Privacy policy

Privacy Policy for Sonoran Printing LLC

Last Updated: July 13, 2025

Sonoran Printing LLC (“Sonoran Printing,” “we,” “us,” or “our”) is a Phoenix, Arizona-based union print shop operated by Sutton & Smart Group. We provide printing services to customers across all 50 U.S. states primarily via our Shopify-powered online storefront. We are committed to protecting your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. By using our services or website, you agree to the terms of this Privacy Policy. We strive to comply with applicable U.S. privacy laws and maintain flexibility for our business operations, while safeguarding your personal data.

Information We Collect

We collect personal information that you provide directly to us, information generated through your use of our site, and information from third parties as needed. This includes:

  • Contact and Account Information: When you place an order or create an account, we collect information such as your name, email address, phone number, billing and shipping addresses, company/organization (if applicable), and any account login credentials.

  • Order and Payment Information: When making purchases, our Shopify storefront (and its payment processors) collects payment details (e.g., credit card number, expiration date) and order details (products ordered, customization details, order date and amount). Note: Payment information is processed securely via third-party payment processors and we generally do not store full credit card numbers on our own systems.

  • Artwork and Content Uploads: If you upload files or content for printing (such as artwork designs, logos, images, or document files), we collect and store those files to fulfill your order. This also includes any voter data files or mailing lists you might provide for direct mail campaigns. Such files may contain personal information about third parties (e.g., names, addresses, voter registration data).

  • Communications: If you communicate with us (for example, by emailing martin@sonoranprinting.com, calling our support line, or using website forms), we will collect the information you provide in those communications (such as inquiries, feedback, and any contact info you provide).

  • Marketing Preferences: If you opt in to receive marketing emails or SMS messages, we will collect information about your preferences (e.g., the fact that you subscribed, your consent, and your interactions with our messages).

  • Online Activity and Device Information: Like most websites, we gather certain information automatically when you interact with our online store. This may include your IP address, browser type, device identifiers, pages or products viewed, referring site, and timestamps. We also use cookies and similar tracking technologies (like web beacons or pixels) to collect data about your browsing actions and usage patterns on our site (see Cookies and Tracking below for details).

We may also receive information from third parties in some cases. For instance, if you are referred to us by a partner or if you login via a social network account, we could receive your information from those sources. Additionally, Shopify (our e-commerce platform) provides us with data necessary to process your orders and manage your shopping cart and account on our site.

Sensitive Information: In general, we do not seek to collect sensitive personal data (such as Social Security numbers, driver’s license numbers, or financial account logins) through our website. Please refrain from submitting such sensitive data to us unless it is absolutely necessary for a service (for example, tax-exemption documentation or union verification in special cases). If you do provide sensitive data, we will handle it with appropriate care and security.

How We Collect Information

We collect personal information through various interactions, including:

  • Directly from You: Most information is collected when you directly provide it to us. For example, you fill out forms on our website (to place an order, request a quote, or subscribe to updates), upload files, or communicate with us via email, phone, or chat. Participation in any promotional offers, surveys, or contests we run is also voluntary, and you will provide information at your discretion in those cases.

  • Through Our Website and Cookies: When you browse our site or make a purchase, we (and third-party analytics or advertising partners) use cookies, pixels, and similar technologies to automatically collect technical data about your device and browsing actions. Cookies help the site function (e.g., keeping you logged in or remembering your cart) and allow us to understand how you use our site, so we can improve your experience and marketing. We also use web beacons (tiny graphic images) in our marketing emails to track open rates or clicks, helping us gauge campaign effectiveness.

  • From Third-Party Services: If you integrate or interact with a third-party service in connection with our site, those services may send us certain information. For example, if we enable “Shop Pay” or other accelerated checkout options, those services will share the necessary data to complete transactions. Likewise, if you opt to login via Google or Facebook (if such feature is available), we receive basic profile information as permitted by those providers. We may also receive updated address information from shipping carriers or address verification services to ensure our records are correct.

  • Indirectly from Customers (Third-Party Data): In cases where a customer uploads personal data that is not about themselves but about others (for instance, uploading a voter file or direct mail list containing names and addresses of voters or constituents for a print mailing campaign), we collect that information as a data processor on behalf of the customer. We expect that you have the proper authority or consent to provide such third-party personal data to us. We will use this information only for the purpose of fulfilling the requested service (e.g., printing and mailing campaign materials to those addresses) and for no other independent purposes, in accordance with this Policy and applicable law. We do not add third-party names from your uploaded lists to our own marketing databases without their consent.

Purpose of Use: How We Use Your Information

We use the collected information for a variety of legitimate business purposes. The primary purposes include:

  • Order Fulfillment and Service Delivery: We use personal information to process and fulfill your orders for printing services. This includes producing the printed products, processing payments, providing order confirmations and invoices, shipping products to the provided address, and communicating with you about the status of your order. For example, we’ll use your shipping address to deliver your printed materials, and your email or phone number to send order updates or ask clarifying questions about your artwork.

  • Customer Support and Communication: Information is used to provide customer service and support. We may use your contact info to respond to inquiries, handle any issues with your order, or follow up on feedback. If you reach out for help, we will reference your records (orders, communications history) to assist you more effectively. We also may send you administrative emails or messages (for example, if we update our terms or privacy policy, or if there’s a critical notice about a service interruption or product recall).

  • Personalization and User Experience: We may use data about your past orders or browsing behavior to personalize your experience on our website. For instance, we might remember your preferences or recommend products that align with what you’ve ordered before. This helps make our interactions more relevant to you.

