Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Spring (formerly Teespring) is a US-based creator commerce platform that enables content creators to design and sell custom merchandise directly to their audience. When EU customers make purchases, their personal data (name, address, email, payment details) is processed on US infrastructure. SCCs and a DPA with Spring are required. Creators must disclose Spring as a data processor in their privacy policy.
Spring is a creator commerce platform enabling YouTubers, streamers, and content creators to design and sell custom merchandise through a branded storefront. Products are printed and fulfilled on-demand. Creators link to their Spring store and Spring handles payment, fulfilment, and customer service.
EU customer data is processed on Spring''s US infrastructure. SCCs are the applicable transfer mechanism. Creators using Spring must sign a DPA with Spring and disclose Spring in their privacy policy as a processor for order fulfilment. Spring''s own privacy policy and DPA terms govern their data handling obligations.
Review Spring''s DPA and sign it. Disclose Spring as a processor in your privacy policy with the US transfer notice. Add a cookie consent banner on your creator page if you use Spring''s analytics pixels. Provide customer service contact for data subject rights requests related to Spring orders.
Websites using Spring (formerly Teespring) must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA may be required for large-scale creator commerce operations involving significant EU customer data volumes or advanced customer profiling for marketing.
Sample consent text
This creator store is powered by Spring (formerly Teespring), a US-based commerce platform. Your order and customer data is transferred to the US under Standard Contractual Clauses. See our privacy policy for full details.
Third-party domains contacted
www.spri.ngapi.spri.ngcdn.spri.ngcheckout.spri.ngwww.google-analytics.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| _spring_session | functionality | Session | Maintains the user session for the Spring creator storefront and checkout process. |
| _spring_cart | functionality | 30 days | Stores shopping cart contents and selected product variants during the purchase flow. |
| _spring_ga | analytics | 2 years | Google Analytics cookie used by Spring to measure storefront traffic and conversion rates. |
| _spring_fbp | marketing | 90 days | Meta Pixel cookie for tracking ad conversions and retargeting visitors who interacted with Spring storefronts. |
| _spring_csrf_token | security | Session | CSRF protection token for checkout form submissions and account management actions. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
Spring sets cookies for session management, shopping cart persistence, and user authentication. The platform also uses analytics and marketing cookies to track visitor behavior, measure campaign performance, and enable retargeting. Third party cookies from payment processors and social media integrations may also be present.
Yes, consent is required for non essential cookies set by Spring. While session and cart cookies necessary for the purchase process may rely on a strictly necessary exemption, analytics, marketing, and retargeting cookies require prior consent under the ePrivacy Directive and GDPR.
Essential ecommerce cookies for cart and checkout can rely on legitimate interest or contractual necessity under Article 6(1)(b) GDPR. Marketing, analytics, and retargeting cookies require consent under Article 6(1)(a). If Spring embeds are used on your site, each cookie category needs its own legal basis assessment.
Yes, Spring is a US based company and processes data on American servers. If you sell to European customers or embed Spring stores on EU targeted websites, you must ensure appropriate safeguards are in place, such as Standard Contractual Clauses, and disclose these transfers in your privacy policy.
A DPIA is recommended if you use Spring with extensive marketing integrations, behavioral tracking, or large scale profiling of European buyers. Standard use of Spring for selling merchandise typically does not trigger mandatory DPIA requirements, but documenting your assessment is best practice.
If embedding Spring storefronts on your website, implement a consent management platform that blocks marketing and analytics scripts until consent is given. Ensure your privacy policy covers Spring's data collection practices. For standalone Spring stores, review Spring's built in privacy controls and configure them appropriately.
Consider print on demand platforms that offer EU based data processing or more granular cookie controls. Alternatives include Printful (with EU fulfillment options), Gelato (European based), or self hosted ecommerce solutions like WooCommerce with a local print partner. Each has different privacy trade offs.
List all cookies Spring sets on your visitors' browsers, categorized by purpose: essential (cart, session), analytics (visitor tracking), and marketing (retargeting, social media). Include the cookie names, expiration periods, and whether they are first party or third party. Mention Spring as a data processor in your privacy policy.