Privacy Policy

American Heroes Apparel
Effective Date: April 15, 2026
Last Updated: Jan 7, 2026

1. Introduction and Scope

American Heroes Apparel ("AHA," "we," "us," or "our") is a Pennsylvania corporation dedicated to honoring first responders, military personnel, and their families through premium custom-printed apparel, accessories, and home décor. This Privacy Policy describes how we collect, use, disclose, and protect personal information when you visit our website at www.amheroesapparel.com (the "Site"), place an order, subscribe to our communications, or otherwise interact with us.

This Policy applies to all visitors and customers regardless of geographic location. Residents of California are entitled to additional rights under the California Consumer Privacy Act (CCPA), and residents of the European Economic Area (EEA) may have additional rights under the General Data Protection Regulation (GDPR). Those rights are addressed in dedicated sections below.

By accessing the Site or completing a purchase, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any term, please discontinue use of the Site.

2. Controller / Business Identity

The data controller and business responsible for your personal information is:

American Heroes Apparel
Philadelphia, Pennsylvania, United States
Website: www.amheroesapparel.com
Email: privacy@amheroesapparel.com

3. Information We Collect

We collect personal information through multiple channels. The categories of information we may collect include, but are not limited to, the following:

3.1 Information You Provide Directly

• Full name, shipping and billing address, city, state, ZIP code, and country
• Email address and telephone number
• Payment card details (processed and tokenized by Shopify Payments; AHA does not store raw payment card data)
• Order details, product selections, and customization preferences
• Communications you send to us via email, contact forms, or social media
• Contest, giveaway, or survey entries

3.2 Information Collected Automatically

When you visit the Site, certain technical information is collected automatically through cookies, pixel tags, and similar tracking technologies:

• IP address, browser type and version, device type, and operating system
• Pages viewed, time spent on pages, referral URLs, and click-path navigation
• Geolocation data derived from your IP address (country/region level)
• Session identifiers and Shopify analytics events (add-to-cart, checkout initiated, purchase completed)

3.3 Information from Third Parties

• Meta (Facebook/Instagram): We use the Meta Pixel to receive aggregated ad performance data and to build custom and lookalike audiences for advertising.
• Google: We use Google Analytics and Google Ads conversion tracking.
• Printful: Our fulfillment partner receives the name, shipping address, and order details necessary to produce and ship your order.
• Shopify: Our e-commerce platform provider processes transactions, stores order history, and provides fraud analysis services.

4. How We Use Your Information

4.1 Order Fulfillment and Customer Service

• To process, fulfill, and ship orders placed on the Site
• To communicate order confirmations, shipping notifications, and tracking updates
• To respond to customer service inquiries, returns, and refund requests
• To maintain records required by applicable law (e.g., tax records)

4.2 Marketing and Advertising

• To send promotional emails, product announcements, and exclusive offers to subscribers who have opted in
• To retarget website visitors and prior purchasers through Meta Advantage+ and Google Ads campaigns
• To build custom and lookalike audiences on Meta for prospecting campaigns
• To measure advertising effectiveness, ROAS, and campaign ROI

4.3 Site Improvement and Analytics

• To analyze traffic patterns, conversion funnels, and user behavior to improve site performance and UX
• To conduct A/B testing on product pages, checkout flows, and ad creatives
• To identify and resolve technical errors

4.4 Legal and Safety

• To comply with applicable federal, state, and local laws and regulations
• To detect and prevent fraudulent transactions and unauthorized access
• To enforce our Terms of Service and protect AHA's legal rights

5. Legal Basis for Processing (GDPR — EEA Residents)

For individuals in the European Economic Area, our legal bases for processing personal data under the GDPR are as follows:

• Contract performance: Processing necessary to fulfill your order and deliver your purchase.
• Legitimate interests: Analytics, fraud prevention, and direct marketing to existing customers, where not overridden by your fundamental rights.
• Consent: Sending marketing emails and deploying non-essential cookies, where we have obtained your explicit opt-in.
• Legal obligation: Retaining transaction records as required by applicable tax law.

You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. See Section 10 for how to exercise your rights.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to operate and improve the Site and to serve relevant advertising. Categories of cookies we deploy include:

• Strictly Necessary Cookies: Required for the Site to function (e.g., shopping cart, checkout session). These cannot be disabled.
• Performance/Analytics Cookies: Google Analytics cookies that collect pseudonymous usage data to help us understand how visitors interact with the Site.
• Marketing/Advertising Cookies: The Meta Pixel and Google Ads conversion tags that allow us to measure ad performance and retarget visitors on external platforms.
• Functional Cookies: Cookies that remember your preferences (e.g., currency, region).

