Privacy Policy

Last Updated: March 16, 2026 | Effective Date: March 16, 2026

This Privacy Policy applies to the cuzcuz.com website (the "Site") and all related print-on-demand (POD) services, tools, and features (collectively, the "Services") operated by cuzcuz (referred to as "we," "us," or "our"). We are committed to protecting the privacy and security of Personal Information in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA/CPRA), Personal Information Protection Law of the People's Republic of China (PIPL), and other applicable global data protection laws.

By accessing, browsing, or using our Services, you (referred to as "you" or "User") acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with this policy, do not use the Site or Services.

1. Definitions & Data Role Clarification

1.1 Key Definitions

Merchant User: An individual or business entity that registers an account to create designs, place print orders, and operate a store via our POD Services.
End Customer: A final consumer who purchases printed products from a Merchant User through our platform.
Personal Information: Any information relating to an identified or identifiable natural person, as defined by applicable data protection laws.
Anonymous Data: Data that cannot be linked to a specific individual, even when combined with other information.
Data Processing Agreement (DPA): A written contract governing secure and compliant data handling between our platform and third-party service providers.

1.2 Data Controller vs. Processor Role

For Merchant Users: We act as the Data Controller and are fully responsible for the collection, use, storage, and protection of your Personal Information in accordance with applicable laws.
For End Customers: Merchant Users act as the primary Data Controller, and we act solely as a Data Processor. We process End Customer Personal Information only as instructed by the Merchant to fulfill print, production, and delivery obligations, with no independent authority to use such data for unapproved purposes.

2. Personal Information We Collect

We collect only the minimum necessary Personal Information required to provide and maintain our POD Services. We do not collect sensitive Personal Information (e.g., race, religion, biometrics, health data, political opinions) unless explicitly required by law or with your express voluntary consent.

2.1 Information Collected from Merchant Users

a. Information You Provide Voluntarily

Account registration data: Full name/company name, email address, phone number, encrypted password, business license (for corporate merchants);
Order & fulfillment data: Shipping/billing addresses, payment details (we store only partial payment credentials, never full card numbers or bank account details);
Design & content data: Uploaded images, text, logos, custom graphics, and design drafts for printing and order production;
Support & communication data: Messages, feedback, inquiries, and dispute records submitted to our customer service team;
Additional optional data: Contact details for invited collaborators or saved address book entries (provided at your discretion).

b. Automatically Collected Information

Device & usage data: IP address, device type, browser version, operating system, page views, click behavior, access timestamps, and session duration;
Tracking technologies: Data from cookies, web beacons, pixel tags, and similar tools to maintain login sessions, analyze platform usage, prevent fraud, and improve service quality (see Section 7 for cookie controls).

2.2 Information Collected About End Customers

We only receive End Customer Personal Information from Merchant Users strictly for order fulfillment purposes, including: full name, delivery address, phone number, and payment type (no full payment account details). We do not independently collect, source, or solicit End Customer data outside of this workflow.

3. How We Use Your Personal Information

We use Personal Information only for the purposes disclosed in this policy and based on valid legal grounds (contractual necessity, legitimate interest, explicit consent, or legal compliance). We do not use data for undisclosed or unrelated purposes without prior notice and approval.

Approved usage purposes include:

Creating, verifying, securing, and managing your Merchant account;
Processing print orders, producing custom products, and coordinating end-to-end delivery;
Facilitating secure payment processing, invoicing, transaction verification, and financial record-keeping;
Storing, editing, previewing, and archiving user-submitted design content;
Responding to customer support requests, resolving order disputes, and addressing service issues;
Detecting fraud, preventing unauthorized access, mitigating security risks, and ensuring platform integrity;
Sending transactional and service notifications (order confirmations, production updates, delivery alerts, account security alerts) – these are critical to service delivery and cannot be opted out of;
Sending marketing communications (only with your explicit opt-in consent, with one-click opt-out options available at all times);
Complying with legal obligations, regulatory requests, court orders, and industry reporting requirements.

