POD Privacy policy

Last updated: April 21, 2026

Transfer Kingdom LLC ("Transfer Kingdom", "we", "our", or "us") operates the Shopify application Transfer Kingdom POD (the "App") and the website at transferkingdompod.com. This Privacy Policy explains what information we collect when a merchant installs the App, how we use it, and the choices that merchants and their customers have about that information.

The App is distributed to merchants at no cost. This policy, together with our Terms of Service, governs every interaction with the App and our website.

1. Who this policy applies to

  • Merchants — Shopify store owners who install the App from the Shopify App Store and use it to resell DTF transfers, gang sheets, and UV stickers fulfilled by Transfer Kingdom.
  • End customers — shoppers who place orders on a merchant's Shopify store that contain products fulfilled by the App.

Merchants remain the data controller for end-customer data that flows through our systems. Transfer Kingdom acts as a data processor under the merchant's instructions for the purpose of fulfilling orders.

2. Information we collect

2.1 Merchant account information

When a Shopify merchant installs the App, Shopify transmits to us:

  • Shop handle ({shop}.myshopify.com) and custom storefront domain.
  • Shop name, primary email, currency, and timezone.
  • The Shopify staff member who authorized the install (first name, last name, email, account-owner flag).

We receive an offline access token from Shopify so the App can read and write the data described in Section 3. The token is encrypted with AES-256-GCM before it is stored at rest.

2.2 Order and shipping information

For each Shopify order that contains a Transfer Kingdom POD line item, we receive:

  • Shopify order id, order number, status, financial status, and fulfillment status.
  • Line items produced by the App, including design references, quantities, and size variants.
  • Shipping address, billing address, customer name, email, and phone number — required so our US production facility can print, pack, and ship the order.
  • Design artwork uploaded by the customer through the designer (stored in US-based object storage behind signed URLs).

2.3 Technical and diagnostic information

  • Webhook delivery metadata (topic, shop, timestamps, Shopify delivery id) used for idempotency and audit.
  • Application logs containing structured events. No customer PII is logged (see Section 6).
  • Error traces captured by our error-monitoring provider.

2.4 Information we do not collect

  • Payment card numbers or any PCI-scope payment data — Shopify Checkout processes all payments.
  • Shopify Billing / subscription data — the App is free and does not call the Shopify Billing API.
  • Browsing behavior, cross-site tracking cookies, or advertising identifiers.

3. Shopify scopes we request

The App requests only the scopes it needs to fulfill orders:

  • read_orders, write_orders — fetch incoming orders and attach fulfillment references.
  • read_products, write_products — publish POD products and keep variants in sync.
  • read_fulfillments, write_fulfillments — create shipments and push tracking back to Shopify.
  • read_merchant_managed_fulfillment_orders, write_merchant_managed_fulfillment_orders, read_assigned_fulfillment_orders, write_assigned_fulfillment_orders, read_third_party_fulfillment_orders, write_third_party_fulfillment_orders — required by the modern fulfillmentCreate API.
  • read_inventory, write_inventory — manage POD-location inventory tracking.
  • read_shipping, write_shipping, read_locations, write_locations — set up the dedicated TK delivery profile and POD fulfillment location.
  • read_publications, write_publications — publish TK products to the Online Store sales channel.
  • read_purchase_options, write_purchase_options — required by Shopify's delivery-profile APIs.
  • read_themes — detect whether the "Create Gang Sheet" theme app block is installed on the active product template. We do not modify theme files or theme settings.

We do not request read_customers or any scopes unrelated to fulfillment.

4. How we use the information

  • Deliver the core fulfillment service (print → QC → pack → ship).
  • Route orders to the correct production queue and warehouse.
  • Push tracking events back to Shopify so the merchant and the end customer can follow the shipment.
  • Provide merchant support when a merchant contacts us about a specific order.
  • Detect abuse and protect the integrity of our systems.
  • Issue monthly wholesale invoices to the merchant for production and shipping costs.

We never sell, rent, or share personal data with third parties for their own marketing.

5. Sub-processors

We use the following sub-processors, each under a data-processing agreement:

Purpose Vendor Location
Cloud infrastructure Railway (AWS) USA
Object storage Amazon S3 USA
Error monitoring Sentry USA
Log aggregation Axiom USA
Transactional email Amazon SES USA

A current list is available on request at support@transferkingdom.com.

6. Security

  • All public endpoints are protected with TLS 1.2 or higher. HSTS is enabled on every *.transferkingdompod.com subdomain.
  • Shopify offline access tokens and any future OAuth refresh tokens are encrypted at rest using AES-256-GCM with a 32-byte master key managed outside of the database.
  • Access to production data is limited to a small number of named engineers and is audited.
  • Logs are structured (JSON) and scrubbed of customer PII. We never log emails, phone numbers, full addresses, or payment data.
  • Shopify webhooks are HMAC-verified at the edge and deduplicated via X-Shopify-Webhook-Id before any domain logic runs.

7. Data retention

  • Orders and shipments: retained for seven (7) years to satisfy US tax and commercial record-keeping requirements.
  • PII inside orders (customer name, email, phone, address): redacted immediately upon receipt of Shopify's customers/redact webhook or upon a verified request from the merchant or the end customer.
  • Webhook audit logs: retained for up to ninety (90) days and then purged.
  • Application logs: retained for thirty (30) days.
  • Shop-level data: fully anonymized within thirty (30) days of receiving Shopify's shop/redact webhook.

8. GDPR and Shopify privacy webhooks

We honor Shopify's mandatory compliance webhooks for every install:

  • customers/data_request — we produce an export of every order that matches the requested customer and surface it to the merchant within 30 days.
  • customers/redact — we overwrite the customer's name, email, phone, and address on every matching order and emit an audit event.
  • shop/redact — 48 hours after uninstall we anonymize all order PII for the shop and mark the connection as redacted.

Non-Shopify data-subject requests can be sent to support@transferkingdom.com and we respond within thirty (30) days.

9. Children

The App is not directed at children under 13, and we do not knowingly collect personal data from children. Merchants must ensure their storefronts comply with applicable child-privacy laws.

10. Changes to this policy

We will announce any material change to this policy at least 30 days before it takes effect via an email to the merchant's Shopify contact email and a notice inside the embedded app.

11. Contact us