California Privacy Notice

CCPA / CPRA Supplement

Last updated — April 7, 2026
California Residents Only

—

Notice

This California Privacy Notice supplements our main Privacy Policy and applies solely to California residents ("consumers") under the California Consumer Privacy Act as amended by the California Privacy Rights Act (together, "CCPA"). Terms defined in the CCPA have the same meaning here.

—

Who We Are

GLITZ&GRAF AGENCY SRL
Calea Moșilor 88, District 3, Bucharest, Romania

We sell made-to-order (print-on-demand) goods via glitzandgraf.com and may use third-party fulfillment partners (including Printify network providers) and service providers (e.g., Shopify, payment processors, analytics/ads partners).

Notice at Collection

We collect, use, and retain personal information for business and commercial purposes described below. We may sell or share certain categories (as those terms are defined by the CCPA) for cross-context behavioral advertising unless you opt out (see §5 and Your Privacy Choices link in our footer).

Category	Examples	Sources	Purposes	Sold/Shared for Ads?	Retention
A. Identifiers	name, email, IP, order ID, device IDs	from you (checkout/forms); automatically (site/app); service providers	fulfill orders; account communications; fraud/security; analytics; marketing	May share email/IP/online identifiers with ads/analytics partners (unless you opt out)	Orders up to 10 years (tax/accounting); marketing IDs until opt-out or 24 months inactivity
B. Customer Records Cal. Civ. Code §1798.80(e)	billing/shipping address; limited payment info (token/last 4; we do not receive full card numbers)	from you; payment processor	checkout & fulfillment; fraud prevention; accounting	No	Tax/accounting up to 10 years; otherwise as needed for service/legal
D. Commercial Information	products viewed/purchased; discounts used; order history	from you; automatically; service providers	customer service; personalization; analytics; marketing; fraud	May share hashed/email-based signals with ads partners (unless you opt out)	Same as A
F. Internet/Network Activity	device/browser info; pages viewed; clicks; cookie IDs; approximate location inferred from IP	automatically; service providers	site operations; security; analytics; marketing; debugging	May share cookie/identifier data for cross-context ads (unless you opt out or decline marketing cookies)	Up to 24 months (or shorter where possible)
G. Geolocation approximate	coarse location (city/region) inferred from IP	automatically; service providers	locale, tax settings; fraud/security; analytics	May share with analytics/ads partners (unless you opt out)	Up to 24 months
SPI Sensitive Personal Information	We do not intentionally collect SPI (e.g., SSN, precise geolocation, health, union, race). Payment card details are processed by our payment processor.	n/a	n/a	No	n/a

Important

We do not use or disclose Sensitive Personal Information for inferring characteristics.

Financial incentive: We may offer discounts or promotions (e.g., first-purchase codes). See §7.

You can opt out of sale/share at any time via Do Not Sell or Share My Personal Information or by sending a Global Privacy Control (GPC) signal in your browser. We honor GPC for that browser/device.

How We Use Personal Information

We use personal information to: provide our site and services; process and deliver orders; support customers; detect and prevent fraud/security incidents; debug and improve functionality; measure and analyze performance; personalize content; provide marketing/advertising (including cross-context advertising, subject to opt-out); comply with legal obligations; and support internal operations (audit, accounting, governance).

We do not knowingly collect personal information from children under 13, and we do not knowingly sell/share personal information of consumers under 16.

Disclosures to Service Providers

We disclose personal information to service providers/contractors under written agreements restricting use to the services we request (e.g., hosting/platform, payment processing, fulfillment/shipping, analytics, advertising partners acting at our direction, customer communications, security/fraud).

We may also disclose information in connection with a business transfer, or as required by law.

Your CCPA Rights

Subject to exceptions, California residents have the right to:

Know/Access — request the categories and specific pieces of personal information we collected about you in the last 12 months, the sources, purposes, and recipients (including sale/share).
Delete — request deletion of personal information we collected from you.
Correct — request correction of inaccurate personal information.
Opt-Out of Sale/Share — direct us not to sell or share your personal information for cross-context behavioral advertising.
Limit Use/Disclosure of SPI — where SPI is collected, limit its use/disclosure to permitted purposes (not applicable here).
Non-Discrimination — we will not discriminate against you for exercising CCPA rights.

How to exercise your rights

Submit requests at: /pages/your-privacy-choices or email ccpa@glitzandgraf.com or cpra@glitzandgraf.com.

For Do Not Sell or Share, use the same page or enable Global Privacy Control (GPC) in your browser.

Verification: we will reasonably verify your identity (e.g., email verification, order metadata). If you use an authorized agent, we may require proof of authorization and verification of your identity.

Timing: we respond within 45 days, extendable once by 45 days where reasonably necessary (with notice).

Scope: Access disclosures cover the 12-month look-back; we may honor requests beyond 12 months where required by law.

If we deny your request in whole or in part, we will explain the reasons. California law does not require us to provide a formal appeal process; however, you may re-submit with additional information for reconsideration.

Sale/Share Opt-Out & GPC

Some of our use of cookies and similar technologies for advertising/analytics may be considered "sale" or "sharing" under CCPA. You can:

Click Do Not Sell or Share My Personal Information and follow the instructions; and
Enable the Global Privacy Control (GPC) in your browser.

We treat a valid GPC signal as a request to opt out of sale/share for that browser and device.

If you clear cookies, switch browsers, or use a different device, you may need to opt out again (unless logged in and we can persist your preference).

Data Retention

We retain personal information only as long as necessary for the purposes described in this Notice or as required by law (e.g., tax/accounting).

Where we cannot delete due to legal obligations (e.g., fraud prevention, regulatory requirements), we retain only as long as necessary and delete or de-identify thereafter.

Notice of Financial Incentive

From time to time we may offer promotions, discounts, or benefits (e.g., first-purchase codes, newsletter perks) that could be considered a financial incentive under the CCPA.

Participation — voluntary and requires opt-in (e.g., by redeeming the code or subscribing).
Material terms — basic contact information (e.g., email) may be required; used for marketing and administration.
Value of data — estimated in good faith based on collection/retention costs and marketing revenue generated (varies).
Withdrawal — unsubscribe anytime or email ccpa@glitzandgraf.com / cpra@glitzandgraf.com. You may still use services without participating.

We do not offer loyalty pricing that is unjust, unreasonable, coercive, or usurious.

"Shine the Light"

California residents may request a list of third parties to whom we disclosed personal information for their direct marketing in the preceding calendar year (if any), and the categories disclosed.

To request, email ccpa@glitzandgraf.com or cpra@glitzandgraf.com with subject line: "Shine the Light Request."

Do Not Track

We do not respond to browser Do Not Track (DNT) signals. We do honor Global Privacy Control (GPC) as described in §5.

Updates to this Notice

We may update this Notice to reflect changes in our practices or the law. We will post the updated version with a new Effective date. Material changes will be highlighted where appropriate.