4. Data Sharing, Transfer & Disclosure

We never sell, rent, lease, or monetize Personal Information to third parties for commercial purposes. We share data only under limited, legally compliant circumstances, adhering strictly to the "data minimization" principle (sharing only what is necessary to fulfill services).

4.1 Trusted Third-Party Service Providers

We share necessary data with vetted, compliant partners who assist in operating our Services. All such partners are required to sign written Data Processing Agreements (DPAs) and comply with applicable data protection laws. Approved partners include:

Print and production partners: Design files, order specifications, and delivery details for product manufacturing;
Logistics and shipping providers: End Customer shipping details for order delivery and tracking;
Payment processors: Limited transaction data for secure payment settlement and anti-fraud checks;
Cloud storage and hosting providers: Securing account, order, and design data on compliant servers;
Customer support and technical tools: Limited account and order data to resolve user issues efficiently;
Analytics providers: Anonymous, de-identified usage data to optimize platform performance (no personal identifiers shared).

4.2 Business Transfers

In the event of a merger, acquisition, asset sale, bankruptcy, or reorganization, Personal Information may be transferred as part of the transaction. We will notify Users via website banner or registered email before any transfer takes effect, and the receiving party will be bound by the terms of this Privacy Policy.

4.3 Legal Requirements & Safety Disclosures

We may disclose Personal Information without prior consent if required by law, or to: (1) comply with legal processes, regulatory requests, or enforceable court orders; (2) protect the rights, property, safety, or reputation of cuzcuz, our Users, or the general public; (3) investigate fraud, intellectual property infringement, or violations of our Terms of Service.

4.4 Cross-Border Data Transfers

To enable our global print-on-demand fulfillment network—including cross-border printing, shipping, and cloud hosting operations—Personal Information may be transferred, stored, and processed in countries and regions outside of your home jurisdiction, including but not limited to the European Economic Area (EEA), the United Kingdom, the United States, and other key production and logistics hubs.

We are committed to full legal compliance for all cross-border data transfers and implement strict safeguards to protect your data, including but not limited to:

EU Standard Contractual Clauses (SCCs): We use the European Commission-approved SCCs with all third-party partners involved in cross-border processing, which impose binding data protection obligations consistent with GDPR;
EU-U.S. Data Privacy Framework & Other Regional Frameworks: We rely on valid, regulator-approved cross-border data transfer mechanisms, including the EU-U.S. Data Privacy Framework and comparable certifications for other jurisdictions;
Data Minimization & Purpose Limitation: We only transfer the narrowest set of Personal Information necessary to complete order fulfillment and service delivery—never full payment details, sensitive personal data, or unrelated user information;
Third-Party Oversight: All international partners are required to sign binding Data Processing Agreements (DPAs) and undergo regular security and compliance reviews to ensure consistent protection of transferred data.

We will only transfer Personal Information where we are confident that an adequate level of protection is in place, and we will inform you of any material changes to our cross-border transfer practices or safeguards as required by applicable law.

5. Data Storage & Security

5.1 Data Storage Location & Retention

Storage Location: All Personal Information is primarily stored on secure servers located in the People's Republic of China. Cross-border transfers are limited to fulfillment needs and governed by Section 4.4.
Retention Period: We retain Personal Information only for the shortest time necessary to fulfill the purposes for which it was collected, or as required by law:
- Merchant account data: Retained until account deletion/closure, plus a 15-day post-closure window for final processing and dispute resolution;
- End Customer data: Anonymized or deleted within 7 business days after order fulfillment is complete;
- Order and payment records: Retained for mandatory tax, audit, and legal compliance periods (typically 3-5 years);
- Anonymous data: May be retained long-term for analytics and service improvement (no personal identifiers).

5.2 Data Security Measures

We implement industry-standard technical and organizational safeguards to protect Personal Information from unauthorized access, loss, destruction, alteration, or disclosure, including:

Encryption: SSL/TLS transmission encryption, encrypted password storage (hashing), and sensitive data masking;
Access control: Role-based employee access limits (only "need-to-know" access to personal data);
Regular security audits, vulnerability scans, and data backup protocols;
Mandatory data protection training for staff handling Personal Information;
Third-party security assessments for all service partners.