You may manage or disable non-essential cookies through your browser settings or through our cookie consent banner. Note that disabling certain cookies may affect Site functionality. For opt-out options specific to Google, visit: https://tools.google.com/dlpage/gaoptout. For Meta ad preferences, visit: https://www.facebook.com/ads/preferences.

7. Disclosure of Personal Information

We do not sell, rent, or trade your personal information to third parties for their own independent marketing purposes. We may disclose your information in the following limited circumstances:

7.1 Service Providers (Data Processors)

• Shopify Inc. — e-commerce platform, payment processing, fraud analysis (shopify.com/legal/privacy)
• Printful Inc. — print-on-demand production and order fulfillment (printful.com/policies/privacy)
• Google LLC — analytics and advertising measurement (policies.google.com/privacy)
• Meta Platforms, Inc. — advertising pixel and audience targeting (facebook.com/policy.php)
• Zoho Corporation / Google Workspace — transactional and marketing email delivery

7.2 Legal Requirements and Protection of Rights

We may disclose information if required to do so by law, subpoena, court order, or regulatory authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of AHA, our customers, or others.

7.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, personal information may be transferred to the acquiring entity. We will notify you via prominent notice on our Site or by email prior to any such transfer and the assumption of a materially different privacy policy.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law:

• Order and transaction records: Retained for a minimum of seven (7) years to comply with Pennsylvania and federal tax record-keeping requirements.
• Email marketing records: Retained until you unsubscribe, at which point marketing data is suppressed within 10 business days.
• Analytics and cookie data: Retained in accordance with the applicable platform's default retention settings (Google Analytics: up to 26 months; Meta Pixel: up to 180 days event data retention).
• Customer service communications: Retained for three (3) years from the date of last contact.

When personal information is no longer needed, we will securely delete or anonymize it in accordance with applicable law.

9. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information, including:

• SSL/TLS encryption for all data transmitted between your browser and the Site (HTTPS)
• Shopify's PCI DSS-compliant payment processing infrastructure (raw card data is never stored on AHA servers)
• Role-based access controls limiting employee access to personal data to those with a legitimate business need
• Periodic review of third-party vendor security practices

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by applicable law.

10. Your Privacy Rights

10.1 All Customers

Regardless of location, you have the right to:

• Opt out of marketing emails by clicking the "Unsubscribe" link in any email communication or by contacting us at privacy@amheroesapparel.com
• Request access to the personal information we hold about you
• Request correction of inaccurate or incomplete personal information
• Request deletion of your personal information, subject to our legal retention obligations

10.2 California Residents — CCPA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). To submit a CCPA request, contact us at privacy@amheroesapparel.com. We will respond within 45 days.

10.3 EEA Residents — GDPR Rights

If you are located in the EEA, you have the following rights under the GDPR. To exercise any GDPR right, contact us at privacy@amheroesapparel.com. You also have the right to lodge a complaint with your local supervisory authority.

11. Children's Privacy

The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@amheroesapparel.com and we will promptly delete such information from our records in accordance with the Children's Online Privacy Protection Act (COPPA).

12. Third-Party Links

The Site may contain links to third-party websites, social media platforms (Facebook, Instagram), and partner organizations (including charitable affiliates). This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit. AHA is not responsible for the privacy practices or content of such sites.

13. International Data Transfers

American Heroes Apparel is operated from the United States. If you are accessing the Site from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country. For EEA residents, where personal data is transferred to the United States, we rely on Standard Contractual Clauses approved by the European Commission, or other appropriate safeguards recognized under GDPR Article 46, as implemented through our service providers (Shopify, Meta, Google, Printful).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will post the revised policy on this page with an updated "Last Updated" date. For material changes, we will provide more prominent notice (such as an email notification to registered customers or a banner on the Site). Your continued use of the Site following the posting of any changes constitutes acceptance of the updated terms.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

American Heroes Apparel
Philadelphia, Pennsylvania, United States
Email: privacy@amheroesapparel.com
Website: www.amheroesapparel.com

Together As One
American Heroes Apparel | www.amheroesapparel.com
© 2026 American Heroes Apparel. All rights reserved.