LINESHEET

Legal

Privacy Policy

Effective Date: May 23, 2026

This Privacy Policy explains how Linesheet, Inc. (“LINESHEET”, “we”, “us”, or “our”) collects, uses, discloses, and otherwise processes information about you when you visit our websites, use our applications, communicate with us, or otherwise interact with the services we make available at linesheet.io and any subdomains (collectively, the “Service”).

This Privacy Policy is incorporated into and governed by our Terms of Service. If you do not agree with this Privacy Policy, please do not use the Service.

1. Introduction

LINESHEET is a software platform and online wholesale marketplace that connects fashion brands with retail buyers. We take privacy seriously and have written this policy in plain language so you can understand what information we collect about you, why we collect it, who we share it with, and the choices you have.

This policy applies to information collected through (a) our websites at linesheet.io and any subdomains, (b) our web application, (c) emails and other communications we send you, and (d) any other interaction you have with us. It does not apply to information collected by third-party sites or services that link to or integrate with the Service; their data practices are governed by their own privacy policies.

2. Information We Collect

2.1 Information You Provide to Us

We collect information you provide directly to us, including:

  • Account information: when you sign up, your email address, password (stored as a salted hash), and the role you select (Brand or Retailer).
  • Brand profile: business name, founded year, location, bio, social media handles, website URL, categories, aesthetic tags, logo files, and product catalogue.
  • Retailer profile: store name, location, store type, categories you carry, billing and shipping addresses, tax and resale-certificate information, and net-terms applications.
  • Product and linesheet content: product photos, names, descriptions, prices (wholesale and MSRP), MOQs, fabric content, sizing, stock levels, SKUs, packs, tags, and any other information you publish to your storefront or linesheets.
  • Order and transaction information: purchase orders, line items, quantities, totals, shipping addresses, payment terms, confirmation and shipment status, tracking numbers, and order communications.
  • Messages and communications: direct messages between Brands and Retailers, support requests, and any other content you send through the Service.
  • AI inputs and prompts: text, images, URLs, and other content you submit to AI features (such as the AI photo studio, AI sales draft, brand-aesthetic analyzer, and follow-up sequences), and the AI outputs generated from them.
  • Payment information: we do not store full credit card numbers, CVV codes, or bank account numbers. Our payment processor (Stripe) collects and stores that information directly. We receive limited payment metadata such as the last four digits of the card, card brand, billing ZIP code, payout balance, and transaction status.
  • Identity and verification information: for certain features (e.g. enabling payouts via Stripe Connect), Stripe collects identity information on our behalf including legal name, date of birth, government ID, and tax identification number. We do not directly store this information.
  • Free linesheet generator submissions: if you use our free linesheet generator, we collect the email and brand name you provide along with the product photos and pricing you submit, and we add you to a leads database so we can follow up with you about LINESHEET.
  • Marketing preferences: if you sign up for our newsletter or otherwise opt into marketing communications, we record your preferences and unsubscribe status.

2.2 Information We Collect Automatically

When you use the Service we automatically collect certain information about your device and activity, including:

  • Device and connection information: IP address, browser type and version, operating system, language preference, referring URL, the pages you view, the dates and times of your visits, time-zone setting, and approximate location derived from your IP address.
  • Usage information: the features you use, the actions you take, the order, frequency, and duration of your sessions, error logs, performance metrics, and other telemetry useful for debugging and improving the Service.
  • Email engagement: when you receive transactional or marketing email from us, we may log when you open the email and click links, using standard pixel and click-tracking technology provided by our email delivery provider.
  • Cookies and similar technologies: see Section 14 below.

2.3 Information from Third Parties

  • Payment processor: Stripe provides us with transaction status, payout balance, dispute notifications, and other payment metadata necessary to operate the marketplace.
  • Shipping carriers: when you purchase a label through the Service, our shipping integration returns label IDs, tracking numbers, and status updates from the chosen carrier (such as USPS, UPS, or FedEx).
  • Single sign-on / OAuth providers: if you connect third-party services (such as Google Calendar) we receive the data you authorize those services to share, in accordance with the permissions you grant.
  • Analytics and error tracking: our analytics and error-monitoring providers may provide us with aggregated usage and error information, including pseudonymous identifiers.
  • Public data and referrals: if a Brand invites a Retailer (or vice versa), we receive the email and name the inviter provides so we can route the invitation.

