Privacy Policy
Last updated: March 21, 2026
1. Introduction
dtf.market ("we", "us", "our") operates the dtf.market website and marketplace platform. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform.
By using dtf.market, you consent to the practices described in this policy. If you do not agree, please discontinue use of the Platform.
2. Information We Collect
2.1 Information You Provide
- Account information: Name, email address, password (hashed), store name (vendors)
- Order information: Shipping address, billing address, phone number
- Payment information: Processed and stored by Stripe — we do not store credit card numbers
- Vendor information: Business name, payout details (via Stripe Connect), uploaded designs and listing content
- Communications: Emails, support requests, and feedback you send us
2.2 Information Collected Automatically
- Usage data: Pages visited, search queries, click patterns, time spent on pages
- Device data: Browser type, operating system, screen resolution, device identifiers
- Network data: IP address, approximate geographic location, referring URL
- Cookies: Session cookies for authentication, preference cookies for site functionality (see Section 7)
2.3 Information From Third Parties
- Stripe: Payment confirmation, transaction status, payout details
- OAuth providers: If you log in via Google or other social login, we receive your name and email
- Error tracking (Sentry): Anonymized error reports to improve platform stability
3. How We Use Your Information
We use your information to:
- Process and fulfill your orders
- Manage your account and provide customer support
- Process vendor payouts via Stripe Connect
- Send transactional emails (order confirmations, shipping updates, delivery notifications)
- Improve our Platform, search functionality, and user experience
- Detect and prevent fraud, abuse, and IP infringement
- Comply with legal obligations (tax reporting, DMCA compliance, law enforcement requests)
- Enforce our Terms of Service and IP Policy
4. How We Share Your Information
We do not sell your personal information. We share information only as follows:
| Recipient | Data Shared | Purpose |
|---|---|---|
| Stripe | Payment & payout details | Payment processing, vendor payouts |
| Fulfillment partner (CustomHub) | Shipping address, order details, design files | Printing and shipping orders |
| Resend (email) | Email address, name, order details | Transactional email delivery |
| Sentry | Anonymized error data | Error tracking and platform stability |
| Meilisearch | Listing data (public content only) | Search functionality |
| DigitalOcean Spaces | Uploaded design files | File storage and CDN delivery |
| Law enforcement | As required by law | Legal compliance, court orders, subpoenas |
5. Data Retention
- Account data: Retained while your account is active. Deleted within 90 days of account deletion request, except as required by law.
- Order data: Retained for 7 years for tax and legal compliance.
- Vendor design files: Deleted within 30 days of listing removal, except as needed to fulfill existing orders.
- DMCA/IP records: Retained for the duration required by law (minimum 3 years).
- Server logs: Retained for 90 days, then automatically deleted.
6. Data Security
We implement industry-standard security measures:
- All data transmitted over HTTPS/TLS encryption
- Passwords hashed using bcrypt (never stored in plaintext)
- Payment data handled entirely by Stripe (PCI DSS compliant) — never touches our servers
- Database access restricted to authorized services only
- Regular security reviews and updates
No system is 100% secure. If we discover a data breach affecting your personal information, we will notify you within 72 hours as required by applicable law.
7. Cookies
We use the following types of cookies:
- Essential cookies: Required for authentication, cart functionality, and security. Cannot be disabled.
- Functional cookies: Remember your preferences (theme, recently viewed items).
- Analytics cookies: Help us understand how you use the Platform to improve it.
We do not use third-party advertising or tracking cookies. We do not participate in cross-site tracking or sell data to ad networks.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your personal data (subject to legal retention requirements)
- Portability: Request your data in a machine-readable format
- Opt-out: Unsubscribe from marketing emails at any time (transactional emails cannot be opted out of)
- Restriction: Request restriction of processing in certain circumstances
To exercise any of these rights, contact us at privacy@dtf.market. We will respond within 30 days.
8.1 California Residents (CCPA)
California residents have additional rights under the California Consumer Privacy Act. You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.
8.2 EEA/UK Residents (GDPR)
If you are in the European Economic Area or United Kingdom, our legal bases for processing are: contract performance (fulfilling orders), legitimate interest (platform improvement, fraud prevention), legal obligation (tax compliance, DMCA), and consent (marketing emails).
9. Children's Privacy
dtf.market is not intended for children under 18. We do not knowingly collect personal information from anyone under 18. If we learn we have collected data from a child, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify users of material changes via email or a prominent notice on the Platform. Continued use after changes constitutes acceptance.
11. Contact
For privacy-related questions or to exercise your rights:
- Privacy inquiries: privacy@dtf.market
- General support: support@dtf.market