  • Marketing and Promotions: With your consent (where required), we use contact information (such as email or phone number) to send promotional communications about our products and services. This can include newsletters, special offers, new product announcements, or cross-promotional offers from our affiliated Sutton & Smart Group companies. For example, because Sonoran Printing is part of a broader family of political consulting and campaign service companies, we may inform you about related services (like campaign strategy consulting, canvassing, or digital marketing provided by our sister companies) that we believe could benefit your organization. Note: You have control over marketing messages – see Marketing Communications & Choices below on how to opt in or out.

  • Analytics and Improvement: We use usage data (collected via cookies and logs) to understand how our website and services are used. This helps us troubleshoot performance issues, debug errors, and make informed decisions about improving site navigation, product offerings, and user interface. For instance, we might analyze which pages are most visited or how users progress through our order form, in order to streamline the process. We also measure the effectiveness of our advertising (e.g., seeing if an online ad campaign led to orders) to allocate resources wisely.

  • Security and Fraud Prevention: Personal information may be used to protect our business, customers, and partners from fraud, abuse, or other malicious activities. For example, we might use certain data to verify identity, detect security incidents, or prevent unauthorized access to accounts. If you use our site, we may log and analyze IP addresses or device information to help identify and block suspicious behavior. We also reserve the right to use personal data as needed to enforce our terms and policies, and to investigate or prevent illegal activities (such as suspected fraud with a payment or misuse of our services).

  • Legal Compliance: We may process and retain personal information to comply with our legal and regulatory obligations. For instance, we maintain records of transactions for accounting and tax purposes. If we send out union-printed political mailers, we may need to keep records as required by election laws or postal regulations. Additionally, if we receive a lawful subpoena or request from law enforcement, we might use relevant data to respond as required by law.

  • Other Business Purposes: We could use data in other ways that are compatible with the purposes above. For example, we might aggregate and anonymize your information to generate statistical insights (like total sales by state or industry) which no longer identify any individual. Such aggregated data may be used for business analytics, marketing insight, or shared with others (like in advertising about how many pieces we’ve printed for campaigns nationwide) – but without revealing personal details. If we intend to use your personal information for a purpose that is materially different from the purposes listed in this Policy, we will notify you and obtain consent when necessary.

We will not use the personal information we collect for unrelated, incompatible purposes without updating this Policy and, if required, obtaining your consent.

How We Share Information

Sonoran Printing shares personal information with third parties only in the ways described below. We do not sell personal data to unaffiliated companies for their own profit or independent use – we do not exchange your information for money with data brokers or telemarketers. However, some of our data sharing (for example, with our sister companies or with advertising partners) may be considered a “sale” or “share” under certain broad privacy laws like the California Consumer Privacy Act (CCPA). We outline your rights regarding such sharing in the Your Rights section. The categories of third parties with whom we share data include:

  • Affiliates and Sister Companies: We are part of the Sutton & Smart Group, which includes various companies providing political consulting, campaign strategy, direct mail services, canvassing, digital marketing, and more. We may share your information with our affiliated companies for business purposes and cross-promotion. For example, if you use our printing services for a political campaign, we might share your contact information or project details with Sutton & Smart Group’s consulting division or other sister companies so they can offer or provide related services (such as campaign consulting or SMS outreach that complements your printing project). Any such sharing will be done in line with this Privacy Policy, and our sister companies are expected to protect your data and use it only for consistent purposes (e.g., offering integrated services to you).

  • Service Providers (Processors): We use trusted third-party companies to perform functions on our behalf, and we need to share information with them to facilitate our services. These include:

    • E-commerce Platform: Our online storefront is built on Shopify, which hosts our website and shopping cart. Shopify processes personal data (including your name, email, shipping address, and order details) to enable our online transactions. They store data on our behalf and are contractually prohibited from using it except to support our store. (See Shopify’s own privacy policy for details on their data practices).

    • Payment Processors: We rely on third-party payment processors (for example, Shopify Payments, Stripe, PayPal, or credit card companies) to securely process your payments. Your payment card details go directly to these processors; we receive a confirmation of payment and limited information (like the last four digits of your card, card type, and billing address) for record-keeping. These processors are PCI-DSS compliant and are authorized to use your payment info only as needed to process your transactions.

    • Shipping and Fulfillment Partners: We share necessary details with shipping carriers and logistics providers (such as USPS, UPS, FedEx, or freight companies) to deliver your orders. This information typically includes your name, shipping address, and in some cases phone/email (for delivery updates). If your order involves warehousing or third-party printing partners (for overflow capacity or specialty products), we will also share only the information required to produce and deliver your items (e.g., artwork files and relevant order info).

    • Marketing and Communication Platforms: We use third-party platforms to help manage our communications. For example, we may use an email marketing service (like Mailchimp, SendGrid, or Klaviyo) to send newsletters or promotional emails. If you opt in to SMS messages, we use SMS gateway services (like Twilio or others) to send those texts. These service providers will process your contact information and message content on our behalf to execute our communications with you. They are not allowed to use your data for their own marketing.