While we maintain rigorous security standards, no electronic transmission or storage system is completely immune to risks. We encourage you to protect your account credentials and notify us immediately of unauthorized account activity.

6. User Rights Regarding Personal Information

In accordance with GDPR, CCPA/CPRA, PIPL, and other applicable laws, you have the right to access, manage, and control your Personal Information. We provide accessible channels to exercise these rights without unreasonable delay or barrier.

6.1 Rights for Merchant Users

Right to Access & Copy: Request a copy of your Personal Information held by us;
Right to Correction: Update or correct inaccurate, incomplete Personal Information;
Right to Deletion: Request deletion of your Personal Information (where legally permissible);
Right to Data Portability: Request your account, order, and design data in a machine-readable format;
Right to Withdraw Consent: Revoke consent for marketing or non-essential data processing (without affecting prior lawful processing);
Right to Restrict Processing: Request limits on how we use your Personal Information;
Right to Account Deletion: Permanently close your Merchant account (subject to pending orders and legal obligations).

6.2 Rights for End Customers

End Customer Personal Information is controlled by the applicable Merchant User. To exercise data rights, please contact the Merchant directly. We will assist the Merchant with compliant data requests where required.

6.3 How to Exercise Your Rights

Submit requests via our dedicated privacy email: privacy@cuzcuz.com. Include your full name, registered email/phone, and relevant order details for identity verification. We will respond to valid requests within 15 business days (or as required by local law). We may extend response time for complex requests, with prior notice to you.

7. Cookies & Similar Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance user experience, maintain sessions, analyze usage, and prevent fraud. You may control cookie preferences via your browser or our site cookie banner.

Necessary Cookies: Required for core site functionality (login, order processing, cart management); cannot be disabled (disabling will break service access);
Analytics & Performance Cookies: Collect anonymous usage data to improve platform speed and functionality;
Marketing & Personalization Cookies: Used for personalized recommendations and promotional content (only with your consent).

You may adjust cookie settings through your browser preferences or the cookie banner on our Site homepage. Rejecting non-essential cookies will not impact access to core POD Services.

8. Marketing Communications & Opt-Out

We only send marketing emails, newsletters, or promotional alerts with your explicit opt-in consent. All marketing messages include a clear, one-click opt-out link. You may also unsubscribe via:

Account Privacy Settings in your Merchant dashboard;
Email request to privacy@cuzcuz.com.

Opting out of marketing will not affect transactional or service-critical notifications (order updates, security alerts, etc.).

9. Minors' Privacy Protection

Our Services are intended for use by individuals aged 18 and older. We do not knowingly collect Personal Information from children under the age of 13 (or the applicable age of majority per local law). If we become aware that we have inadvertently collected data from a minor, we will immediately delete such information. Parents or legal guardians may contact privacy@cuzcuz.com to request deletion of minor-related data.

10. Third-Party Links

Our Site may contain links to third-party websites, social media platforms, or payment portals. We have no control over the privacy practices of these external sites and are not responsible for their content or policies. We encourage you to review the privacy policies of any third-party sites before sharing Personal Information.

11. Policy Updates & Changes

We may revise this Privacy Policy periodically to reflect legal changes, service updates, or operational improvements. Material changes will be posted on our Site with a revised "Last Updated" date, and we will notify Users via site banner or registered email at least 30 days before effective date (where required by law). Continued use of our Services after the update constitutes acceptance of the revised policy.

12. Contact Us

If you have questions, complaints, or requests regarding this Privacy Policy or our data practices, please contact us at:

Privacy Email: privacy@cuzcuz.com (priority for data rights requests and privacy complaints)
Customer Support Email: service@cuzcuz.com
Online Support: Accessible via the Merchant dashboard on cuzcuz.com

We will acknowledge and respond to all privacy-related inquiries promptly and in compliance with applicable data protection laws.

Return to registration