Vivvy mascot
VIVDROP

Legal

Privacy Policy

Last updated: March 27, 2026

1. Who We Are

Vivdrop ("we", "our", "us") is a custom DTF print-on-demand business operating at vivdrop.com. For questions about this policy, contact us at privacy@vivdrop.com.

2. Information We Collect

We collect the following categories of personal information:

  • Order Information: Name, email address, shipping address, phone number (if provided), and order contents. This is required to fulfill your purchase.
  • Payment Information: Payment is processed by Stripe, Inc. We do not receive or store your full credit card number. Stripe provides us with limited transaction data (last 4 digits, card type, billing postal code) for fraud prevention.
  • Account Information: If you create an account, we store your email address and encrypted password via Supabase authentication.
  • Design Data: Artwork and designs you create or upload in our editor are temporarily stored on our servers (via Supabase Storage) for order fulfillment purposes. We retain design files for 90 days after order delivery.
  • Communications: If you contact us via email or the chat widget (Crisp), we retain those communications for customer service purposes.
  • Marketing Consent: If you opt in to marketing communications at checkout, we store your email address and consent timestamp for email marketing via Resend.
  • Technical Data: We may collect IP address, browser type, referring pages, and session duration for site analytics. This data is generally anonymized or aggregated.

3. How We Use Your Information

  • To process, fulfill, and ship your order.
  • To send transactional emails (order confirmation, shipping notification, tracking updates).
  • To send marketing emails if you have consented (you can unsubscribe at any time).
  • To respond to customer service inquiries.
  • To detect fraud and maintain security of our platform.
  • To comply with legal obligations (e.g., tax record-keeping).
  • To improve our website and user experience using aggregated analytics.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases are:

  • Contract performance — processing your order and communicating about it.
  • Legitimate interests — fraud prevention, service improvement, legal defense.
  • Consent — marketing emails (you may withdraw at any time).
  • Legal obligation — retaining tax records as required by law.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only with:

  • Stripe — payment processing. Privacy policy at stripe.com/privacy.
  • Supabase — database and storage. Privacy at supabase.com/privacy. Your data is stored in the United States.
  • ShipStation — shipping label creation and tracking. Shipping address is shared to generate labels.
  • USPS / UPS / FedEx — the carrier selected for your shipment receives your name and shipping address.
  • Resend — transactional and marketing email delivery.
  • Crisp — customer chat widget. Chat conversations are stored by Crisp.
  • Legal Authorities — we may disclose your information where required by law, subpoena, court order, or to protect the rights, property, or safety of Vivdrop, our customers, or others.

6. Data Retention

  • Order records are retained for 7 years for tax and accounting purposes.
  • Design files are deleted 90 days after the associated order is delivered.
  • Marketing email consent records are retained until you unsubscribe.
  • Account data is retained until you request deletion.
  • Customer support chat logs are retained for 2 years.

7. Cookies & Tracking

We use the following cookies and local storage:

  • Essential: Cart state (stored in localStorage), authentication session cookie.
  • Third-party: Stripe uses cookies for fraud prevention. Crisp uses cookies to maintain chat sessions.

We do not currently use advertising cookies or cross-site tracking pixels. If this changes, we will update this policy and provide appropriate consent mechanisms.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data (subject to legal retention requirements).
  • Portability: Receive your data in a structured, machine-readable format.
  • Opt-out of marketing: Unsubscribe at any time via the link in any email we send.
  • California residents (CCPA): You have the right to know what data we collect, the right to delete your data, and the right to opt out of the sale of personal data (we do not sell data).

To exercise any of these rights, email privacy@vivdrop.com with your full name and the email address associated with your order or account. We will respond within 30 days.

9. Children's Privacy

Our Site is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

10. Data Security

We implement commercially reasonable technical and organizational measures to protect your data, including encrypted data transmission (HTTPS/TLS), encrypted storage, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

11. International Data Transfers

Our service providers (Supabase, Stripe, Resend) may store or process your data in the United States. If you are in the EEA or UK, data is transferred under appropriate safeguards (Standard Contractual Clauses or equivalent mechanisms).

12. Changes to This Policy

We may update this Privacy Policy periodically. The date at the top reflects the most recent revision. Continued use of the Site after changes constitutes acceptance of the updated policy. For material changes, we will notify customers by email where we have your contact information.

13. Contact

Questions about this policy? privacy@vivdrop.com