    • Analytics and Advertising Partners: We utilize analytics tools (such as Google Analytics) to understand site traffic and improve our website. These tools may receive certain data about your device and browsing via cookies or scripts on our site. We may also use advertising partners or platforms (like Facebook/Meta, Google Ads, or others) to reach customers and “lookalike” audiences. For instance, we might share a hashed version of your email or phone number with a platform like Facebook to help create a custom audience for Sonoran Printing ads (the platform matches this to its users, showing our ads to people with similar interests). These platforms are instructed not to use that data for their own purposes beyond serving our ads. Similarly, if we use Google or Facebook pixels on our site, those may trigger as you browse, and we may share data (like your browser info or that you visited certain pages) with those ad networks to measure ad effectiveness. Any third-party analytics or advertising partners are required to handle personal data in accordance with applicable privacy laws and only for our specified purposes. Where required by law, we will obtain your consent for the use of cookies or tracking (for example, if you’re in a jurisdiction that mandates cookie consent banners).

  • Business Transfers: If Sonoran Printing or Sutton & Smart Group undergoes a business transaction such as a merger, acquisition, corporate reorganization, or asset sale, your personal information may be transferred to the successor or acquiring entity as part of that deal. If such a transfer occurs, your information will remain subject to the protections of this Privacy Policy (unless and until the policy is updated by the successor, in which case you would be notified of the changes). We will require any new owner to continue to honor the privacy commitments made here, or to inform you and obtain consent if legally required.

  • Legal Compliance and Protection: We may disclose personal information when required by law or necessary to protect rights and safety. This includes sharing data in response to valid legal process (such as a subpoena, court order, or government demand), or to meet applicable regulatory requirements. For example, if required by the state of Arizona’s laws or federal laws, we might provide information to regulators or authorities. In the context of political printing, if we are obliged under election laws to retain or produce certain records (such as mailer distribution records), we will comply. Additionally, we may share information as needed to enforce our terms of service, investigate or defend against legal claims, prevent fraud or security issues, or protect the rights, property, and safety of our company, our customers, or others. If you engage in behavior that we believe is unlawful or harmful, we reserve the right to report such activity (along with relevant data) to law enforcement.

  • With Your Consent or At Your Direction: Aside from the cases above, we will share your personal information with third parties only if you have provided consent or requested us to do so. For instance, if you ask us to coordinate with a third-party designer or consultant on your project and to share files or contact info with them, we will do so with your direction. Another example is if we ever want to use your testimonial or logo on our website – we would seek your permission to attribute and display that content. Your choices in such cases will be respected.

  • Aggregated or De-Identified Data: We may share aggregated information that does not identify you personally (for example, “total number of orders in 2025” or statistics like “percentage of customers from California”) with any third party, as this data contains no personal identifiers. Similarly, we might share de-identified data (personal data stripped of identifiers such that it cannot reasonably be linked back to any individual) for research, marketing, or analytics – for example, showing a trend in printing volume without exposing any individual’s information.

Again, we do not sell your personal information for monetary consideration to unaffiliated third parties. However, some data transfers—such as sharing identifiers with advertising partners for tailored ads or sharing info with our affiliates—might be considered a “sale” or “share” under certain privacy laws’ broad definitions. We want to be transparent that these activities occur as part of our business model. California residents have the right to opt out of these practices (see Your California Privacy Rights below). All third parties with whom we share data are expected to use it only for the purposes we specify, consistent with this Policy, and to safeguard the data appropriatelysuttonsmart.com.

Cookies and Tracking Technologies

We use cookies and similar technologies on our website to enhance your experience and for analytics and advertising purposes:

  • What Cookies Are: Cookies are small text files that websites place on your device’s browser. They serve various functions, like enabling certain site features, remembering your preferences, and collecting information about your interaction with the site. We use first-party cookies (set by our domain) for things like keeping you logged in to your account, maintaining your shopping cart between visits, and remembering your site preferences (e.g., currency or language settings).

  • Third-Party Cookies: In addition to our own cookies, some third-party services that we use set their own cookies on our site. For example, Google Analytics may set cookies to gather usage statistics about how visitors navigate our site (e.g., which pages are viewed, how long spent on each page, etc.). Similarly, if we use advertising pixels (such as Facebook Pixel or Google Ads tags), those may set cookies to track when you take certain actions on our site after viewing one of our ads. These cookies help us measure the effectiveness of our ads and may be used to retarget you with advertising on other platforms. Any third-party cookie usage is governed by the privacy policy of the third party (e.g., Google’s or Facebook’s privacy policies).

  • Why We Use Cookies: We use these technologies for several reasons – to ensure our website functions correctly, to understand and improve site performance, and to deliver relevant content. For instance, cookies help us detect if you’re a returning customer so we can preload your account information, or they might allow us to offer a live chat support session based on your browsing. Analytics cookies help us see aggregate patterns of site usage (like total visitors, popular pages, etc.), which informs site improvements. Advertising cookies allow us to provide you with tailored ads that are more likely to be of interest (for example, showing you an ad for a new product line we offer, instead of a random advertisement).

  • Web Beacons and Similar Tech: We may use web beacons (also known as pixel tags or clear GIFs) in our emails and on the site. These are tiny graphic files that contain a unique identifier. In emails, they help us confirm whether you opened the email or clicked on links – useful for understanding engagement with our newsletters or campaigns. On the site, they work in conjunction with cookies to record, for example, when a page is viewed. We might also incorporate scripts from partners that collect information about your browser or device (like device type, OS, and browser version) to improve compatibility and security.

  • Your Choices for Cookies: Cookie Consent – If you are in a jurisdiction that requires an upfront cookie consent (for example, some international users), you may see a banner or notice on your first visit giving you options to accept or reject certain cookies. We will honor choices made via such tools. Regardless of location, you have the ability to control cookies through your browser settings. Most web browsers allow you to refuse new cookies, delete existing cookies, or notify you when a new cookie is being set. Please note that if you disable cookies entirely, some features of our site (like the shopping cart or account login) may not function properly. You can typically find cookie-setting controls in your browser’s “Settings” or “Privacy” menu.

