Privacy Policy

Privacy Policy

Cultivate Print, LLC

Effective Date: September 11, 2025
Last Updated: October 16, 2025

1. INTRODUCTION

Cultivate Print, LLC ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our wholesale print-on-demand services, websites, applications, and related services (collectively, the "Services").

Our Business Model: We primarily operate as a wholesale print-on-demand service provider to businesses and content creators. We may also offer direct-to-consumer services through our Four Pillars Printing platform.

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information:

  • Name, email address
  • Business name and address
  • Payment information (processed securely through third-party processors)
  • Tax identification numbers and tax forms (W-9, W-8BEN, etc.)
  • Shipping and billing addresses

Content and Project Data:

  • Book manuscripts, images, and design files
  • Project specifications (size, binding, quantities)
  • Metadata and descriptions
  • Customer service communications

Four Pillars Printing (When Applicable):

  • Digital purchase receipts and verification documents
  • End customer information for order fulfillment
  • Product preferences and purchase history

2.2 Information We Collect Automatically

Usage Information:

  • IP addresses and device identifiers
  • Browser type and operating system
  • Pages visited and time spent on our Services
  • Referral sources and exit pages
  • Date and time of access

Cookies and Tracking Technologies:

  • Essential cookies for site functionality
  • Analytics cookies to understand usage patterns
  • Performance cookies to optimize our Services
  • Marketing cookies (with your consent where required)

Technical Data:

  • Server logs and error reports
  • API usage statistics
  • Integration performance data

2.3 Information from Third Parties

Platform Integrations:

  • Order data from Shopify, WooCommerce, Squarespace, BigCommerce
  • Shipping and tracking information from carriers
  • Payment processing data (without storing full payment details)

Business Partners:

  • Verification information from payment processors
  • Address validation from shipping services
  • Industry databases for business verification

2.4 Platform-Specific Data

Important Note About Platform Data: When you connect our services through platform integrations (such as Shopify, WooCommerce, etc.), we receive order and customer data from those platforms. This data is subject to additional restrictions and is treated as confidential information of the platform provider. We collect and use this data solely to fulfill orders and provide services to you, in accordance with platform partner agreements and this Privacy Policy.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Business Purposes

Service Delivery:

  • Process and fulfill print orders
  • Manage your account and provide customer support
  • Communicate about orders, shipping, and service updates
  • Handle returns, replacements, and quality issues

Platform Operations:

  • Maintain and improve our Services
  • Integrate with e-commerce platforms
  • Process payments and handle billing
  • Ensure platform security and prevent fraud

Legal and Compliance:

  • Comply with tax reporting obligations
  • Respond to legal requests and enforce our Terms
  • Maintain business records as required by law
  • Protect our rights and the rights of others

3.2 Platform Integration Data Use Restrictions

For data received through platform integrations (Shopify, WooCommerce, etc.):

Strict Limitations:

  • Purpose Limitation: We use this data ONLY to fulfill orders and provide our services to you. We do not use platform order data for marketing, cross-selling, analytics beyond service provision, or any other purpose.
  • No End Customer Contact: We will not directly contact your end customers unless you explicitly authorize us to do so in writing for specific purposes.
  • Storage Duration: We store platform order data only as long as necessary to provide services and comply with legal obligations (typically 7 years for tax compliance).
  • Security: We maintain enhanced security measures specifically for platform data, including encryption, access controls, and regular security audits.

3.3 Four Pillars Printing Services

When you participate in Four Pillars Printing:

  • Verify digital purchase receipts
  • Process direct-to-consumer orders
  • Provide customer service to end customers
  • Manage inventory and fulfillment

3.4 Business Analytics and Improvement

Service Enhancement:

  • Analyze usage patterns to improve our Services (using aggregated, anonymized data)
  • Monitor printing quality and delivery performance
  • Develop new features and capabilities
  • Optimize pricing and service offerings

Marketing (B2B Focus):

  • Communicate about new services and features
  • Send industry updates and educational content
  • Provide promotional offers (with your consent)
  • Participate in trade shows and industry events

4. HOW WE SHARE YOUR INFORMATION

4.1 Service Providers and Partners

Essential Service Providers:

