Privacy Policy

1. Introduction

Qstomize (“we,” “our,” or “us”), operated by Qstomize LLC, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.qstomize.com (the “Site”), place an order, request a quote, or otherwise interact with our services.

By using our Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Site.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you request a quote, place an order, create an account, contact us, or otherwise interact with our services. This information may include:

• Name (first and last name)
• Email address
• Phone number
• Company name
• Shipping and billing address
• Payment information (credit card numbers, billing details — processed securely through our payment processors; we do not store full card numbers)
• Artwork and logos you upload for product customization
• Chat messages and communications sent through our contact forms, email, or live chat

2.2 Information Collected Automatically

When you visit our Site, we may automatically collect certain information about your device and browsing activity. Depending on your cookie consent preferences, this may include:

• Anonymized IP address
• Browser type and version
• Device type (desktop, mobile, tablet)
• Pages viewed and time spent on each page
• Referring website or source
• Country and city (determined via IP-based geolocation)
• Cookies and similar tracking technologies (see Section 5 below)

2.3 Information from Third Parties

We may receive information about you from third-party services we use, including:

• Payment processors (Stripe, PayPal) — transaction confirmations, payment status, and fraud screening results

3. How We Use Your Information

We use the personal information we collect for the following purposes:

• Order fulfillment: To process, produce, and deliver your custom promotional product orders
• Payment processing: To charge for products and services, issue refunds, and manage billing
• Transactional communications: To send order confirmations, shipping updates, quote responses, and other service-related emails
• Customer support: To respond to your inquiries, resolve issues, and provide assistance
• Site improvement: To understand how visitors use our Site and improve its functionality, design, and content
• Usage analytics: To analyze trends, track page performance, and measure the effectiveness of our marketing efforts
• Fraud prevention: To detect, investigate, and prevent fraudulent transactions or unauthorized access
• Legal compliance: To comply with applicable laws, regulations, tax requirements, and legal processes
• Marketing (with consent only): To send promotional emails, newsletters, or advertisements about our products and services — only when you have explicitly opted in

4. Legal Basis for Processing (GDPR)

If you are located in the European Union or European Economic Area (EU/EEA), we process your personal data under the following legal bases as defined by the General Data Protection Regulation (GDPR):

• Performance of a contract: Processing necessary to fulfill our contractual obligations to you, including order fulfillment, payment processing, shipping, and customer support related to your purchases.
• Legitimate interests: Processing necessary for our legitimate business interests, provided these interests do not override your fundamental rights. This includes fraud prevention, site security, and basic analytics to maintain and improve our services.
• Consent: Processing based on your freely given, specific, and informed consent. This applies to marketing cookies, advertising tracking technologies, and marketing emails. You may withdraw consent at any time.
• Legal obligation: Processing necessary to comply with legal requirements to which we are subject, including maintaining tax records, responding to lawful requests from authorities, and regulatory compliance.

5. Cookies and Tracking Technologies

Our Site uses cookies and similar tracking technologies to enhance your experience and analyze how the Site is used. We categorize cookies as follows:

• Necessary cookies: Essential for the Site to function properly (e.g., session management, shopping cart, security). These cookies cannot be disabled.
• Analytics cookies (with consent): Help us understand how visitors interact with our Site by collecting and reporting information anonymously. These are only activated after you provide consent.
• Marketing cookies (with consent): Used to track visitors across websites and display relevant advertisements. These are only activated after you provide consent.

Our cookie consent banner allows you to accept or reject non-necessary cookies when you first visit the Site. You can update your preferences at any time.

For detailed information about the specific cookies we use and how to manage them, please see our Cookie Policy.

6. Third-Party Services

We use the following third-party services to operate our business. Each service may collect or process certain data as described below:

Payment Processing

• Stripe — Processes credit card and debit card payments on our behalf. Stripe is PCI DSS Level 1 compliant, the highest level of certification in the payment card industry. We never store your full card number on our servers. See Stripe's privacy policy at stripe.com/privacy.
• PayPal — Available as an alternative payment method. PayPal processes your payment data under their own privacy policy at paypal.com/privacy.

Analytics and Advertising

• Google Analytics 4 — Website analytics service that helps us understand visitor behavior, traffic sources, and site performance. Activated only with your consent. See Google's privacy policy at policies.google.com/privacy.
• Google Ads — Used for advertising measurement and Enhanced Conversions to understand the effectiveness of our ad campaigns. Activated only with your consent. See Google's privacy policy at policies.google.com/privacy.
• Microsoft Advertising (Bing UET) — Used for advertising measurement and conversion tracking on the Microsoft Advertising network. Activated only with your consent. See Microsoft's privacy statement at privacy.microsoft.com.
• Ahrefs — SEO analytics platform used to analyze site performance in search engines. Activated only with your consent. See Ahrefs' privacy policy at ahrefs.com/privacy.