  • Do Not Track Signals: “Do Not Track” (DNT) is a browser setting that allows you to signal a preference not to be tracked across websites. Currently, there is no universal standard on how to respond to DNT signals, and our site does not respond to DNT browser headers in a uniform way. However, we do respond to the newer Global Privacy Control (GPC) signals. If your browser or extension is enabled for GPC (a mechanism developed to allow consumers to send a general “do not sell or share my info” request), we will treat it as a valid opt-out of selling/sharing your data for targeted advertising, as required by the CCPAglobalprivacycontrol.org. In practice, this means if we detect a GPC signal from your device, we will disable third-party advertising cookies or pixels on our site for that browser and refrain from using your data for third-party targeted marketing from that point forward.

  • Analytics and Advertising Opt-Outs: In addition to managing cookies in your browser, you can opt out of Google Analytics tracking by using the Google Analytics Opt-Out Browser Add-on. For interest-based advertising, many ad networks participate in industry opt-out programs. You can visit the NAI’s opt-out page or the DAA’s Consumer Choices page to opt out of targeted ads from participating networks. Keep in mind, opting out of ad cookies doesn’t mean you won’t see any ads—it just means the ads will likely be less relevant to your interests.

Marketing Communications & Consent (Email and SMS)

We offer opportunities for customers and prospects to receive updates via email newsletters and SMS text messages. We value your preferences and adhere to laws like the CAN-SPAM Act for email and the Telephone Consumer Protection Act (TCPA) for SMS in how we conduct marketing. Below is how we handle these communications:

  • Email Marketing: If you subscribe to our email list (or make a purchase and don’t opt out of email marketing), we may send you occasional emails about new products, special offers, or company news. Each marketing email will include an “Unsubscribe” link at the bottom. You can click that at any time to remove yourself from our promotional email list. Once unsubscribed, we will not send you marketing emails, but we may still email you for transactional or administrative purposes (e.g., order receipts, shipping notices, or responses to customer service inquiries). We do not share your email address with third parties for their own email marketing without your consent.

  • SMS/Text Marketing: We provide an opt-in option for receiving promotional and updates via SMS. You will only receive marketing text messages if you have expressly consented (for example, by entering your phone number and checking a box agreeing to texts, or by texting a designated keyword to our number). We take compliance seriously for SMS:

    • Consent Not Required: We will always make clear that your consent to receive text messages is voluntary and not a condition of purchase. Whether you grant or deny SMS consent will not affect your ability to use our services or make a purchase.

    • Message Frequency and Rates: By opting in, you agree that we may send you periodic messages. Message frequency may vary (for example, a few messages per month, or specific campaign-related bursts during a promotion). Message and data rates may apply per your mobile plan. (Typically, whatever you pay for standard SMS/MMS will apply.)

    • Autodialed Marketing Messages: You acknowledge that some messages may be sent via an automatic telephone dialing system or other automated system. This might include promotional messages, reminders, or announcements. By opting in, you agree to receive such automated messages from Sonoran Printing at the phone number you provided.

    • Opt-Out Instructions: You can opt out of SMS messages at any time. Our text messages will include clear instructions, usually stating to reply “STOP” to cancel. If you send “STOP” to us, we will send a confirmation text and then cease further marketing messages to that number. If you have multiple programs or brands, it may unsubscribe you from Sonoran Printing’s texts; if we run separate short codes for different types of messages, we will make it clear in the messages how to opt out of each. You may also text “HELP” for information or contact our customer service for assistance. We will honor SMS opt-out requests promptly and in accordance with TCPA and carrier requirements.

    • Disclosure Example: (For transparency, here’s an example of the kind of language you might see at opt-in: “By subscribing, you agree to receive recurring automated marketing text messages from Sonoran Printing at the phone number provided. Consent is not a condition of purchase. Msg & data rates apply. Msg frequency may vary. Reply STOP to opt out, HELP for help.”documentation.onesignal.com.) We include the essence of these disclosures whenever we obtain SMS consent.

  • Third-Party Marketing Platforms: We may use a third-party platform to manage our email or SMS campaigns, but any such provider is only sending messages on our behalf. They are not allowed to use your contact info for their own marketing. If we ever switch providers, your consent preferences will remain in place (meaning if you opted out, we will not restart messages unless you opt in again).

  • Transactional vs. Promotional: Please note that opting out of marketing messages (email or SMS) will stop promotional communications, but you may still receive transactional messages. Transactional messages are those necessary for our services, such as order confirmations, shipping alerts, password resets, or important notices about your account or orders. These are not considered marketing; therefore, we may send them without an unsubscribe option as long as they are purely service-related.

  • Compliance and Record-Keeping: We keep records of your consent (timestamp, source of opt-in) as required by law. We also comply with CAN-SPAM by ensuring our emails have accurate subject lines, our physical mailing address listed, and a working unsubscribe mechanism. For SMS, we comply with TCPA/CTIA guidelines, as illustrated above, and honor the National Do Not Call Registry for any telephone outreach as applicable. If you believe you have received an unsolicited message from us in error, please contact us so we can investigate and resolve the issue.

