Skip to main content

Privacy Policy

Last updated: May 18, 2026

Go Custom Merch (“Go Custom Merch,” “we,” “our,” or “us”) provides custom merchandise, apparel, promotional products, and fulfillment services to businesses nationwide, including a hosted client portal for inventory management and order fulfillment. This Privacy Policy explains what information we collect, how we use it, who we share it with, and what choices you have about that information.

This policy applies to information collected through www.gocustommerch.com (our “marketing site”) and through the Go Custom Merch Client Portal at www.gocustommerch.com/portal (the “Portal”), collectively the “Services.” Where we act as a service provider on behalf of a business customer (e.g., processing recipient data uploaded by a Portal client), the business customer's privacy policy may also apply to you.

1. Information We Collect

Information you provide directly

When you contact us through our marketing site, request a quote, or place an order, we collect the information you submit, which may include your name, business email address, phone number, company name, shipping address, project description, and any attachments (such as logo files or design references).

Portal account information

When you are invited to use the Portal, we collect your name, email address, profile image (if you provide one), and role within your organization. Authentication is handled by our identity provider, Clerk, which may collect additional authentication-related data on our behalf (such as session tokens, password hashes, and login timestamps). Clerk's privacy practices are governed by Clerk's Privacy Policy.

Recipient data uploaded by Portal clients

Portal clients may upload data about their employees, customers, or other third parties for the purpose of fulfilling and shipping orders (a “Recipient”). This may include the Recipient's name, mailing address, email address (when provided), department or team, and apparel size. Recipients are generally not our direct users; we process Recipient data only as a service provider on behalf of the Portal client, who is the controller of that data. Recipients should contact the Portal client (their employer or sponsor) regarding their privacy rights.

Order, shipping, and inventory data

When orders are placed through the Portal, we collect order details (items, quantities, shipping addresses, ATTN labels, order notes, tracking numbers, and order status history). When Portal clients send inventory to our warehouse, we collect inventory records describing those goods.

Information collected automatically

When you visit our Services, we automatically collect technical information such as your IP address, browser type and version, device type, operating system, referring URL, pages viewed, actions taken, and timestamps. We use this information to operate, secure, and improve the Services.

2. How We Use Information

We use the information described above to:

  • Respond to inquiries, quotes, and customer support requests;
  • Provide, operate, maintain, and improve the marketing site and the Portal;
  • Process and ship orders, including arranging carrier delivery and providing tracking information;
  • Send transactional communications (order confirmations, shipping notifications, low-inventory alerts to client administrators, invitation emails);
  • Bill Portal clients and reconcile payments through our accounting and invoicing systems;
  • Detect, prevent, and respond to fraud, security incidents, and abuse of the Services;
  • Comply with legal obligations and enforce our Terms of Service.

4. How We Share Information

Sub-processors and service providers

We share personal information with third-party service providers who perform services on our behalf under written agreements that require them to protect the information. Our current sub-processors include:

  • Clerk (authentication and identity management)
  • Neon (managed PostgreSQL database hosting)
  • Vercel (web application hosting, edge delivery, image and file storage via Vercel Blob, and product analytics via Vercel Analytics and Speed Insights)
  • Resend (transactional email delivery)
  • Sanity (content management for our marketing site)
  • Shipping carriers (UPS, USPS, FedEx, DHL, and other carriers) for fulfilling shipments. Recipient name and address are shared with the selected carrier as required to deliver the parcel.
  • QuickBooks (Intuit, Inc.) for invoicing and accounting, when Portal client billing is processed through QuickBooks.

We may update our list of sub-processors from time to time. The version posted on this page is current.

Business transfers

If we are involved in a merger, acquisition, financing, or sale of assets, personal information may be transferred as part of that transaction. We will give notice before personal information is transferred and becomes subject to a different privacy policy.

Legal compliance and protection

We may disclose personal information when we believe in good faith that disclosure is required to comply with applicable law, respond to lawful requests from public authorities, protect our rights or property, prevent fraud, or protect the safety of any person.

We do not sell personal information

We do not sell personal information for monetary consideration, and we do not share personal information for cross-context behavioral advertising as those terms are defined under California law.

5. Data Retention

We retain personal information for as long as is necessary to fulfill the purposes described in this policy, including providing the Services, complying with our legal obligations (such as tax and accounting requirements), resolving disputes, and enforcing our agreements.

  • Order and shipping records: retained for at least seven (7) years for tax, accounting, and warranty purposes.
  • Portal account data: retained for the duration of the Portal client's active contract plus ninety (90) days after termination, after which we delete or anonymize account records unless legal retention applies.
  • Marketing-site inquiries: retained for up to three (3) years from last contact, then deleted.
  • Server logs and security data: retained for up to twelve (12) months.

6. Data Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit (TLS), encryption at rest for our database and file storage, role-based access controls, secrets management, audit logging, and regular review of access. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

If we become aware of a security breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

7. Your Privacy Rights

Residents of the United States

Depending on where you live, you may have rights under state privacy laws including the California Consumer Privacy Act (CCPA, as amended by the CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, and similar laws. These rights generally include:

  • The right to know what personal information we collect, use, and share;
  • The right to access a copy of your personal information;
  • The right to request correction of inaccurate information;
  • The right to request deletion of your personal information, subject to exceptions;
  • The right to opt out of the sale or sharing of personal information (we do not sell or share personal information as defined under these laws);
  • The right to non-discrimination for exercising your rights.

To exercise these rights, contact us at orders@gocustommerch.com. We will respond within the period required by applicable law. We may need to verify your identity before completing your request. You may also designate an authorized agent to act on your behalf.

Recipients of orders shipped through the Portal

If you are a Recipient whose information was uploaded to the Portal by a Portal client (e.g., your employer), the Portal client is the controller of your personal information. Please direct privacy requests to the Portal client. We will assist them in responding as required by our agreements with them.

Residents of the EU, UK, or other regions

If you are in the European Economic Area, the United Kingdom, or another region whose laws grant you privacy rights, you may have rights to access, rectify, erase, restrict, port, or object to processing of your personal information, and to lodge a complaint with your local supervisory authority. Contact us at orders@gocustommerch.com to exercise these rights.

8. Cookies and Analytics

We use cookies and similar technologies to operate the Services, remember your preferences, keep you signed in, and analyze how the Services are used. We use Vercel Analytics and Vercel Speed Insights, which collect aggregated, privacy-friendly metrics (page views, performance data, country-level location) without setting third-party advertising cookies. You can control cookies through your browser settings, but disabling them may impair some features of the Services.

9. Children's Privacy

The Services are not directed to children under 16, and we do not knowingly collect personal information from children under 16. If we learn that we have collected such information, we will delete it. If you believe a child has provided us with personal information, please contact us at orders@gocustommerch.com.

10. International Data Transfers

We are based in the United States. If you access the Services from outside the United States, your information will be transferred to, processed, and stored in the United States, which may have data protection laws different from those of your country. By using the Services, you consent to the transfer of your information to the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where required by law, notify you. Continued use of the Services after a change indicates acceptance of the revised policy.

12. Contact Us

If you have questions or requests about this Privacy Policy or our privacy practices, contact us at:

Go Custom Merch
Minneapolis, MN
Email: orders@gocustommerch.com
Phone: (612) 293-9283

Portal clients with signed Master Service Agreements and Data Processing Agreements should refer to those documents for controlling terms regarding the handling of their data and the data of their Recipients. See our Terms of Service for additional information about how the Services may be used.