  • Printing Partners: Production facilities that print your content
  • Shipping Carriers: UPS, FedEx, USPS, and international carriers
  • Payment Processors: Secure payment handling services
  • Cloud Hosting: AWS, Google Cloud, or similar infrastructure providers

Platform Integrations:

  • E-commerce Platforms: Shopify, WooCommerce, Squarespace, BigCommerce
  • Analytics Services: Google Analytics, service monitoring tools
  • Customer Support: Helpdesk and communication platforms

4.2 Sharing with Platform Providers

Special Requirements for Platform Data:

When you use our services through platform integrations (Shopify, WooCommerce, etc.), we may share information with the platform provider, including:

  1. Compliance Information: Details about our data handling practices, security measures, and compliance with platform partner agreements
  2. Security Incidents: Notification of any data breaches or security incidents affecting platform data, as required by platform partner agreements (within 24 hours of discovery)
  3. Audit Information: Documentation and records requested during platform provider audits of our practices
  4. Operational Data: Technical information necessary for integration functionality and troubleshooting

Platform Provider Rights: Platform providers (such as Shopify) have contractual rights to audit our practices and require information sharing for regulatory, compliance, security, or operational purposes. Platform data is treated as confidential information of the platform provider.

4.3 Legal and Compliance Sharing

Tax Authorities:

  • IRS reporting for US creators (1099-MISC forms)
  • International tax reporting as required
  • Backup withholding documentation

Legal Requirements:

  • Court orders, subpoenas, and legal process
  • Law enforcement requests with proper authority
  • Protection of our rights and property
  • Prevention of fraud or illegal activities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to this Privacy Policy's protections.

4.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that cannot identify you for:

  • Industry research and reporting
  • Service benchmarking
  • Marketing and business development

Note: Platform-specific data is anonymized in compliance with platform partner agreement requirements.

5. YOUR RIGHTS AND CHOICES

5.1 Access and Control

Account Management:

  • Access and update your account information
  • Download your content and order history
  • Manage communication preferences
  • Close your account (subject to legal retention requirements)

Marketing Communications:

  • Opt out of promotional emails
  • Manage cookie preferences
  • Control third-party integrations

5.2 Platform Integration Data Rights

For data received through platform integrations:

  • You may request information about how we handle platform order data
  • You may request deletion of platform data (subject to legal retention requirements and platform provider policies)
  • Platform providers may have additional rights regarding data from their platforms

5.3 Regional Privacy Rights

California Residents (CCPA):

  • Right to know what personal information we collect
  • Right to delete personal information (with exceptions)
  • Right to opt-out of sale of personal information (Note: We do not sell personal information)
  • Right to non-discrimination for exercising rights

European Users (GDPR):

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

To Exercise Your Rights:
Email us at privacy@cultivateprint.com or contact us using the information in Section 13.

6. DATA SECURITY

6.1 Security Measures

Technical Safeguards:

  • Encryption: Industry-standard encryption for data in transit (TLS 1.2+) and at rest (AES-256)
  • Secure Infrastructure: Data centers with SOC 2 compliance and physical security controls
  • Access Controls: Multi-factor authentication, role-based access, and principle of least privilege
  • Monitoring: 24/7 security monitoring, intrusion detection, and automated threat response
  • Regular Audits: Annual security audits, penetration testing, and vulnerability assessments

Operational Safeguards:

  • Employee training on data protection and security best practices
  • Background checks for personnel with data access
  • Documented incident response procedures and 24/7 security team
  • Regular backup and disaster recovery testing
  • Vendor security assessments for third-party service providers

Enhanced Platform Data Security:

For data received through platform integrations (Shopify, WooCommerce, etc.), we implement additional security measures:

  • Dedicated secure storage with enhanced access restrictions
  • Separate encryption keys managed through key management systems
  • Heightened monitoring and alerting for platform data access
  • Quarterly security reviews specific to platform integration data handling

6.2 Data Breach Response

In the event of a data breach affecting your personal information, we will:

Immediate Actions (Within 24 Hours):

  • Investigate and contain the incident
  • Notify affected users when breach affects their data
  • Notify platform providers (Shopify, WooCommerce, etc.) when platform data is affected
  • Begin internal incident review and documentation

Ongoing Response:

  • Report to relevant regulatory authorities as required by law
  • Provide guidance on protective measures you can take
  • Implement remediation measures to prevent recurrence
  • Cooperate fully with any investigations
  • Provide regular updates until incident is fully resolved

Platform-Specific Requirements: For breaches involving platform integration data, we follow accelerated notification timelines required by platform partner agreements (typically within 24 hours).

