DRAFT, pending legal review.This document is a working draft prepared for internal use only. It has not been reviewed by counsel and does not constitute legal advice. Long Island Custom Printing reserves the right to amend any provision before publication.

Privacy Policy

Effective Date: {{effective_date}}

Last updated: 2026-05-20

Long Island Custom Printing (“LICP,” “we,” “us,” or “our”) operates the website at longislandcustomprinting.com (the “Site”) from Huntington, New York. This Privacy Policy describes how we collect, use, share, retain, and protect personal information when you visit the Site, place an order, upload artwork, or otherwise interact with us. By using the Site you agree to the practices described here.

1. Information we collect

1.1 Information you provide directly

Account details such as your name, email address, password (stored hashed), and optional phone number.
Business information including company name and any optional details you supply for invoicing.
Shipping and billing addresses, including the addresses of recipients on blind-ship orders.
Order content: products selected, configuration options, quantities, and any order notes you include.
Design files you upload (PDF, JPG, PNG, TIFF) for production, including the original filename and any metadata embedded in the file.
Communications you send us by email, contact form, or support ticket, including any attachments.
Marketing preferences (whether you have opted in to promotional email).

1.2 Payment information

Payment card details are collected and processed by Square, Inc. directly through a secure iframe embedded in our checkout. We do not store full card numbers, CVV codes, or PINs on our servers. We receive and retain only the card brand, the last four digits, the expiration month and year, and a Square card-on-file token used for future authorized charges.

1.3 Information collected automatically

IP address, user agent string, referring URL, pages visited, and approximate geographic region.
Device and browser information used for security, fraud prevention, and accessibility diagnostics.
Cookies and similar technologies as described in our Cookie Policy.
Aggregate usage analytics from Cloudflare Web Analytics and, where you have not opted out, Google Analytics 4.
Error and performance data captured by Sentry to diagnose application issues.

1.4 Information from third parties

We may receive limited information from our payment processor (Square), our fulfillment partner (Sinalite), our email provider (SendGrid), and our hosting and security provider (Cloudflare). This typically includes payment confirmations, shipping tracking numbers, email delivery status, and abuse signals.

2. How we use information

Order fulfillment. To accept orders, process payment, produce your printed goods through Sinalite, and ship to the address you provide.
Account management. To create and maintain your account, authenticate sessions, apply loyalty discounts, save your designs and reorders, and respond to support requests.
Communications. To send transactional messages (order confirmations, file proofs, ship notices, delivery updates, and account changes) and, where you opt in, marketing and lifecycle messages.
Fraud prevention and security. To detect, investigate, and prevent abuse, fraud, account takeover, and violations of our Terms of Service.
Site operation and analytics. To measure performance, debug errors, and improve the catalog, configurator, and checkout flow.
Legal compliance. To comply with tax recordkeeping, accounting, and other applicable laws.

3. How we share information

We do not sell your personal information. We share information only with the service providers needed to operate the Site and fulfill your orders, and as required by law.

Sinalite (fulfillment and shipping): receives your print files, line item specifications, and recipient ship-to information. Sinalite ships orders blind (the packing slip shows your business name, not theirs or ours).
Square (payments): processes card payments and stores card-on-file tokens for authenticated reorders.
SendGrid (email delivery): transmits transactional and, where you opted in, marketing email on our behalf.
Cloudflare (hosting, security, analytics): serves the Site, protects against abuse, and provides aggregate web analytics.
Google Analytics (analytics, optional): collects aggregate usage statistics where you have not opted out.
Sentry (error monitoring): receives error and performance telemetry, which may include URL paths, user agent, and a hashed user identifier.
Turso (database hosting): stores your account and order data in an encrypted libSQL database.
Professional advisors and authorities: as needed for accounting, tax, legal compliance, or in response to a valid legal request.
Business transfers: in the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may transfer to the successor entity, subject to this Policy.

4. Data retention

We retain personal information only as long as needed for the purposes described in this Policy or as required by law. Specifically:

Order records (including line items, status history, loyalty ledger, coupon redemptions) are retained indefinitely for tax, accounting, and dispute-resolution purposes. New York State requires a minimum seven-year retention window for financial records.
Uploaded design files are retained for 90 days after delivery for guest orders. Authenticated users retain ownership of their file library until they request deletion.
Carts are retained for 30 days after the cart was last updated, then permanently deleted.
Saved quotes expire 7 days after creation and are hard-deleted at 30 days.
Audit logs are retained for 2 years, then archived to cold storage for compliance review.
Email engagement records are retained for 1 year.
Marketing subscriptions are retained until you unsubscribe, plus a 30-day grace window, then anonymized.
Support tickets are retained for 3 years from the last message in the thread.

5. Your rights and choices

We honor the following rights for all users regardless of jurisdiction, even where not legally required:

Right to access. You may request a copy of the personal information we hold about you.
Right to correct. You may correct inaccurate information through your account dashboard or by contacting us.
Right to delete. You may request deletion of your account and personal information. We will anonymize order records that we are required to retain for tax purposes.
Right to opt out of marketing. You may unsubscribe at any time using the link in any marketing email or by updating your account preferences.
Right to opt out of analytics. Use the “Do Not Sell or Share My Info” link in our footer to disable Google Analytics on your device.
Right to data portability. You may request a machine-readable export of your account data.
Right to non-discrimination. We will not deny service, charge different prices, or provide a different level of service because you exercised any of these rights.

To exercise any of these rights, email {{contact_email}}. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

6. California residents (CCPA / CPRA)

California residents have the rights described in Section 5 above. We do not sell personal information as defined by the CCPA. We do not knowingly share personal information for cross-context behavioral advertising. The categories of personal information collected, purposes for collection, and recipients are described in Sections 1 through 3.

7. International users

The Site is operated from the United States. If you access the Site from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate. By using the Site you consent to the transfer of your information to the United States. Our v1 service area is the United States and Canada only.

8. Cookies and tracking

We use a small set of essential cookies (authentication, cart session, security challenge) and optional analytics cookies. We do not use retargeting or third-party advertising cookies in v1. See our Cookie Policy for details and opt-out controls.

9. Security

We use industry-standard technical and organizational safeguards including TLS 1.3 in transit, encryption at rest, hashed passwords, strict Content Security Policy headers, per-request CSRF tokens, rate limiting, and bot protection (Cloudflare Turnstile). No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security. If we become aware of a security incident affecting your information, we will notify you as required by applicable law.

10. Children

The Site is intended for users aged 18 or older and for businesses. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact {{contact_email}} and we will delete it.

11. Third-party links

The Site contains links to sister sites (longislanddtfprinting.com, embroideryli.com) and other third-party services. We are not responsible for the privacy practices of any third party. Review the privacy policy of any third-party site you visit.

12. Updates to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent change. Material changes will be announced by email to registered users and posted on the Site at least 14 days before they take effect.

13. Contact

Questions, requests, and complaints regarding privacy may be sent to:

Long Island Custom Printing
Email: {{contact_email}}
Phone: {{contact_phone}}
Mail: {{business_address}}

DRAFT. Not legal advice. Replace all double-braced placeholders before publishing. Have legal counsel review and finalize this Policy before public launch.