LaserChili Privacy Policy

Effective Date: July 29, 2025

Last Updated: Aug 9, 2025

1. Introduction

LaserChili is a custom laser engraving manufacturer that creates personalized products for customers across multiple e-commerce platforms including Amazon, Etsy, and Shopify stores. This Privacy Policy describes how we collect, use, and protect personal information obtained through our platform integrations for the sole purpose of shipping custom-manufactured products directly to customers.

2. Information We Collect

2.1 E-Commerce Platform Integration

We collect customer information through authorized integrations with:
Amazon: Through Amazon's Selling Partner API (SP-API) for Amazon marketplace orders
Etsy: Through Etsy's Open API for Etsy marketplace orders
Shopify: Through Shopify's Admin API for Shopify store orders

2.2 Shipping Information Collected

We collect only the following information necessary for shipping your custom laser-engraved products:

Customer name (for delivery verification and package addressing)
Complete shipping address (street address, city, state, postal code, country)
Phone number (for carrier delivery coordination when required)
Email address (for shipping notifications and tracking updates)

2.3 Order Information

Order details and product specifications (for manufacturing)
Customization requirements (text, designs for laser engraving)
Order dates and status (for production scheduling)
We do NOT collect or store: Payment information, browsing history, marketing data, social media profiles, or any other personal information beyond what is necessary for shipping and manufacturing.

3. How We Use Your Information

3.1 Shipping and Manufacturing Only

Your personal information is used exclusively for:
Manufacturing: Creating your custom laser-engraved product according to specifications
Quality Control: Verifying customer names match personalization requests to prevent errors
Addressing: Printing shipping labels with correct delivery address
Carrier Coordination: Providing phone numbers to shipping carriers when required for delivery
Tracking Updates: Sending email notifications about production status and tracking information
Delivery Verification: Ensuring packages reach the correct recipient

3.2 Platform-Specific Usage

Amazon Orders: Information used in compliance with Amazon's Data Protection Policy
Etsy Orders: Information used in accordance with Etsy's API Terms of Use
Shopify Orders: Information used following Shopify's API License and Privacy Policy

4. Information Sharing - Shipping Partners Only

4.1 Limited Sharing for Delivery

We share your information only with shipping carriers for delivery purposes:
Shipping Companies: UPS, FedEx, USPS, and other authorized carriers receive name, address, and phone number solely for package delivery
Information Shared: Only the minimum information required for successful delivery
Geographic Coverage: Shipping partners may vary by destination country for international deliveries

4.2 What We Never Share

No marketing companies - We never share your information for advertising purposes
No data brokers - We never sell your information to third parties
No analytics companies - We don't share data for business intelligence
No social media platforms - We don't share information for social media marketing
No other manufacturers - We handle all production internally
No cross-platform sharing - Amazon customer data stays separate from Etsy/Shopify data

5. Data Security for Shipping Information

5.1 Protection Measures

We protect your shipping information with enterprise-grade security:
Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Control: Role-based access control with only authorized shipping personnel accessing customer addresses
Secure Systems: Protected servers with Web Application Firewall (WAF) and intrusion detection
Regular Monitoring: 24/7 security monitoring of systems handling shipping data
API Security: Secure token-based authentication for all platform integrations
Logging Security: Personally Identifiable Information (PII) is never stored in application logs. All logs are anonymized and contain no customer personal data.
Data Backups: All backups use AES-256 encryption. Backup retention follows the same 30-day maximum policy

5.2 Platform-Specific Security

Amazon Integration: Restricted Data Tokens (RDT) used for PII access
Etsy Integration: OAuth 2.0 authentication with encrypted API calls
Shopify Integration: Secure app authentication with encrypted data transmission

6. Data Retention - Short-Term Storage

6.1 Retention Period

We retain your shipping information for maximum 30 days after delivery only for:
Tracking delivery issues or lost packages
Processing returns or exchanges
Providing customer service for delivery questions
Compliance with platform-specific requirements

6.2 Automatic Deletion

After the retention period, all personal information is automatically and permanently deleted from our systems using secure deletion methods that prevent data recovery.