Customer Experience

• Trustpilot — Customer review platform that may collect data when you submit a review or interact with review widgets on our Site. Activated only with your consent. See Trustpilot's privacy policy at trustpilot.com/privacy.

Email and Communication

• SendGrid (Twilio) — Transactional email delivery service used to send order confirmations, shipping notifications, and other service-related emails. See Twilio's privacy policy at twilio.com/legal/privacy.

Security and Infrastructure

• Google reCAPTCHA v3 — Protects our forms from spam and automated bot submissions. May collect device and browser data to distinguish humans from bots. See Google's privacy policy at policies.google.com/privacy.
• Cloudflare — Content delivery network (CDN) and security service that protects our Site from malicious traffic and improves load times. See Cloudflare's privacy policy at cloudflare.com/privacy.
• Cloudflare R2 / Cloudinary — Used for image and file storage, including product images and uploaded artwork.

7. Data Sharing

We do not sell your personal information, except as may be characterized as “sharing” under the California Consumer Privacy Act (CCPA) for targeted advertising purposes (see Section 10 for CCPA rights and opt-out options).

We may share your personal information in the following circumstances:

• Service providers: With the third-party services listed in Section 6 above, solely for the purposes described and under contractual obligations to protect your data.
• Legal requirements: When required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In connection with a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred as part of the business assets. We will notify you of any such change.

8. International Data Transfers

Our Site is operated from the United States, and your personal data is processed and stored on servers located in the United States. If you are visiting from the European Union, European Economic Area, the United Kingdom, or other regions with data protection laws that differ from U.S. law, please be aware that your data will be transferred to the United States.

For EU/EEA visitors, international data transfers rely on Standard Contractual Clauses (SCCs) approved by the European Commission where applicable. Our third-party service providers maintain their own data transfer mechanisms and safeguards in compliance with applicable law.

By using our Site and providing your information, you acknowledge and consent to the transfer of your data to the United States.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our specific retention periods are:

• Customer and order data: 7 years from the date of the last transaction, as required for tax and legal compliance.
• Analytics data: 26 months from the date of collection.
• Consent records: 5 years from the date consent was given or withdrawn, to demonstrate compliance with applicable laws.
• Marketing data: Deleted promptly upon withdrawal of consent or unsubscription from marketing communications.
• Chat messages and communications: 2 years from the date of the interaction.

After the applicable retention period expires, we will securely delete or anonymize your personal information.

10. Your Rights

10.1 All Users

Regardless of your location, you have the right to:

• Access the personal information we hold about you
• Correct any inaccurate or incomplete personal information
• Delete your personal information, subject to legal retention requirements
• Opt out of marketing communications at any time by clicking the “unsubscribe” link in our emails or contacting us directly

10.2 EU/EEA Residents (GDPR)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to erasure: Request that we delete your personal data
• Right to restrict processing: Request that we limit how we use your data
• Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller
• Right to object: Object to processing of your personal data based on legitimate interests
• Right to withdraw consent: Withdraw consent at any time where processing is based on your consent, without affecting the lawfulness of prior processing
• Right to lodge a complaint: File a complaint with your local data protection supervisory authority

10.3 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to know: Request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our purposes for collecting it, and the categories of third parties with whom we share it
• Right to delete: Request deletion of your personal information
• Right to correct: Request correction of inaccurate personal information
• Right to opt out of sale/sharing: Direct us not to sell or share your personal information for cross-context behavioral advertising purposes

To exercise your right to opt out of the sale or sharing of your personal information, please visit our Do Not Sell or Share My Personal Information page.

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

10.4 How to Exercise Your Rights

To submit a request to access, correct, delete, or otherwise exercise your privacy rights, you may:

• Submit a request through our Data Request Form
• Email us at support@qstomize.com

We will respond to verifiable requests within 30 days (or 45 days for CCPA requests). We may need to verify your identity before processing your request.

11. Children's Privacy

Our Site and services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at support@qstomize.com.

12. Security

We take the security of your personal information seriously and implement appropriate technical and organizational measures to protect it, including:

• SSL/TLS encryption: All data transmitted between your browser and our servers is encrypted using industry-standard SSL/TLS protocols
• Encrypted databases: Personal information stored in our databases is protected with encryption at rest
• Access controls: Strict access controls and authentication mechanisms limit who can access your data within our organization
• PCI-compliant payment processing: All payment card data is handled by Stripe, a PCI DSS Level 1 certified payment processor — we never store, process, or transmit full card numbers on our servers

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard protections.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by posting a prominent banner on our website and updating the “Last updated” date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of the Site after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Qstomize LLC
Email: support@qstomize.com
Phone: +1 650-640-3836

For data privacy requests, you may also use our Data Request Form.