3. How We Use Information

We use the information we collect for the following purposes:

  • Provide and operate the Service. Create and manage your account, render your storefront and linesheets, connect Brands with Retailers, process orders and payments, generate shipping labels, deliver messages, and otherwise make the Service work.
  • Power AI features. Generate product photos, sales drafts, follow-up sequences, brand-voice summaries, and similar outputs using third-party AI providers. Inputs and generated outputs are kept associated with your account so you can review and reuse them.
  • Communicate with you. Send transactional emails (order confirmations, password resets, security alerts, billing receipts), respond to your support requests, send onboarding tips, and (if you opt in) send newsletters, product updates, and other marketing messages.
  • Improve the Service. Understand how users interact with the Service, debug and resolve technical issues, measure feature performance, develop new features, and conduct internal research and analytics.
  • Personalize the Service. Tailor content (such as marketplace suggestions, featured brands, and AI prompts) based on your role, history, and preferences.
  • Protect the Service and users. Detect, prevent, and respond to fraud, abuse, security incidents, spam, and violations of our Terms of Service or applicable law; enforce our Acceptable Use Policy; and protect the rights, property, and safety of LINESHEET, our users, and the public.
  • Comply with legal obligations. Respond to legal process; meet tax, accounting, audit, and recordkeeping requirements; cooperate with law enforcement; and otherwise comply with applicable law.

4. Legal Bases for Processing (EU/UK)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR and UK GDPR for our processing of your personal data:

  • Contract. We process your information to perform our contract with you (the Terms of Service) or to take steps at your request before entering into a contract — for example to create your account, process orders, or deliver paid features.
  • Legitimate interests. We process information for our legitimate interests in operating, securing, and improving the Service, marketing our services to existing customers, and preventing fraud, where those interests are not overridden by your rights and freedoms.
  • Consent.Where required, we process information based on your consent (which you can withdraw at any time without affecting prior processing) — for example for non-essential cookies, certain marketing communications, or special-category data.
  • Legal obligation. We process information to comply with legal obligations such as tax law, accounting requirements, and responses to legal process.

5. How We Share Information

We share information in the following circumstances:

  • With other users. The Service is inherently two-sided. Information you choose to publish on a brand storefront, a linesheet, or a product listing is visible to other users in accordance with your visibility settings. Connection requests, messages, and orders are shared with the counterparty user as part of the transaction. Retailer information (store name, contact, shipping/billing address, PO number) is shared with Brands you order from; Brand information (linesheet, prices, MOQ, payment terms) is shared with Retailers you accept.
  • With service providers (subprocessors). We share information with third-party vendors who help us run the Service, listed in Section 6. These providers are contractually required to protect your information and use it only to provide services to us.
  • For legal reasons. We may disclose information if we believe in good faith that disclosure is necessary to comply with a law, regulation, legal process, governmental request, or to investigate suspected violations of our Terms; to protect the rights, property, or safety of LINESHEET, our users, or the public; or to enforce our Terms.
  • Business transfers. If LINESHEET is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you and provide an opportunity to make choices regarding your information where required by law.
  • With your consent. We may share information for any other purpose with your consent.
  • Aggregated or de-identified information. We may share information that has been aggregated or de-identified such that it cannot reasonably be used to identify you, for any lawful purpose.

We do not sell your personal information for monetary consideration, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under California law.

6. Categories of Service Providers

We engage trusted third-party service providers (sometimes called “subprocessors”) to help us operate the Service. We require each provider to maintain appropriate security and privacy protections, to process personal information only on our instructions, and to comply with applicable data-protection laws. The categories of providers we use, and the data they handle on our behalf, include:

CategoryPurpose
Cloud infrastructure & hostingHosting the website and application, serving requests over a global edge network, running serverless functions, and storing primary application data.
Database, authentication & file storageStoring account data, profile information, product catalogues, linesheets, messages, and uploaded media; authenticating users; enforcing per-user data access controls.
Payment processingProcessing subscription billing and marketplace transactions, facilitating brand-to-retailer payouts, verifying merchant identity, and handling chargeback and dispute workflows.
Shipping & logisticsLooking up carrier rates, purchasing shipping labels, and providing tracking updates from common carriers.
Email deliverySending transactional and marketing emails, tracking opens and link clicks, and managing unsubscribe preferences.
AI inferenceGenerating AI outputs from inputs you provide, including product photography, sales-draft messages, brand-voice summaries, and follow-up sequences.
Analytics & product telemetryMeasuring product usage, feature adoption, errors, and performance to operate and improve the Service.
Optional third-party integrationsServices you connect to your account (such as a calendar provider) that exchange data with the Service at your direction.