Your marketing preferences can be managed by using the opt-out mechanisms provided or by contacting us directly (see Contact Us at the end of this Policy). We will process opt-out requests as soon as possible and in accordance with legal requirements.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this Policy, unless a longer retention period is required or permitted by law. In practice:

  • Customer Accounts: For users who create an account on our website, we retain your profile information and order history until you request deletion or as long as your account remains active. Keeping this information allows you to view past orders, reorder easily, and for us to provide personalized service.

  • Orders and Transactions: We keep records of your orders (including personal data associated with each order) for at least the minimum period required by law. This is often dictated by tax regulations, accounting rules, or statutes of limitations for contract claims. For example, we may retain invoice and payment records for a number of years (often 7 years under U.S. tax law) in case of audits or financial reporting obligations. We may keep records longer if we reasonably need them for legitimate business or legal purposes – for instance, if there is an ongoing dispute or we suspect fraud, we might retain relevant data until the issue is resolved.

  • Direct Mail Data Files: If you provide voter lists or mailing lists for a print job, we will typically retain those files only as long as needed to complete the project and for a short period thereafter in case you need reprints or if there are issues (e.g., undeliverable addresses that need correction). We do not indefinitely keep large third-party personal data files. Unless you instruct us otherwise, we may delete or anonymize those uploaded mailing lists after completion of the service or within a certain timeframe (for example, 60-90 days after order fulfillment) to reduce risk. We might keep a secure backup copy for a longer period solely for record-keeping or to comply with any legal requirements, but we will not use that data for any new purposes.

  • Marketing Data: If you have opted in to marketing communications, we retain the information necessary to continue sending you those communications (and to prove your consent) until you opt out. If you unsubscribe from emails, we may keep your email on a suppression list indefinitely to ensure we respect your unsubscribe. Similarly, for SMS, we maintain records of opt-outs to avoid sending further texts. If you delete your account or withdraw consent, we may still retain minimal contact info as needed to document your opt-out or to avoid re-sending requests.

  • Website Logs & Analytics: Our web server logs, analytics data, and security logs are retained for varying periods. General web logs might be kept for a few months to a year, analytics data may be kept by Google Analytics in aggregate form for several years (as per Google’s standard retention settings, which we may configure), and security-related logs (such as records of access attempts) might be kept longer if we are monitoring for malicious activity.

  • Backup Systems: Please be aware that we maintain backups of our data for reliability. So even if data is removed from our active systems, it might persist for a time in encrypted backups until those backups are rotated out or deleted. We have retention schedules for backups as well, after which they are securely deleted or overwritten.

  • Deletion Upon Request: (See Your Rights below for how to request deletion.) When you request data deletion, we will delete or anonymize your personal information from our active databases, except for information we are required or permitted to retain by law. We will also instruct our service providers to delete your data from their records where applicable. However, some residual information may remain in backup files or archives for a period, but it will be isolated and protected. We also retain a record of your deletion request itself as a record of our compliance.

In summary, we try not to keep personal data longer than necessary. When personal information is no longer needed, we will ensure it is securely deleted or irreversibly anonymized. If you have specific questions about our data retention practices for a certain type of data, feel free to contact us.

Data Security

We take the security of your personal information seriously and implement reasonable administrative, technical, and physical safeguards to protect it from unauthorized access, alteration, disclosure, or destruction. Our measures include:

  • Secure Hosting: Our website and databases are hosted on secure servers. We use Shopify’s platform and other reputable hosting services that employ industry-standard security protections, including firewalls, intrusion detection systems, and regular security audits.

  • Encryption: We enforce HTTPS (TLS) encryption on our website, which means that the data transmitted between your browser and our site (such as when entering personal or payment information) is encrypted in transit. For sensitive data like payment information, our payment processors tokenize or encrypt that information end-to-end. We do not store plaintext payment card details on our systems.

  • Access Controls: Internally, we limit access to personal data to employees and contractors who need that information to perform their duties (for example, our customer service team accessing your order details to assist you, or our print technicians accessing your artwork file to produce your order). All personnel are bound by confidentiality obligations. We use role-based access controls and authentication safeguards (strong passwords, two-factor authentication where possible) for our administrative systems to reduce the risk of unauthorized access.

  • Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. Security patches and updates are applied regularly to our software and platforms to address known vulnerabilities. We may also run security assessments or employ third-party security services to test and improve our defenses. If Shopify or another major provider issues a security alert or update, we act promptly to apply it.

  • Payment Security: We comply with the Payment Card Industry Data Security Standards (PCI-DSS) by using PCI-compliant payment processors. Any page where you enter credit card information is secured and compliant with these standards. We never ask for your payment details via email or unsolicited communication.

  • Physical Security: For any physical facilities (like our offices or print shop computers) that contain personal data, we implement reasonable physical security measures. This might include locked facilities, alarm systems, and ensuring that devices with sensitive data are not left unsecured. Printed copies of documents with personal data (if any) are stored securely and shredded when no longer needed.

  • Employee Training: We train our staff about the importance of data privacy and security. Employees are instructed on proper data handling practices, how to recognize phishing or social engineering attempts, and the procedures to follow in the event of a potential data breach.

  • Incident Response: Despite all precautions, no method of transmission or storage is 100% secure. We have a data breach response plan in place. In the unlikely event of a security breach that compromises personal data, we will act quickly to contain the issue, mitigate any harm, and notify affected individuals and authorities as required by law. We will also investigate the incident thoroughly and take steps to prevent a recurrence.

Important: You also play a role in keeping your data secure. We encourage you to use a strong, unique password for your Sonoran Printing account and to keep your login credentials confidential. If you suspect any unauthorized activity or that your interaction with us is no longer secure (for example, if you feel your account has been compromised), please contact us immediately.

