// Legal

Privacy Policy

Last updated: May 2026 · United States only · Washington State

    Plain English summary: We collect only what we need to print and ship your order: your name, email, shipping address, and what you bought. Stripe handles your card details (we never see them). We don't sell your data, we don't run ad-tracking pixels, and we don't share your info with anyone except the services we need to actually run the business (listed in detail below). If you live in California, you have specific rights under CCPA. See §08.
  

// On this page

What we collect
What we don't collect
How we use it
Third-party services
Cookies & local storage
How long we keep data
Security
Your rights (CCPA)
Children's privacy
Changes to this policy
Contact us

// 01

What We Collect

We collect different information depending on what you're doing on the site.

When you place an order:

Your name and email address.
Your shipping address.
Optionally, your phone number and any order notes you choose to add.
The model(s), part colors, and add-ons you selected.
A small image of your color-customized preview, generated in your browser and stored alongside the order so we have a record of what to print.
Payment details, but only via Stripe, which processes the card on its own servers. We never see or store your card number. We get back a Stripe payment ID, the last 4 digits of the card, and the brand (Visa/etc.) for our records.

When you submit a custom request: name, email, optional Discord handle, a description of what you want, your budget, and any reference files (images or 3D model files) you choose to attach.

When you submit a photo to the Customer Gallery: the email you submit with, the model name, the photo itself, and optionally your first name and city/state. We then look up your most recent order matching the email to pre-fill the colors used. This happens automatically and saves you from re-entering them.

When you use the contact form: your name, email, and message.

Automatically, as you browse:

Your IP address, used short-term to enforce per-minute request limits on our API endpoints. Not stored long-term against your identity.
Anonymous page-view counts via Vercel Web Analytics, which is cookieless and does not fingerprint you.
If something on the site throws an error, Sentry collects the error message and a stack trace. Our Sentry setup is configured to scrub PII from these reports. Email addresses, names, addresses, phone numbers, and Stripe payment IDs are replaced with [scrubbed] before the report leaves your browser.

// 02

What We Don't Collect

Your card number, CVV, or expiration. Card details are entered directly into Stripe's iframe inside the checkout page. They never touch our servers.
Cross-site tracking data. We do not run Google Analytics, Meta Pixel, TikTok Pixel, advertising-network cookies, or any other third-party tracker that follows you across the web.
Demographic or interest data. We don't build profiles, infer interests, or sell ad audiences. We're a small print shop, not an ad network.
Information from minors under 13. See §09.

// 03

How We Use What We Collect

We use the information you give us strictly to operate the shop:

To produce and ship your order to the address you provided.
To email you order confirmations, status updates ("printing", "quality check", "shipped"), and tracking numbers.
To respond to your contact-form messages, custom requests, and gallery submissions.
To process refunds or reprints in the rare cases covered by our Returns & Refunds policy.
To enforce per-IP rate limits and detect abuse on our public API endpoints.
To debug and fix the site when something breaks.

We do not use your information for marketing, retargeting, or "looks like you" audiences.

// 04

Third-Party Services We Use

To run the business we hand limited data to the providers listed below. Each one has its own privacy policy, and we've linked them so you can read theirs too. We chose each provider because they treat customer data seriously (most are major US infrastructure companies with formal compliance programs).

Service	What they get	Why
Stripe	Card details, name, email, shipping address, order amount	To charge your card and handle refunds. PCI-DSS Level 1.
Vercel	Hosts the site; sees request IPs and basic logs	Website hosting and serverless functions (our entire backend).
Upstash (Vercel KV)	Order records: name, email, address, items, colors, status	Our order database. Hosted in the US.
Vercel Blob	Order preview images, QC photos, custom-request file uploads, gallery photo uploads	Image storage. Served from public URLs but the URLs themselves are non-guessable.
Resend	Recipient email, sender name, message body of transactional emails	Sends order confirmations, status updates, and custom-request replies.
Sentry	Error messages and stack traces with PII scrubbed before send	So we hear about bugs before customers do.
Discord	Order details posted to our owner-only internal channel: name, email, address, items, color choices	How we get notified of new orders in real time. Messages live in a private server only the owners can see.
Google Workspace	Inbound email to `hello@them3dprintguys.com`; replies sent from the same address	Email hosting.
USPS	Your shipping address and name on the label	To physically deliver your order.