A current list of the specific service providers within each category is available on request by emailing legal@linesheet.io. From time to time we may add, replace, or remove providers. Material updates will be reflected in this section and the effective date will be updated accordingly.

7. International Data Transfers

LINESHEET is based in the United States and most of our subprocessors are located in the United States. If you access the Service from outside the United States, your information will be transferred to, processed, and stored in the United States and potentially other countries. These countries may have data protection laws that differ from those in your country.

Where required by law, we rely on appropriate safeguards for international transfers of personal data, including the Standard Contractual Clauses adopted by the European Commission and the UK International Data Transfer Addendum, supplemental measures as appropriate, and the EU–US Data Privacy Framework (and its UK and Swiss extensions) where our subprocessors are certified.

8. Data Retention

We retain personal information for as long as needed to provide the Service and to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The actual retention period depends on the type of information and our legal obligations, and includes:

  • Account information: retained for as long as your account is active and for a reasonable period afterward to support reactivation, resolve disputes, and meet our legal obligations.
  • Transaction and order records: retained for at least seven (7) years from the date of the transaction to meet US tax, accounting, and audit requirements.
  • Communications: retained for as long as necessary to operate the Service and to comply with our legal obligations.
  • Marketing data: retained until you unsubscribe and for a short period afterward to honor your suppression request.
  • Free linesheet generator submissions: retained for up to twenty-four (24) months unless you request earlier deletion.
  • Server logs and analytics: retained for up to twenty-six (26) months in identifiable form, and may be retained longer in aggregated or de-identified form.
  • Backups: retained for a rolling period (typically thirty (30) days) and overwritten on rotation.

When personal information is no longer needed, we will either delete it, anonymize it, or, if neither is possible (for example because information has been stored in backup archives), securely store the information and isolate it from further use until deletion is possible.

9. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Access. Request a copy of the personal information we hold about you.
  • Correction. Ask us to correct inaccurate or incomplete information.
  • Deletion. Ask us to delete your personal information, subject to certain exceptions (such as our need to retain records for tax or legal reasons).
  • Portability. Receive a copy of certain information in a structured, commonly used, machine-readable format and transmit it to another controller.
  • Object or restrict. Object to or restrict certain processing, including direct marketing.
  • Withdraw consent. Where we rely on your consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Complain. Lodge a complaint with a supervisory authority in your jurisdiction (e.g. your local data protection authority in the EU/UK).

To exercise these rights, email legal@linesheet.io from the email address associated with your account and describe your request. We will respond within the timeframe required by applicable law. We may need to verify your identity before fulfilling certain requests.

10. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), provides you with additional rights regarding personal information we collect about you.

10.1 Categories of Personal Information Collected

In the last twelve (12) months we may have collected the following categories of personal information about California residents:

  • Identifiers— name, email address, IP address, account ID, brand or store name.
  • Customer records (Cal. Civ. Code § 1798.80(e)) — billing address, shipping address, payment information.
  • Commercial information— orders, products purchased or considered, transaction history.
  • Internet or electronic network activity— browsing history within the Service, search history within the Service, interactions with our website and emails.
  • Geolocation data— approximate location inferred from IP address.
  • Professional or employment-related information — for Retailer accounts, your store role and business details.
  • Inferences— preferences, characteristics, and behavior derived from the categories above.
  • Audio, electronic, visual, or similar information — product photos and other media you upload.

10.2 Sources, Purposes, and Disclosures

We collect each category from the sources, for the purposes, and disclose each category to the recipients described elsewhere in this Privacy Policy (see Sections 2, 3, 5, and 6).

10.3 Sale and Sharing

We do not sell personal information for monetary consideration and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.