While we strive to protect your information, we cannot guarantee absolute security. By using our site, you acknowledge that no data transmission or storage system can be guaranteed 100% secure. However, we will continue to update and improve our security measures to meet or exceed industry best practices.

Your Privacy Rights and Choices

We believe in giving you control over your personal information. Depending on your location and the nature of your interactions with us, you have certain privacy rights. This section describes the rights available to all users as well as additional rights for California residents (and others in certain jurisdictions). We also outline how you can exercise these rights and make choices about your data.

Access and Correction

  • Right to Access: You have the right to request confirmation of whether we are processing your personal information and to receive a copy of the specific pieces of personal information we hold about you. This includes information like the data you provided (contact info, order history, etc.) and potentially some metadata or inferred information we have associated with you (to the extent required by law).

  • Right to Correct: If any of your personal information is inaccurate or outdated, you have the right to request that we correct or update it. You can also log into your account (if you have one on our site) to directly review and update certain information like your contact details or addresses. If you need assistance correcting any information, please contact us and we will make the correction upon verifying your identity and the new information.

  • How to Make a Request: To exercise access or correction rights, you can contact us using the information provided in the Contact Us section. Please specify what information you would like to access or correct. For your security, we will need to verify your identity before fulfilling significant data requests (so we don’t inadvertently give your data to someone else). Verification might involve confirming some information we already have on file or asking for identification, as permitted by law.

  • Response Time: We will respond to access or correction requests within a reasonable timeframe. Under some laws (like CCPA), we have up to 45 days to respond (which can be extended once by another 45 days if necessary, with notice to you). We aim to be faster than that in most cases. If we need an extension or cannot fulfill your request (e.g., if it’s unduly repetitive or vexatious), we will explain the reason to you.

Deletion (Right to Erasure)

  • Right to Delete: You may request that we delete the personal information we have collected from you. Upon a verified request, we will delete your personal information from our records and instruct any service providers to do the same, subject to certain exceptions.

  • Exceptions: We may decline or defer deletion in specific situations allowed by law. For example, we may retain needed information to complete a transaction you requested (or to fulfill a contract between us), to detect or prevent security incidents or fraud, to fix errors, or to comply with legal obligations (such as maintaining records of sales for tax, or if the information is needed for a legal claim or defense). We may also keep data if it is used for internal purposes that are compatible with the context in which you provided it, and if such retention is permitted by law (for instance, using your order history to run anti-fraud checks or to analyze our business performance, as long as we’re not prohibited from doing so). In all cases, if we must retain some data for the reasons above, we will only retain as much as is necessary for the allowed purpose and will delete it when that purpose no longer applies.

  • No Discrimination: We will not penalize or discriminate against you for exercising your deletion right or any other privacy right. For instance, we won’t deny you services, charge you different prices, or provide a different level of quality just because you requested data deletion or opted out of data sharing (subject to the allowed exceptions in the law). If a certain piece of data is necessary for providing you a service (e.g., shipping address for delivering a product you ordered), and you choose to delete it, we will inform you if that means we can’t complete the service unless you provide an alternative. But we will not retaliate or impose punitive measures due to your request.

  • How to Request Deletion: You can submit a deletion request by contacting us (see Contact Us). Please clearly indicate that you want your personal information deleted. We will likely ask you to verify your identity and confirm the request (especially for sensitive data or extensive records) before deleting. For example, if you have an account, we may ask you to log in or respond to an email/phone contact to confirm that the account deletion request is legitimate.

  • After Deletion: Once we process a deletion request, your account (if you have one) will be deactivated/removed and you will lose access to it. We will also take steps to delete personal information from our active databases. However, as noted in Data Retention, some information may remain in our backups or archives for a period of time, or we may keep basic information to record your request or satisfy legal requirements. We will not use that retained data for any new purposes. Also note that deletion requests are specific to the data we collected from you; if you provided us with a mailing list containing third-party data, and that project is complete, we would have already handled that data as per our service terms (usually deleting it after use), but if any remains, we would delete it too upon your request.

Opt-Out of Sale or Sharing of Personal Information

  • Right to Opt-Out (Do Not Sell or Share My Info): As mentioned, we do not sell your personal information for money to data brokers. However, we do share some identifiers and analytics/advertising data with third parties to enhance our marketing, which could be deemed a “sale” or “sharing” under privacy laws like the CCPA. If you are a California resident (or a resident of a state with a similar law, such as Colorado, Virginia, Connecticut, etc.), you have the right to direct us not to sell or share your personal information for targeted advertising purposes.

  • How to Opt Out: You can opt out of data sale/sharing by contacting us with your request (see Contact Us). Additionally, if we have a “Do Not Sell or Share My Personal Information” link on our website footer or a toggle in the Privacy settings, you can use that. We will also honor user-enabled global privacy controls – for example, if your browser sends a Global Privacy Control (GPC) signal indicating an opt-out, we will treat it as a valid opt-out request for your device/browser without you needing to contact us separatelyglobalprivacycontrol.org.

  • Effect of Opting Out: Once you have opted out, we will stop sharing your personal information with third parties for their own use or for cross-context behavioral advertising. This means, for instance, we will not send your data to ad networks to target you with ads, and we will instruct our marketing partners not to use your data for building profiles or audiences. You may still see advertisements – but they will be generic or contextual (based on the content you’re viewing, not based on your personal data from us). Opting out does not affect sharing with our service providers (who use data only to perform services for us) or our affiliates (with whom we share for joint business purposes) unless those affiliates would themselves be considered “third parties” under the law. However, if you opt out, we will also stop sharing your data with our Sutton & Smart Group affiliates for their own direct marketing purposes, to the extent that might be considered a “sale” or is subject to opt-out under applicable law.

