Privacy Policy
Last updated May 07, 2026
Cultivate Shop — operated by Cultivate Print, LLC
Effective Date: May 7, 2026
Version: 1.1
1. Introduction
Cultivate Print, LLC (“Company,” “we,” “us,” or “our”) operates Cultivate Shop (the “Platform” or “Service”), a creator commerce platform. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard information when you use the Service. By using the Service, you consent to the practices described in this Policy.
2. Applicability
This Policy applies to two categories of individuals:
- Creators: individuals and business entities that register accounts and operate storefronts on the Platform.
- End Customers: individuals who purchase products from Creator storefronts.
Creators are the data controllers of their End Customer Data. The Company acts as a data processor (service provider) on behalf of Creators for End Customer Data collected through storefronts. Each Creator is independently responsible for maintaining their own privacy policy governing their relationship with their End Customers.
3. Information We Collect
3.1 From Creators
Upon registration and during use, we collect: full legal name, email address, business name, billing address, phone number; account credentials (passwords are hashed and salted, never stored in plaintext); Stripe Connect account identifiers (we do not receive or store full bank account numbers, routing numbers, or payment card details — Stripe does); product listings, images, pricing, descriptions, and digital files you upload; storefront configuration, theme selections, and settings; usage data including login timestamps, feature usage, page views, and session duration; IP addresses and device information associated with account access; and support communications and feedback.
3.2 From End Customers (Processed on Behalf of Creators)
When an End Customer transacts on a Creator’s storefront, we collect on the Creator’s behalf: full name, email address, shipping address, and billing address; order contents, quantities, and transaction history; payment confirmation data and transaction identifiers (full payment card details are handled exclusively by Stripe and are never received or stored by the Company); IP address, browser type, device identifiers, and approximate geolocation for fraud prevention and analytics; and communications related to orders routed through the Platform.
3.3 Automatically Collected Information
We automatically collect: IP addresses, browser type and version, operating system, device identifiers; referring URLs, pages visited, clickstream data, and session timestamps; cookies and similar tracking technologies (see Section 13).
4. How We Use Information
4.1 Creator Information
We use Creator information to: provide, operate, maintain, and improve the Platform; process Platform Access Fees, Shortfall Amounts, and Stripe Connect application fees; authenticate your identity and secure your account; communicate service updates, security alerts, billing information, and policy changes; detect, investigate, and prevent fraud, abuse, and violations of our Terms; comply with legal obligations including tax reporting; enforce our Terms of Service; and generate aggregated, anonymized analytics about Platform usage (never in a manner that identifies individual Creators or their customers).
4.2 End Customer Information
We use End Customer information solely to operate Creator storefronts and provide the Service to Creators, including: processing orders and transmitting payment instructions to Stripe; delivering digital products; transmitting fulfillment data to Cultivate Print when the Creator has enabled print fulfillment; sending transactional communications (order confirmations, shipping notifications, delivery updates) on the Creator’s behalf; processing refunds, disputes, and chargebacks as directed by the Creator or required by Stripe; and fraud detection and prevention.
We do not use End Customer Data for our own marketing, advertising, profiling, cross-selling, or analytics beyond providing the Service to the Creator. We do not contact End Customers for any purpose unrelated to an active transaction unless required by law.
5. How We Share Information
We share information only as follows:
Stripe. Transaction and identity data is shared with Stripe for payment processing via Stripe Connect. Stripe’s handling of data is governed by the Stripe Privacy Policy.
Cultivate Print, LLC fulfillment operations. When a Creator enables Cultivate Print fulfillment, order details, shipping addresses, and product specifications are shared with our affiliated print fulfillment operations to produce and ship physical orders. Cultivate Print and Cultivate Shop are operated by the same legal entity.
Infrastructure and service providers. We use third-party providers for hosting (DigitalOcean, Hatchbox), CDN and storage (Cloudflare, Cloudflare R2), email delivery (transactional email services), error monitoring, and analytics. All providers are bound by contractual confidentiality obligations and process data only on our instructions.
Legal compliance. We may disclose information when required by law, subpoena, court order, regulatory demand, or when we reasonably believe disclosure is necessary to protect the rights, safety, or property of the Company, Creators, End Customers, or the public.
Business transfers. In connection with a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all assets, information may be transferred to the successor entity, subject to continued protection under this Policy or a policy no less protective.
We do not sell, rent, or trade personal information to third parties for their marketing purposes.
6. Data Retention
Creator data is retained for as long as your account is active and for seven (7) years following account closure for legal, tax, and accounting purposes, unless a longer retention period is required by law.
