Big Body Tees — Privacy Policy
Effective: [DATE] Version: 1.0 (DRAFT — not yet attorney-reviewed) Operator: Big Body Tees LLC ("Big Body Tees", "we", "us")
This Privacy Policy explains what we collect, why, and what we do with it. It applies to bigbodytees.com and to every interaction we have with you as a customer or prospect. It is separate from, but consistent with, our Customer Agreement, which governs the orders themselves.
Plain-language summary
- We collect only what we need to quote, produce, deliver, and service your order.
- We don't sell your information. We don't share it for ad targeting.
- We use Stripe (payments), Resend (email), Vercel (hosting), Vercel KV (order state), Twilio (text messaging in the future), and Sentry (error tracking).
- We keep transactional records for 7 years (tax law). Marketing contact stays until you opt out.
- You can email hello@bigbodytees.com any time to see, correct, or delete your data — within the limits of what we're required to keep for accounting.
1. What we collect
1.1 Information you give us
- When you fill out the lead form: name, business name, phone number, email, rough quantity, deadline, project description.
- When you place an order: all of the above plus billing name, billing address, payment card information (handled by Stripe — we don't see card numbers), shipping address (if applicable), artwork files, and order notes.
- When you call us: anything you tell us during the call. We do not record calls in Phase C.
- When you email us: the contents of the email and any attachments.
1.2 Information collected automatically
- Server logs: IP address, user agent, requested URL, response code, timestamp. Retained 30 days for security and debugging.
- Cookies and similar: the website uses only first-party functional cookies (session state, form state). We do not use third-party advertising cookies, retargeting pixels, or social-media tracking pixels.
- Analytics: in Phase C, no analytics platform is in use. If we add one in Phase A (e.g., Plausible or PostHog), we will update this policy and choose a privacy-respecting option that does not require a cookie banner.
1.3 Information from third parties
- Stripe: transaction confirmations, payment status, dispute information, and the customer's name/email/billing details Stripe collects at checkout.
- Twilio (future, Phase A): message-delivery status and inbound message content for the business number.
2. Why we collect it
| Purpose | Legal basis |
|---|---|
| Quote, produce, deliver, and service your order | Performance of the Customer Agreement |
| Send transactional notifications (proof, status, payment receipts) | Performance of the Customer Agreement |
| Process payments and prevent fraud | Performance of contract; legitimate interest |
| Comply with tax, accounting, and consumer-protection laws | Legal obligation |
| Defend or pursue legal claims | Legitimate interest |
| Send marketing emails or texts (reorder reminders, new product news) | Your opt-in consent — withdrawable at any time |
| Photograph and display finished products in our marketing | Legitimate interest, with opt-out under Customer Agreement §13c |
3. Who we share it with
We share information only with service providers that need it to do their job, and only to the extent they need it. These providers process data on our behalf under their own privacy and security policies:
- Stripe — payment processing
- Resend — transactional email delivery
- Twilio — text messaging (Phase A and beyond)
- Vercel — website hosting and Vercel KV (order state storage)
- Sentry — error tracking
- Our attorney, accountant, and bank — when needed to operate the business
- Carriers (USPS, UPS, FedEx) — when shipping your order
We do not:
- Sell, rent, or trade your personal information
- Share your information with advertising networks for retargeting
- Allow third-party tracking on our website
- Use your information to train AI models, ours or anyone else's
We will disclose information when required by law (subpoena, court order, valid regulatory request), to enforce our Customer Agreement, to investigate fraud or abuse, or to protect the rights, property, or safety of Big Body Tees, our customers, or the public.
4. How long we keep it
| Data type | Retention |
|---|---|
| Order records (invoices, payment confirmations, tax documents) | 7 years (IRS / GA tax law) |
| Customer artwork files | 12 months after the most recent order, then purged unless extended for an active reorder cycle |
| Email and SMS logs (transactional) | 2 years |
| Server access logs | 30 days |
| Marketing list (opt-in subscribers) | Until you unsubscribe; suppression list kept indefinitely so we honor your opt-out |
| Lead form submissions that don't become orders | 180 days, then purged |
| Sentry error data | 90 days |
5. Your rights
Depending on where you live, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate information
- Delete information (subject to our legal retention obligations, especially the 7-year tax record retention)
- Opt out of marketing at any time (reply STOP to a text, click "unsubscribe" in any marketing email, or email hello@bigbodytees.com)
- Object to or restrict processing for marketing purposes
- Receive a copy of your information in a portable format
To exercise any of these rights, email hello@bigbodytees.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.
We are a small Georgia business and do not knowingly collect information from anyone outside the United States. If you are an EU/UK resident and you place an order with us, we will treat your data in accordance with this policy and applicable law.
6. Security
We use commercially reasonable technical and organizational measures to protect your information, including:
- TLS encryption for all data in transit
- Encryption at rest in our service providers' infrastructure (Vercel KV, Stripe, Resend, Twilio)
- Access controls limiting who can read customer data
- Strong, unique passwords and (where available) two-factor authentication on all admin accounts
- Periodic review of who has access to what
No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you by email and follow Georgia's breach notification law.
7. Children
Big Body Tees does not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, contact us at hello@bigbodytees.com and we will delete it.
8. Cookies
We use only first-party functional cookies necessary for the site and admin app to function (session state, form persistence, basic-auth credentials for the admin area). We do not use third-party advertising or analytics cookies in Phase C. If we add an analytics tool later, we will update this section and, where required, provide a cookie banner.
9. California, Virginia, and other state-specific rights
If you are a California, Virginia, Colorado, Connecticut, or Utah resident, you have additional rights under your state's consumer-privacy law. Most of those rights — access, correction, deletion, opt-out — are listed in §5 above and apply to you on the same basis as everyone else. Specifically:
- We do not "sell" personal information as that term is defined under the California Consumer Privacy Act (CCPA) or similar laws.
- We do not engage in cross-context behavioral advertising.
- We do not "share" personal information with third parties for their independent marketing purposes.
To exercise your state-specific rights, email hello@bigbodytees.com. You may designate an authorized agent.
10. Changes to this policy
We may update this policy from time to time. The "Effective" date at the top reflects the latest version. Material changes will be announced by email to active customers and posted on the website at least 30 days before they take effect.
11. Contact
Questions about this policy or about the personal information we hold:
Big Body Tees LLC [STREET] Villa Rica, GA [ZIP] hello@bigbodytees.com [PHONE]