  • Confirmation: If you exercise the opt-out, we will provide confirmation that your request was received and processed. Under CCPA/CPRA, we are required to comply with opt-out requests as soon as feasibly possible, but at most within 15 business days. We aim to process such requests promptly.

  • Opting Back In: If you have opted out and later change your mind, you are welcome to opt back in to data sharing (for example, by subscribing to a marketing program or adjusting your preferences in an account setting if available). Any such opt-in must be through a clear affirmative action on your part (we will not automatically re-add you).

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights regarding your personal information. In addition to the rights discussed above (access, deletion, opt-out), you have the right to know about our data practices. Here is a summary of the information we are required to give California consumers, and how you can exercise your rights:

  • Categories of Personal Information Collected: In the past 12 months, we have collected the following categories of personal information (as defined by CCPA) – Identifiers (like name, email, phone, address, IP address); Customer Records information (payment info, billing/shipping details); Commercial Information (purchase history); Internet or Network Activity (browsing on our site, cookie data); Geolocation Data (approximate location from your IP or provided address); and in some cases Professional or Employment Information (if you provided a company/organization or your role for a business account). We do not intentionally collect sensitive personal information as defined under CPRA (like SSN, driver’s license, precise geolocation, etc.), except perhaps if contained incidentally in files customers provide – and we only use such sensitive data for the service requested (e.g., printing a document that contains it).

  • Categories of Sources: We collect this information directly from you, automatically through your use of our site, and from service providers (like Shopify or analytics tools) that collect information on our behalf. See “Information We Collect” and “How We Collect” sections above for more detail.

  • Business or Commercial Purposes for Collection: The purposes are detailed in the “How We Use Your Information” section above, and generally include providing services (fulfilling orders), marketing, improving our services, security, and other operational purposes.

  • Categories of Third Parties Shared With: In the last 12 months, we have disclosed the above categories of personal information to third parties for business purposes, including our affiliates, service providers (payment processors, shippers, etc.), and advertising/analytics partners. We do not sell data for money, but certain sharing (with ad partners or affiliates) may be considered a “sale”/“sharing” under California law. Specifically, we have “sold”/“shared” identifiers (like cookie IDs or hashed emails) and internet activity to advertising partners for the purpose of targeted advertising.

  • Right to Know: You can request that we disclose to you: (1) the specific pieces of personal information we have about you; (2) the categories of personal information collected, sources, and third parties we share with; and (3) the business purposes for collection or selling/sharing. Much of this is outlined in this Privacy Policy, but you can also make a formal request for a personalized report.

  • Right to Delete: (Addressed above in general rights – California requires us to again offer deletion as described.)

  • Right to Opt-Out of Sale/Sharing: (Addressed above – California users can opt out of sale or sharing for targeted ads.)

  • Right to Correct: (Addressed above – California explicitly grants right to correct inaccuracies.)

  • Right to Limit Use of Sensitive PI: We do not use or disclose sensitive personal information for purposes other than those allowed by law (like fulfilling services you requested or fraud prevention), so this right is not applicable in any meaningful way for our current practices.

  • No Financial Incentive Offered: We do not offer compensation or price differences in exchange for your data (e.g., we don’t have a program where you get a discount for allowing us to sell your data), so we have no financial incentive practices to describe under CCPA.

  • Exercising Your California Rights: To make any request under CCPA (access/know, delete, correct, opt-out), you may contact us as described in Contact Us. You can also use any designated methods we provide (for example, webforms or the “Do Not Sell” link if available). You may be required to provide information for verification (we will match identifying information you provide with our records). If you use an authorized agent to submit a request on your behalf, we will require proof of the agent’s authorization (such as a signed permission from you or a power of attorney) and will still need to verify your identity directly (unless the agent has power of attorney per Cal. Probate Code).

  • Timing and Response: We will confirm receipt of your request within 10 business days and provide a substantive response within 45 calendar days, or inform you if an extension of up to 45 additional days is needed. If we decline any part of your request due to an exemption, we will explain the basis for that (unless prohibited from doing so).

  • Shine the Light (California Civil Code § 1798.83): Separately from CCPA, California’s “Shine the Light” law allows residents to request information about any personal information disclosed to third parties for those parties’ own direct marketing purposes in the previous calendar year, and the names of those third parties. However, Sonoran Printing’s policy is not to share personal information with unaffiliated third parties for their own direct marketing without consent. We do share information with our affiliates (as described above) and with marketing service providers, but those uses are for our marketing, not for others to market to you independently. If you still wish to make a Shine the Light inquiry, you can do so by contacting us, and we will provide the required information if applicable. In general, our offering of an opt-out of sale/sharing as described above is intended to encompass and satisfy any such direct marketing opt-out as well.

  • No Discrimination: As stated, we will not discriminate against a California consumer for exercising their CCPA rights (no denial of goods/services, no differential pricing or quality, no suggesting you’ll get a different price/quality for not exercising a right, except if a difference is reasonably related to the value provided by the data, which we are not currently doing)suttonsmart.com.