No Guarantee: While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your information.

7. DATA RETENTION

7.1 General Retention Periods

  • Account Data: Retained while your account is active and for 7 years after closure for tax and legal compliance
  • Content Files: Retained according to our published Content Retention Policy
  • Transaction Records: Retained for 7 years for accounting and tax purposes
  • Communication Records: Retained for 3 years or as needed for customer service

7.2 Platform Integration Data Retention

For data received through platform integrations:

  • Order Data: Retained only as long as necessary to fulfill orders and comply with legal requirements
  • Customer Information: Typically deleted after 7 years unless longer retention is required by law
  • Aggregated Analytics: May be retained indefinitely in anonymized form
  • Audit Logs: Retained for 3 years for security and compliance purposes

7.3 Legal Retention Requirements

Some information may be retained longer to comply with:

  • Tax reporting obligations (typically 7 years)
  • Legal discovery requirements
  • Regulatory compliance requirements
  • Fraud prevention needs

7.4 Deletion Procedures

When retention periods expire, we securely delete or anonymize your information using:

  • Secure data wiping procedures for digital storage
  • Certified destruction for physical records
  • Cryptographic erasure for encrypted data
  • Documented deletion processes with verification

Platform Data Deletion: When deleting platform integration data, we also provide confirmation to relevant platform providers when required by partner agreements.

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Processing

Our Services may involve transferring your information outside your country of residence, including to the United States where our primary operations are located.

Platform Data Transfers: Data received from platform integrations may be stored and processed in the United States. We implement appropriate safeguards for such transfers in compliance with platform partner agreement requirements and applicable laws.

8.2 Transfer Safeguards

For international transfers, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally recognized transfer mechanisms
  • Enhanced security measures for cross-border data flows

9. COOKIES AND TRACKING

9.1 Types of Cookies We Use

  • Essential Cookies: Required for basic site functionality (account login, order processing)
  • Analytics Cookies: Help us understand how you use our Services (Google Analytics)
  • Performance Cookies: Allow us to optimize site performance and load times
  • Marketing Cookies: Used for advertising and retargeting (with consent where required)

9.2 Managing Cookies

You can control cookies through:

  • Browser settings and preferences
  • Our cookie consent management tool (available on first visit)
  • Opt-out tools provided by advertising networks (e.g., NAI, DAA)

Note: Disabling essential cookies may limit your ability to use our Services. Analytics and marketing cookies can be disabled without affecting core functionality.

9.3 Do Not Track

Our Services do not currently respond to "Do Not Track" browser signals. You can control tracking through cookie settings and third-party opt-out tools.

10. CHILDREN'S PRIVACY

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it promptly.

If you believe we have collected information from a child under 16, please contact us immediately at privacy@cultivateprint.com.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or platform partner agreement requirements. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify you of material changes via email or prominent notice on our website
  • Obtain your consent for changes that materially expand our use of your information
  • Provide notification to platform providers when required by partner agreements

Your continued use of our Services after changes become effective constitutes acceptance of the updated policy.

12. THIRD-PARTY SERVICES

12.1 Platform Integrations

Our Services integrate with third-party platforms (Shopify, WooCommerce, Squarespace, BigCommerce) that have their own privacy policies. We encourage you to review these policies as they govern how these platforms handle your information.

Important: When you use our services through platform integrations:

  • Platform providers have their own data collection and use practices
  • Your relationship with the platform is governed by their terms and privacy policy
  • Platform providers may collect information about your use of our integration
  • We are contractually obligated to handle platform data according to their partner agreements

12.2 Four Pillars Printing

When using Four Pillars Printing services, additional privacy terms may apply. These will be clearly disclosed at the time of service activation.

