytics tell us which pages people visit, where they drop off, what loads slow. We don't use this to identify individuals.
To prevent fraud — flagging unusual order patterns, suspicious payment behaviour, or bots scraping the site.
To meet legal obligations — tax, accounting, anti-money-laundering, consumer protection.

Our legal bases under GDPR (where it applies) are: performance of a contract (orders), consent (newsletter, non-essential cookies), legitimate interest (analytics, fraud prevention, basic site operation), and legal obligation (tax records).

We don't sell your data. We share what's necessary with vendors that help us run the shop:

Shopify — e-commerce platform, hosts product data, manages checkout and order records.
Payment processors — Stripe, PayPal, Apple Pay, Google Pay and others enabled by Shopify Payments. They handle payment details under their own privacy policies.
Shipping carriers — your name, address, phone (if given) and order contents to deliver the package.
Email and marketing tools — for the newsletter and order emails. Examples: Shopify Email, Klaviyo or Mailchimp depending on what we use.
Analytics providers — examples: Google Analytics, Shopify Analytics. Aggregate, not individual.
Authorities — if a valid legal request requires disclosure.

5. Cookies and tracking

We use cookies and similar technologies to keep your cart working, remember your age confirmation, and understand site traffic. Full breakdown in our Cookie Policy. You can refuse non-essential cookies via the banner the first time you visit, or change your settings any time.

6. Your rights

Depending on where you live, you may have the right to:

Access the personal data we hold about you.
Correct inaccurate data.
Delete your data ("right to be forgotten") — subject to legal retention requirements.
Object to or restrict processing.
Receive a copy of your data in a portable format.
Withdraw consent (e.g. unsubscribe).
Lodge a complaint with the data protection authority in your country.

To exercise any of these, email privacy@teeshit.com. We'll respond within 30 days. We may need to verify your identity before acting on the request.

California residents have specific rights under the CCPA / CPRA, including the right to know, the right to delete, and the right to opt out of "sale" or "sharing" of personal information. We do not sell personal information.

7. How long we keep it

Order records — for the period required by tax law in our jurisdiction (typically 6–7 years).
Newsletter subscribers — until you unsubscribe.
Support emails — up to 3 years.
Analytics — aggregated and anonymised data may be kept indefinitely.

8. How we protect it

We use HTTPS site-wide, rely on Shopify's PCI-compliant infrastructure for checkout, and limit internal access on a need-to-know basis. No system is 100% secure — we'll notify you and the relevant authority within 72 hours if a breach affects your data and we're legally required to do so.

9. International transfers

Our vendors (Shopify, analytics providers, payment processors) operate globally and your data may be processed in countries outside your country of residence, including the United States. When this happens we rely on appropriate safeguards — Standard Contractual Clauses, adequacy decisions, or your explicit consent.

10. Children

Teeshit is intended for users aged 18 or older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us and we'll delete it.

11. Changes

We may update this policy as the business or the law changes. Material changes will be announced via the newsletter and dated at the top of this page. Continued use after a change means you accept the updated policy.

12. Contact

Privacy questions: privacy@teeshit.com
Everything else: hello@teeshit.com
Postal: [BUSINESS NAME], [ADDRESS]

For the brand owner. Customise the bracketed placeholders (business name, address, jurisdiction, vendor list) and confirm the data-handling claims match your real Shopify and marketing stack. Have a lawyer in your country review before launch, particularly for GDPR (EU/UK), CCPA/CPRA (California), PIPEDA (Canada), and other regional rules that apply where you sell.