6.3 Platform Compliance

Amazon: Data retained in compliance with Amazon's Data Protection Policy
Etsy: Data handled according to Etsy's data retention guidelines
Shopify: Information managed per Shopify's privacy requirements

7. Your Privacy Rights

7.1 Customer Rights

Regardless of which platform you ordered through, you have the right to:
Access: Request information about what shipping data we have about your order
Correction: Request correction of any incorrect shipping address information
Deletion: Request deletion of your information after order completion (subject to delivery verification needs)
Portability: Request a copy of your personal information in a structured format
Contact: Reach us about any shipping privacy concerns

7.2 Exercising Rights

Contact us at:
Email: support@laserchili.com
Response Time: We will respond within 30 days

7.3 Platform-Specific Rights

EU Customers (GDPR): Full GDPR rights regardless of ordering platform
California Customers (CCPA): CCPA rights for all platform orders
Other Jurisdictions: Rights as provided by applicable local laws

8. Platform Integration Compliance

8.1 Amazon SP-API Compliance

We are authorized by Amazon to access customer shipping information through SP-API
We use Restricted Data Tokens (RDT) for secure PII access
We comply with all Amazon Data Protection Policy requirements
We report any security incidents to security@amazon.com within 24 hours
We do not use Amazon customer information for unauthorized marketing or advertising

8.2 Etsy API Compliance

We access customer information through Etsy's authorized Open API
We comply with Etsy's API Terms of Use and Developer Policy
We respect Etsy's community guidelines and seller policies
We use information solely for order fulfillment, not for competing marketplace activities

8.3 Shopify API Compliance

We integrate through Shopify's official Admin API with proper OAuth authentication
We comply with Shopify's API License and Privacy Policy
We follow Shopify's app development and data handling guidelines
We maintain Shopify's required security standards for customer data

8.4 Shopify App Data Processing

Order Processing: We automatically detect Shopify orders requiring laser engraving through our official Shopify app
Customer Communication: We send order updates and tracking information directly to customers via email
Store Integration: We sync order status and fulfillment information back to the Shopify store
Data Security: All Shopify store data is encrypted and processed through secure API connections

8.5 Shopify-Specific Data Rights

App Uninstall: All store and customer data is automatically deleted when you uninstall our Shopify app
GDPR Compliance: We handle customer data requests, corrections, and deletions for EU customers
Store Owner Control: You can request deletion of specific customer data through your Shopify admin
Data Export: We can provide exports of your store's data upon request

9. International Shipping and Data Transfers

9.1 Manufacturing Location

Our manufacturing facility is located in Georgia, United States. Customer information from all platforms may be processed in the United States solely for manufacturing and shipping coordination.

9.2 International Deliveries

For international shipping, we work with authorized carriers who may process your shipping information in: Country of origin (United States)
Transit countries (for routing and customs)
Destination country (for final delivery)

9.3 Data Protection Safeguards

We ensure appropriate safeguards for international transfers in compliance with GDPR, CCPA, and other applicable data protection laws.

10. Data Breach Notification

In the unlikely event of a security incident affecting your shipping information:
Customer Notification: We will notify affected customers within 72 hours
Platform Notification: We will immediately report to the relevant platform:
Amazon: security@amazon.com within 24 hours of incident detection
Etsy: Through Etsy's incident reporting process
Shopify: Through Shopify's security incident procedures
Regulatory Notification: We will notify applicable regulatory authorities as required by law
Remediation: We will take immediate steps to secure information and prevent delivery issues

11. Children's Privacy

Our services are intended for customers 18 years and older. We do not knowingly collect shipping information for customers under 13 years of age. If we become aware that we have collected information from a child under 13, we will take steps to delete that information promptly.

12. Contact Information

12.1 Privacy Questions

Email: support@laserchili.com

12.2 Shipping and Order Questions

Email: support@laserchili.com

12.3 Data Protection Officer

Email: support@laserchili.com

13. Policy Updates

We may update this Privacy Policy to reflect changes in:
Platform integration requirements
Shipping procedures
Legal requirements
Security measures
Any updates will be posted at this URL with an updated "Last Updated" date. For material changes, we will notify customers via email when possible.

14. Effective Date and Scope

This Privacy Policy is effective as of the date listed above and applies to all orders placed through:
Amazon marketplace
Etsy marketplace
Shopify-powered stores
Direct website orders
By placing an order for custom laser-engraved products through any of these platforms, you acknowledge that we will use your shipping information as described in this policy solely for manufacturing and delivering your personalized product.

15. Legal Compliance

This Privacy Policy and our data handling practices comply with:
Amazon's Data Protection Policy (DDP) and Acceptable Use Policy (AUP)
Etsy's API Terms of Use and Privacy Policy
Shopify's API License and Privacy Policy
General Data Protection Regulation (GDPR) for EU customers
California Consumer Privacy Act (CCPA) for California customers
Other applicable federal, state, and local privacy laws

Summary: Multi-Platform Privacy Protection

✅ Shipping-only use across Amazon, Etsy, and Shopify orders
✅ Platform-compliant with Amazon, Etsy, and Shopify requirements
✅ Secure integration through official APIs with proper authentication
✅ Short retention (31-90 days) then permanent deletion
✅ Carrier sharing only for delivery purposes
✅ No cross-platform data mixing - each order handled separately
✅ Global compliance with GDPR, CCPA, and other privacy laws
Questions about privacy across any platform? Email support@laserchili.com