10.4 Your CCPA Rights

Subject to certain exceptions, California residents have the right to:

  • Know what categories and specific pieces of personal information we have collected about them, the sources, the business purposes, and the third parties with whom we share personal information.
  • Request deletion of personal information we have collected from them.
  • Request correction of inaccurate personal information.
  • Opt out of any sale or sharing of personal information (we do not sell or share, as described above).
  • Limit the use of sensitive personal information (we do not use sensitive personal information beyond the purposes permitted without the right to limit).
  • Be free from unlawful discrimination for exercising these rights.

To exercise any of these rights, email legal@linesheet.io. You may also designate an authorized agent to make a request on your behalf; the agent must provide written authorization from you and we may require you to verify your identity directly.

10.5 California “Shine the Light”

California Civil Code § 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes.

11. EU/UK Privacy Rights

For purposes of the GDPR, the data controller of personal information collected through the Service is Linesheet, Inc., contactable at legal@linesheet.io.

In addition to the rights described in Sections 9 and 10 above, residents of the European Economic Area, the United Kingdom, and Switzerland have the right to:

  • Obtain confirmation of whether and how we process your personal data;
  • Receive a copy of your personal data in a portable format;
  • Withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing prior to withdrawal);
  • Object to processing based on legitimate interests, including profiling for direct marketing;
  • Restrict processing in certain circumstances;
  • Lodge a complaint with a supervisory authority in your country of residence, place of work, or place of the alleged infringement.

We do not engage in solely automated decision-making that produces legal or similarly significant effects about you.

12. Children

The Service is intended for use by businesses and is not directed to children under the age of sixteen (16). We do not knowingly collect personal information from anyone under sixteen. If you are a parent or guardian and believe your child has provided us with personal information, please contact legal@linesheet.io and we will take steps to delete such information.

13. Security

We take reasonable administrative, technical, and physical measures designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • HTTPS / TLS encryption for all data in transit;
  • Passwords stored as salted hashes; we never store plaintext passwords;
  • Row-Level Security policies in our database to restrict access to data on a per-user basis;
  • Access controls, audit logging, and least-privilege principles for our internal staff and contractors;
  • Vendor security reviews of our subprocessors;
  • Regular dependency updates and security monitoring.

No method of transmission over the internet or method of electronic storage is one hundred percent secure, however. We cannot guarantee absolute security, and you provide information to the Service at your own risk. If we become aware of a personal data breach, we will notify you and the appropriate regulators as required by applicable law.

14. Cookies & Tracking Technologies

We use cookies and similar technologies (such as local storage and pixels) to operate the Service, remember your preferences, analyze usage, and improve performance. The categories we use include:

  • Strictly necessary cookies. Required to authenticate you, remember your session, hold your locale preference, secure the Service against CSRF attacks, and provide other essential functionality. Cannot be disabled without breaking the Service.
  • Functional cookies. Remember choices you make (such as the language toggle, demo unlock status) so we can present the Service in the form you prefer.
  • Analytics cookies. Help us understand how users interact with the Service, including page views, click paths, feature adoption, and error rates. These cookies may be set by us or by an analytics service provider acting on our behalf.
  • Email pixels. Our email delivery provider embeds tracking pixels in emails we send so we can see when an email is opened and which links are clicked.

You can configure your browser to refuse cookies or to alert you when cookies are being sent; instructions are available in your browser's help documentation. If you disable cookies, some parts of the Service may not function properly. Most analytics services offer their own opt-out tools (for example, browser add-ons that disable a particular analytics tracker across all sites); we will provide the name of our current analytics provider on request to legal@linesheet.io so you can use any opt-out tools they offer.

15. Do Not Track

Some browsers offer a “Do Not Track” (DNT) signal. There is no industry standard for how online services should respond to DNT signals, and the Service does not currently change its behavior based on DNT signals. We will continue to evaluate industry consensus as it evolves.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email (using the address on file) or by posting a prominent notice on the Service before the changes take effect. The “Effective Date” at the top of this Privacy Policy indicates when it was last updated. Your continued use of the Service after the effective date of an updated Privacy Policy constitutes your acceptance of the updated terms.

18. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you would like to exercise your rights described above, please contact us:

Linesheet, Inc.
Attn: Privacy
Email: legal@linesheet.io
Website: https://linesheet.io