End Customer Data is retained as long as necessary to: fulfill orders and process returns/exchanges; support dispute resolution and chargeback processes; comply with legal, tax, and accounting obligations; and enforce our Terms. Upon Creator account closure, End Customer Data is deleted or anonymized within ninety (90) days, except where retention is required by law or active disputes.
Automatically collected data (logs, analytics) is retained for up to twenty-four (24) months and then deleted or anonymized.
7. Data Security
We implement administrative, technical, and physical safeguards including: encryption in transit (TLS 1.2+) for all data transmissions; encryption at rest for sensitive data fields; access controls and role-based permissions limiting employee access to personal data; regular security reviews and vulnerability assessments; and incident response procedures.
No method of electronic transmission or storage is 100% secure. While we use commercially reasonable measures to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the security of your account credentials and for promptly reporting any suspected unauthorized access to [email protected].
8. Your Rights
Depending on your jurisdiction, you may have the right to: access the personal data we hold about you; correct inaccurate or incomplete data; request deletion of your data (subject to legal retention requirements); restrict or object to certain processing activities; request data portability in a machine-readable format; withdraw consent where processing is based on consent; and lodge a complaint with a supervisory authority.
To exercise these rights, contact [email protected]. We will respond within thirty (30) days, or the shorter timeframe required by applicable law.
End Customers should contact the Creator whose storefront they purchased from in the first instance, as the Creator is the data controller. If the Creator is unresponsive or unable to address your request, you may contact us and we will make reasonable efforts to assist.
9. California Residents (CCPA/CPRA)
If you are a California resident, you have the right to: know what personal information is collected, used, shared, or sold; request deletion of personal information; correct inaccurate personal information; opt out of the “sale” or “sharing” of personal information; and not be discriminated against for exercising these rights.
We do not sell or share (as defined by CCPA/CPRA) personal information. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service.
To exercise your California privacy rights, contact [email protected] or submit a request through our Platform. We will verify your identity before processing requests.
10. European and UK Residents (GDPR/UK GDPR)
10.1 Legal Basis for Processing
For Creators in the EU/EEA/UK, we process personal data under the following legal bases: Contract performance (providing the Service per our Terms); Legitimate interests (security, fraud prevention, service improvement, and enforcing our Terms); Legal obligation (tax reporting, accounting, and regulatory compliance); and Consent (where specifically obtained, which may be withdrawn at any time).
10.2 Role as Data Processor
For End Customer Data, the Company acts as a data processor on behalf of the Creator (data controller). Processing is governed by our Data Processing Addendum (available upon request at [email protected]).
10.3 International Data Transfers
We are based in the United States. Personal data transferred from the EU/EEA/UK to the US is transferred pursuant to Standard Contractual Clauses (SCCs) approved by the European Commission, or other valid transfer mechanisms as applicable.
10.4 Data Protection Contact
For GDPR-related inquiries, contact [email protected].
11. Children’s Privacy
The Service is not directed to individuals under the age of thirteen (13), or under sixteen (16) in the EU/UK. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it promptly. Creators are solely responsible for ensuring that their storefronts and products comply with applicable children’s privacy laws, including COPPA and equivalent regulations.
12. Do Not Track
Some browsers transmit “Do Not Track” (DNT) signals. There is no industry standard for how websites should respond to DNT signals. We do not currently alter our data collection practices in response to DNT signals.
13. Cookies and Tracking Technologies
We use cookies and similar technologies for: Essential cookies (authentication, session management, security, checkout functionality); and Analytics cookies (aggregated usage patterns to improve the Service). You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Service from functioning properly. We do not use advertising or third-party tracking cookies.
14. AI-Enabled Commerce
Cultivate Shop exposes product catalog data (product names, descriptions, pricing, availability, and storefront metadata) to AI commerce channels, including Stripe Agentic Commerce Protocol and structured data for AI crawlers. End Customer personal information is not exposed to AI channels beyond what is strictly necessary to complete a specific, authenticated transaction initiated by an End Customer or their authorized AI agent.
15. Third-Party Services
The Service integrates with third-party services including Stripe, Cloudflare, DigitalOcean, and others. These third parties operate under their own privacy policies. We are not responsible for the privacy practices of third parties, and we encourage you to review their policies.
16. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated via email and in-platform notification at least fourteen (14) days before taking effect. Continued use of the Service after the effective date constitutes acceptance of the revised Policy.
17. Contact
Cultivate Print, LLCPoulsbo, WA
[email protected]
By using Cultivate Shop, you acknowledge that you have read and understood this Privacy Policy.