Privacy policy

Legal · Privacy

Your data, handled with care.

We collect what we need to ship your order, support you when something goes wrong, and improve the things you actually use. Nothing more.

♦   Effective April 24, 2026
Shipping Returns & Refunds Privacy Terms of Service
0
Data Sold
PCI
Payment Tokenized
GDPR
EU Rights
CCPA
CA Rights

Jump to a section

TrueShih ("TrueShih", "we", "us" or "our") operates trueshih.com. This Privacy Policy explains what information we collect, how we use it, and your choices about that information. By using our site or buying from us, you agree to the practices described below.

1Data inventory

What we collect

Information you give us

  • Order details: name, shipping address, billing address, email, phone number, items purchased.
  • Account details (if you create one): email, password (hashed), saved addresses, order history.
  • Payment details: card number, expiry, CVV. We never see or store your raw card number — this is collected and tokenized directly by Shopify Payments / Stripe (PCI-DSS Level 1 certified).
  • Communications: the content of emails, support tickets, chat messages, and survey responses you send us.
  • Marketing opt-ins: email address and consent timestamp if you subscribe to our newsletter.

Information we collect automatically

  • Device & browsing: IP address, browser type, operating system, referring URL, pages viewed, time on page, search terms.
  • Cookies & pixels: see "Cookies" below.
  • Approximate location: derived from your IP for shipping availability and currency display.
2Purpose

How we use it

Purpose What this looks like
Fulfill your order Process payment, ship to your address, send tracking emails.
Customer support Reply to your questions, handle returns, investigate claims.
Improve our products & site Aggregate analytics on what pages and products people engage with.
Marketing (with consent) Newsletters, abandoned-cart reminders, restock alerts.
Fraud prevention Verify orders, block stolen-card attempts, protect against chargebacks.
Legal compliance Tax records, customs documentation, responding to lawful requests.
3Third parties

Who we share with

We do not sell your personal data

We share only what's needed with vetted service providers, and only for the purposes above.

Shopify Inc.

E-commerce platform & checkout — storefront and admin hosting.

Shopify Payments / Stripe

Payment processing. PCI-DSS Level 1 certified.

AutoDS & CJ Dropshipping

Order routing and fulfillment to our supplier network.

Carriers

USPS, DHL, FedEx, UPS, and regional last-mile partners — for delivery and tracking.

Email service providers

Transactional and marketing email delivery.

Analytics & advertising

Google Analytics 4 (aggregated). Meta & TikTok Pixel only with your consent.

We may also disclose information to legal authorities when required by law, subpoena, or to protect rights and safety.

4Tracking

Cookies & tracking

We use cookies and similar technologies for three reasons:

  • Strictly necessary — cart contents, login state, fraud prevention, currency. These can't be turned off.
  • Analytics — aggregated, anonymized stats on how the site is used.
  • Marketing — only if you consent. Used by Meta and TikTok to measure ad performance.

You can manage marketing cookies through our cookie banner, your browser settings, or by visiting youronlinechoices.com (EU) / optout.aboutads.info (US).

5How long

Data retention

Data type Retention period
Order & tax records 7 years (US/EU tax law requirement)
Account data While account is active; deleted within 90 days of closure
Marketing data Until you unsubscribe (then suppressed on do-not-mail list)
Anonymized analytics Up to 26 months in Google Analytics
6Control

Your rights

Depending on where you live, you may have the right to:

Access your data Correct inaccuracies Delete (right to be forgotten) Object / restrict processing Portable data copy Withdraw marketing consent

To exercise any of these, email info@trueshih.com from the address associated with your order. We'll respond within 30 days.

EU/UK residents (GDPR)

Our legal bases are: contract (processing your order), legitimate interest (fraud prevention, basic analytics), consent (marketing cookies, newsletters), and legal obligation (tax records). You have the right to lodge a complaint with your local data protection authority.

California residents (CCPA/CPRA)

You have the right to know what personal information we collect, request deletion, and opt out of any "sale" or "sharing" of personal information. We do not sell personal information for money. We share limited identifiers with advertising partners only when you consent — you can opt out via our cookie banner or by emailing us.

7Cross-border

International transfers

TrueShih is operated from the United States. If you are visiting from outside the US, your data will be transferred to and processed in the US and other countries where our service providers operate. Where required by law, transfers rely on Standard Contractual Clauses or other appropriate safeguards.

8Minors

Children's privacy

TrueShih is not directed to children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, email us and we'll delete it.

9Safeguards

Security

We use industry-standard safeguards: TLS encryption in transit, hashed passwords, tokenized payment data via PCI-DSS Level 1 processors, and access controls limiting staff access to need-to-know. No system is 100% secure, but we work hard to protect your information.

10Updates

Changes to this policy

We'll update this policy from time to time. Material changes will be highlighted on this page with a new effective date. We'll notify newsletter subscribers by email of significant changes.

Privacy concerns?

We'll respond within one business day.

For data requests, deletion, opt-outs, or any privacy concern.

Email info@trueshih.com →