Plaid Attestation Demo

Privacy policy

How we handle your information

Effective 2026-05-13 · Last updated 2026-05-18

This privacy policy explains how The Apparel Lab (“TAL,” “we”) handles information collected through this store. Plaid Attestation Demo partners with TAL to run this store; TAL is the seller of record on every order and the party responsible for handling your personal information.

What we collect

When you place an order, we collect:

  • Your name, email address, and shipping address
  • The items you purchased and the order total
  • Payment confirmation metadata from Stripe — we do not see or store your full card number; Stripe handles that directly
  • Automatic information: approximate location from IP, device/browser info, and error telemetry (collected by Sentry to diagnose bugs)

How we use it

  • Process your payment through Stripe
  • Produce your order through our decorator network and ship it to you (or to Plaid Attestation Demo for pickup)
  • Send order confirmation, shipping notification, and any support communication
  • Calculate and remit applicable sales tax (Florida-bound orders)
  • Diagnose bugs, prevent fraud, and improve the product

We do notsell your personal information and we don’t use it for advertising on other sites.

Who we share it with

Only the service providers we need to operate the store, and only the minimum each provider needs:

  • Stripe — payment processing
  • Supabase — database and file storage
  • Vercel — web hosting
  • Resend — transactional email (order confirmations)
  • Sentry — error monitoring (sensitive fields scrubbed)
  • Our contract decorator — receives your name, shipping address, and ordered items only, for fulfillment

We may also share information when legally required (subpoena, court order) or to investigate fraud or abuse.

How we protect it

  • TLS 1.2+ encrypts every connection between your device and our services
  • AES-256 disk-level encryption at rest with our hosting providers
  • Role-based access controls and multi-factor authentication on all administrative dashboards
  • Sensitive financial fields (when applicable) are additionally encrypted at the application layer before being written to our database

No system is perfectly secure, but we apply industry-standard controls to the data we hold.

How long we keep it

  • Order records: 7 years (for sales tax and accounting retention)
  • Email delivery logs: per Resend’s default retention (~30 days)
  • Backups: rolling 7 days (Supabase point-in-time recovery)

Your rights

At any time you may:

  • Request access to the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information (subject to records we are legally required to retain, like tax records)

To exercise any of these rights, email brian@theapparellab.com from the email address on file. We acknowledge within 5 business days and complete within 30 days unless a longer period is required by law.

Depending on where you live, you may have additional rights under state law (CCPA, Florida Digital Bill of Rights, etc.). We honor these to the extent they apply.

Children

This store is intended for adult buyers. We don’t knowingly collect personal information from anyone under 13. If you believe a child has provided personal information through this store, contact us and we will delete it.

International users

We operate from the United States and our service providers store data in the United States. By placing an order from outside the U.S., you consent to that transfer. We currently only ship to U.S. addresses.

Changes

We may update this policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be communicated to studio partners; minor revisions take effect when posted.

Contact

Questions, deletion requests, or a suspected privacy issue: brian@theapparellab.com. Brian Davis, President — The Apparel Lab.

← Back to shop policies