Other State Privacy Rights

Residents of certain other states may have similar rights under their respective privacy laws (for example, the Colorado Privacy Act, Virginia’s CDPA, Connecticut’s privacy law, Utah’s law effective at the end of 2023, etc.). If you are a resident of one of these states, you may have the right to confirm if we process your data, to access and delete personal data, to correct inaccuracies, to opt out of targeted advertising or sales, and to appeal our decision on any request you make. We intend to honor valid requests under those laws as well. The processes for submitting and verifying requests will be similar to those outlined above for California (please contact us to exercise your rights). If you submit a request and believe we have denied it improperly, you may contact us to appeal the decision (please indicate it’s an appeal of a privacy request). We will review appeals promptly and inform you of any decision. If your state law provides for further recourse (such as contacting the state Attorney General), we will let you know in our response.

International Users

Our services are primarily directed to users in the United States. We do not actively market to or seek to transact with individuals in the European Union, United Kingdom, or other regions with comprehensive data protection laws (like GDPR) in a manner that would subject us to those laws. If you are accessing our site from outside the U.S., please be aware that your information will likely be transferred to, stored, and processed in the United States. The data protection and privacy laws in the U.S. may not be as protective as those in your jurisdiction. By using our services or providing us with information, you acknowledge that your data will be handled in accordance with this Privacy Policy and U.S. law, and you consent to the transfer of your personal information to the U.S.

That said, we value the privacy of all our users. If you are an international user and you contact us with a request concerning your data (for example, an EU user asking for deletion or access), we will try to accommodate you if feasible, even if the laws of your country do not directly apply to Sonoran Printing. We cannot guarantee the same scope of rights or response times as provided by GDPR, especially given we are not structured to fully comply with those regimes, but we will not ignore legitimate concerns. For example, if a European customer uses our service, they may have rights under GDPR. While we do not represent that we fully comply with GDPR (since we do not target the EU), we will still handle any personal data we do have with care and honor reasonable requests regarding it.

If you are located in the EU/EEA or UK and do not agree to the above terms or lack of GDPR safeguards, we advise you not to use our services. If you do use our services, any personal data you provide will be subject to U.S. jurisdiction and this Privacy Policy.

Children’s Privacy

Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. (In fact, given the nature of our services – printing and political/campaign materials – it is unlikely children would be using our site.) If you are under 13, please do not attempt to register an account, make a purchase, or send any personal information about yourself to us. If we learn that we have inadvertently collected personal information from a child under 13, we will delete that information promptly in accordance with the Children’s Online Privacy Protection Act (COPPA).

For teens between 13 and 18: Our services are generally intended for adults (18+) or businesses. If you are between 13 and 18, you should only use our site with the involvement and consent of a parent or guardian. We may refuse to accept orders or engagements if we suspect the user is not of legal age to form a contract.

If you are a parent or guardian and you believe that your child under 13 has provided personal information to us, please contact us immediately (see Contact Us below). We will work with you to remove that information from our systems. We are committed to complying with applicable laws aimed at protecting children’s privacy.

Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Policy with a new “Last Updated” date at the top. If changes are significant, we may also provide additional notice to you (such as by email or a notice on our website’s homepage) to the extent required by law or as a courtesy.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after any update to this Policy will signify your acceptance of the changes, provided that if we were to materially change how we handle personal data in a way that is less protective or materially different from what is stated here, we will obtain any required consent from you (or give you a chance to opt in or out, as applicable under law).

If you have any questions about the Privacy Policy or any changes, you can always contact us for clarification.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or how Sonoran Printing LLC handles your personal information, please do not hesitate to contact us:

Sonoran Printing LLC (Attn: Privacy Officer)
1234 Campaign Way
Phoenix, AZ 85001, USA
Email: privacy@sonoranprinting.com
Phone: (602) 962-3548 (for privacy inquiries, Mon-Fri 9am-5pm MST)

You may reach out to us to exercise any of your rights described above, or with any questions about this Policy or our data practices. We will respond as promptly as reasonably possible, generally within 30 days or as required by law. If you make a rights request, we may need to verify your identity for security reasons, as discussed.

We are committed to resolving any complaints or disputes regarding personal information. If you are not satisfied with our response to a privacy-related issue, please let us know and we will do our best to address your concerns. California residents may contact the California Attorney General or the new California Privacy Protection Agency for unresolved issues. Residents of other jurisdictions may have similar authorities. However, we sincerely hope to work with you directly to resolve any issue.

Thank you for trusting Sonoran Printing with your printing needs and your personal information. We value our customers and their privacy, and we will continue to work hard to keep your data secure and handle it responsibly.

Governing Law

This Privacy Policy and any disputes arising out of it or related to our handling of personal data are governed by the laws of the State of Arizona, USA, without regard to conflict of law principles. By using our services, you agree that any legal action or proceeding concerning this Policy (to the extent such action is not precluded by an arbitration clause or other dispute resolution mechanism in our Terms of Service) shall be brought exclusively in the courts of Maricopa County, Arizona. You consent to the personal jurisdiction of such courts and waive any objections to venue on the grounds of inconvenience or otherwise. This means, for example, if any dispute were to proceed in court (rather than through arbitration or other means), the case would be heard in a state or federal court located in Phoenix, Arizona (Maricopa County).

Please note that nothing in this Governing Law section will override any rights you may have under applicable consumer protection laws or privacy laws that by law cannot be waived or limited by contract. However, to the maximum extent permitted, the laws of Arizona will apply and any proceedings will take place as stated above.

By using Sonoran Printing’s website or services, you acknowledge that you have read and understood this Privacy Policy. We appreciate your business and your trust. If you have any questions about this Policy, please contact us.