We do not sell, rent, or share your personal information with anyone outside of this list, except when required by law (subpoena, court order) or to protect the rights, safety, or property of Them 3D Print Guys, our customers, or others.

// 05

Cookies & Local Storage

We use very little browser storage and no tracking cookies.

Local storage: Your cart contents and in-progress color customizations live in your browser's localStorage so they survive page reloads. This data never leaves your device until you actually place an order. The customization snapshot expires after 14 days.
Vercel Web Analytics: Cookieless. Counts anonymous page views; does not identify you across sessions or sites.
Stripe.js: When you reach the checkout step, Stripe's script may set its own cookies to prevent payment fraud. We don't control these. See Stripe's cookie policy.
No advertising or analytics trackers beyond Vercel's cookieless analytics.

// 06

How Long We Keep Data

Order records: kept indefinitely so we can support repeat orders, process refunds or reprints, respond to disputes, and meet US tax-record retention rules. You can request deletion at any time (see §08).
Order preview images and QC photos: kept indefinitely alongside the order record. Same deletion path.
Custom-request file uploads: kept indefinitely. Same deletion path.
Gallery submissions: kept indefinitely once approved and added to the public gallery. If you want a photo removed, contact us.
Contact-form messages: live in our Google Workspace inbox; kept until manually deleted.
Sentry error reports: retained 30 days then auto-deleted by Sentry.
Rate-limit IP counters: auto-expire after 60 seconds.

// 07

Security

Practical steps we take:

The entire site is served over HTTPS with strong TLS. We use HSTS so browsers refuse to even attempt an unencrypted connection.
Card data flows directly from your browser to Stripe through Stripe Elements, so it never passes through our servers, and we can't lose what we don't have.
We verify Stripe webhook signatures and re-calculate every order's price server-side to prevent tampering.
Admin endpoints are password-gated, rate-limited, and password checks use timing-safe comparison.
Error reports to Sentry are scrubbed of emails, names, phone numbers, addresses, and Stripe IDs before the report leaves your browser.
We use modern security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy) on every response.

No system is 100% secure, but we take reasonable, modern precautions and revisit them regularly.

// 08

Your Rights (CCPA · California Residents)

If you live in California, the California Consumer Privacy Act (CCPA) gives you specific rights regarding your personal information. Even if you don't live in California, we'll honor most of these on request. We don't think the protections should depend on your ZIP code.

Right to know. You can ask us what personal information we have about you, where we got it, what we use it for, and who we've shared it with.
Right to delete. You can ask us to delete your personal information. We may keep records required by US tax law or to resolve a pending dispute, but everything else we can remove.
Right to correct. If something we have about you is wrong, you can ask us to fix it.
Right to opt out of "sale" or "sharing". We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of, but you can confirm this with us at any time.
Right to non-discrimination. We will not deny you service, charge you differently, or give you a worse experience for exercising any of these rights.

How to make a request: Send a message through our contact form or email hello@them3dprintguys.com with the subject line "Privacy request" and tell us what you'd like to do. We may need to verify your identity (usually by confirming the email address tied to your order). We respond within 45 days.

// 09

Children's Privacy

Our site is not directed at children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe we have inadvertently collected information from a child under 13, contact us and we will delete it promptly.

// 10

Changes to This Policy

We may update this policy as the business changes, for example if we add a new third-party service or change retention windows. When we make a material change, we'll update the "Last updated" date at the top of this page. For significant changes that affect existing customers, we'll send a notice by email. Continued use of the site after changes means you accept the updated policy.

// 11

Questions about this policy, a privacy request, or anything privacy-adjacent? We'd rather hear from you than have you wonder. Send us a message:

Contact Form → hello@them3dprintguys.com

Them 3D Print Guys · Washington State, USA · United States