12.3 No Responsibility for Third Parties

We are not responsible for the privacy practices of third-party services, even when accessed through our Services. This includes:

  • Platform providers (Shopify, WooCommerce, etc.)
  • Payment processors
  • Shipping carriers
  • Analytics providers

13. CONTACT INFORMATION

13.1 Privacy Questions

For privacy-related questions or to exercise your rights, contact us at:

Email: privacy@cultivateprint.com

Mail:
Cultivate Print, LLC
Privacy Officer
522 W RIVERSIDE AVE STE N
SPOKANE, WA 99201

13.2 General Contact

For general questions about our Services:

Email: hello@cultivateprint.com

13.3 Data Protection Officer (If Applicable)

If we determine that we need a Data Protection Officer under GDPR or other regulations, contact information will be provided here.

13.4 EU Representative (If Applicable)

If we determine that we need an EU representative under GDPR, contact information will be provided here.

14. PLATFORM-SPECIFIC PRIVACY NOTICES

14.1 Shopify Integration Privacy Notice

When you use our services through Shopify:

Data We Receive from Shopify:

  • Order information (items, quantities, pricing)
  • Shipping addresses for order fulfillment
  • Customer names and contact information for shipping purposes
  • Store information necessary for integration functionality

How We Use Shopify Data:

  • Solely for Order Fulfillment: We use Shopify data only to print and ship books to your customers
  • No Marketing: We do not use Shopify customer data for any marketing purposes
  • No Direct Contact: We do not contact your customers directly unless you explicitly authorize it
  • Limited Storage: We retain Shopify order data only as long as necessary for fulfillment and legal compliance

Shopify's Rights:

  • Shopify treats order data from their platform as their confidential information
  • Shopify has the right to audit our data handling practices
  • We may be required to share information with Shopify for compliance purposes
  • We must notify Shopify within 24 hours of any data breach affecting Shopify data

Your Responsibilities:

  • You are responsible for your own privacy policy toward your customers
  • You must comply with Shopify's Terms of Service and privacy requirements
  • You are responsible for obtaining necessary consents from your customers

14.2 WooCommerce Integration Privacy Notice

When you use our services through WooCommerce:

Data Collection and Use: Similar restrictions apply as described in Section 14.1 for Shopify. We use WooCommerce order data solely for order fulfillment and maintain the same security and privacy protections.

Platform Relationship: WooCommerce/Automattic has certain rights regarding data from their platform, including audit rights and breach notification requirements.

14.3 Other Platform Integrations

For Squarespace, BigCommerce, and other platform integrations, similar data handling practices apply:

  • Data used solely for order fulfillment
  • No direct customer contact without authorization
  • Platform-specific security and compliance requirements
  • Platform provider audit and information rights

15. EFFECTIVE DATE AND VERSION

This Privacy Policy is effective as of September 11, 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

Last Updated: October 16, 2025
Version: 2.0 (Updated for Platform Integration Compliance)

APPENDIX A: DATA PROCESSING DETAILS

For Platform Integration Data:

Legal Basis for Processing (GDPR):

  • Contractual necessity (to fulfill orders)
  • Legitimate interests (fraud prevention, service improvement)
  • Legal obligations (tax reporting, legal compliance)

Data Categories Processed:

  • Order information (items, quantities, pricing)
  • Shipping addresses
  • Customer names for shipping labels
  • Order timestamps and identifiers
  • Payment confirmation (not full payment details)

Data Recipients:

  • Printing facilities (for production)
  • Shipping carriers (for delivery)
  • Platform providers (for compliance and audits)
  • Legal authorities (when required by law)

Data Retention:

  • Active orders: Duration of fulfillment + 90 days
  • Completed orders: 7 years (tax compliance)
  • Security logs: 3 years
  • Aggregated analytics: Indefinite (anonymized)

Data Subject Rights:

  • Access, rectification, erasure (subject to legal retention)
  • Restriction of processing
  • Data portability
  • Right to object
  • Right to lodge complaint with supervisory authority