TAG Sports Graphics

1. Introduction

TAG Sports Graphics ("TAG Sports," "we," "us," or "our") operates the Home Base application at base.tagsports.net (the "Application"). This Privacy Policy explains how we collect, use, store, share, and protect information when you use our Application or when our Application connects to third-party services on your behalf.

TAG Sports Graphics is a small business located in Boise, Idaho that prints custom youth sports team logos on decals, helmets, apparel, and other merchandise. The Application is a private, internal operations tool used by TAG Sports employees to manage the order-to-delivery workflow.

2. Information We Collect

A. Account Information

For authorized users of the Application (TAG Sports employees), we collect:

• Name and display name
• Email address (used for authentication)
• Role within the organization

B. Customer and Order Data

In the course of business operations, the Application stores information about TAG Sports customers and their orders, including:

• Customer name, organization (team name), email, phone number, and shipping address
• Order details including items, quantities, personalization options, and order status
• Files uploaded in connection with orders (mockups, proofs, print files, photos)
• Internal notes and comments related to orders

C. QuickBooks Online Data

When you authorize a connection to your Intuit QuickBooks Online account, the Application accesses the following data on a read-only basis:

• Invoices and invoice line items
• Customer records

The Application does not create, modify, update, or delete any data in your QuickBooks Online account. Access is strictly read-only. The Application accesses your QuickBooks data only after you expressly authorize the connection via Intuit's OAuth 2.0 authorization flow.

D. Data from Other Integrations

The Application also connects to the following third-party services:

• Etsy — read-only import of order and customer data from the TAG Sports Etsy shop
• ShipStation — read-only monitoring of shipping status for existing orders

E. Technical and Usage Data

We may collect standard technical data such as IP addresses, browser type, device information, and application usage logs for the purpose of operating and securing the Application.

3. How We Use Your Information

We use the information we collect solely to:

• Operate and provide the Application's features, including order management, production tracking, and shipping coordination
• Synchronize data between QuickBooks Online, Etsy, ShipStation, and the Application to facilitate business operations
• Send transactional email notifications to customers regarding their order status (via Resend)
• Maintain, secure, and improve the Application
• Comply with legal obligations

We do not use your data for advertising, marketing to third parties, or any purpose unrelated to providing the Application's services.

4. Data Sharing

We do not sell, rent, or trade your personal information or your QuickBooks data to any third party.

We may share data in the following limited circumstances:

• With Intuit/QuickBooks — as required for API connectivity and OAuth authorization
• With service providers — we use Supabase (database and authentication), Vercel (application hosting), and Resend (transactional email delivery) to operate the Application. These providers process data only as necessary to provide their services
• To comply with law — if required by a subpoena, court order, or other legal process
• With your consent — if you expressly authorize additional sharing

5. Data Security

We implement commercially reasonable security measures to protect your data, including:

• Encryption at rest — all data stored in our database is encrypted using AES-256 encryption
• Encryption in transit — all data transmitted between the Application and our servers, and between our servers and third-party APIs, is protected using TLS 1.2 or higher
• Row Level Security (RLS) — database access is enforced at the row level so that users can only access data appropriate to their role
• Server-side credential handling — all OAuth tokens, API keys, and third-party credentials are stored and processed exclusively on the server. No secrets or tokens are ever sent to or accessible from the client-side browser
• Role-based access control — the Application enforces role-based permissions (admin, manager, production, designer) to limit data access to authorized personnel
• Authentication — access to the Application requires email and password authentication via Supabase Auth

No system is perfectly secure. You are responsible for protecting your login credentials and promptly notifying us if you suspect unauthorized access to your account.

6. Data Retention

We retain data for as long as necessary to provide the Application's services and to comply with our legal and business obligations:

• Account data — retained while the user's account is active and for a reasonable period after deactivation
• Order and customer data — retained for business continuity and legal compliance purposes (tax records, order history)
• QuickBooks data — synchronized data is retained as part of the order management workflow. If you disconnect your QuickBooks account, we revoke OAuth tokens and stop accessing your QuickBooks data. Previously synchronized data that has been incorporated into the order management workflow is retained for business continuity
• System notifications — automatically purged after 30 days

7. Data Deletion and Disconnection

QuickBooks disconnection: You may disconnect your QuickBooks Online account at any time through the Application's admin settings. Upon disconnection, we will revoke the OAuth tokens via Intuit's revocation endpoint and delete stored credentials from our database.

Data deletion requests: You may request deletion of your account and stored data by contacting us at the address below. We will process deletion requests within a reasonable time, subject to any legal retention obligations.

8. Children's Privacy

The Application is a business operations tool intended for use by authorized employees of TAG Sports Graphics. We do not knowingly collect personal information from children under the age of 16.

9. Your Rights and Choices

Depending on your jurisdiction, you may have rights regarding your personal information, including the right to access, correct, or delete your data. To exercise any of these rights, please contact us using the information below.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Your continued use of the Application after any changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: