Data Handling Policy

Last updated: April 2026

1. Overview

Thick Thigh Tribe, LLC ("TTT," "we," "us") operates a multi-channel e-commerce business selling apparel and accessories. We sell through our own website (thickthightribe.com) and third-party marketplaces including Amazon, Shopify, Walmart, and TikTok Shop. This policy describes how we collect, process, store, use, share, and dispose of data received from marketplace platforms and our customers.

2. Data We Collect from Marketplaces

When an order is placed on a marketplace, we receive the following data to fulfill the order: buyer name and shipping address, order details (items ordered, quantities, order ID), and payment confirmation status (we do not receive or store payment card information).

3. How We Use Marketplace Data

Marketplace buyer data is used exclusively for: routing orders to the appropriate fulfillment hub, generating shipping labels via our carrier partner (USPS through EasyPost), pushing tracking information back to the marketplace, and processing returns and customer service inquiries.

We do not use marketplace buyer data for marketing, advertising, analytics, profiling, or any purpose beyond order fulfillment and customer service.

4. Data Storage and Security

Order data is stored in a PostgreSQL database hosted on Supabase (AWS infrastructure, us-east-1 region). Security measures include: encryption at rest (AES-256 via AWS server-side encryption), encryption in transit (TLS 1.2+), access control (Row-Level Security policies enforce role-based access at the database level), authentication (JWT-based authentication with session expiration), and monitoring (Sentry for real-time application error tracking; Supabase for database access logging).

5. Data Sharing

We share buyer data only with the following parties, solely for order fulfillment: EasyPost (our shipping API provider, for generating shipping labels) and USPS (our carrier, for package delivery). We do not sell, rent, or share marketplace buyer data with any other third parties.

6. Data Retention and Disposal

Personally identifiable information (buyer name, shipping address, email) is retained for a maximum of 30 days after order fulfillment is confirmed. After this period, PII is purged from our database. Non-PII order metadata (order ID, SKU, quantity, tracking number, fulfillment status) is retained for business operations and reporting.

7. Employee Access

Access to marketplace data is restricted by role: Admin has full access to order data and system configuration. Hub managers have access only to orders and inventory for their assigned fulfillment hub. No employee has direct database access — all access is through the application interface with RLS enforcement.

8. Incident Response

In the event of a suspected data breach, our procedure is: (1) immediately revoke compromised credentials and rotate API keys, (2) review database access logs to determine scope of exposure, (3) notify affected marketplace platforms per their data breach notification requirements, (4) notify affected individuals as required by applicable law.

9. Contact

For questions about this policy, contact us at: Thick Thigh Tribe, LLC legal@thickthightribe.com