# Privacy Policy **Version:** 1.0.0 **Effective Date:** May 1, 2026 **Last Updated:** April 30, 2026 ## 1. Who we are Print 'em Huge ("**we**", "**us**", "**our**") operates the website and services at [https://printemhuge.com](https://printemhuge.com). This Privacy Policy explains what information we collect about you, how we use it, who we share it with, how long we keep it, and what your choices are. This policy is part of our Terms of Service and uses the same definitions where applicable. ## 2. Information we collect ### 2.1 Information you give us When you create an account: - **Email address** — required. Used to identify your account, send transactional emails (welcome, payment receipts, refund notifications, password reset if applicable), and rarely, product announcements. - **Name and profile picture** — populated automatically if you sign in via Google or GitHub OAuth (we receive your public profile from those providers); otherwise blank or set by you in account settings. We never see your password. Authentication is handled by our third-party provider Clerk; if you use email-and-password sign-in, your password lives only with Clerk and is never transmitted to or stored by us. ### 2.2 Information from your use of the Service - **3D models you upload** — retained for the duration of your subscription tier's retention window (Free: 1 day; Maker: 30 days; Studio: 90 days). After that they are deleted automatically from our object storage. - **Output files we generate** — same retention as the source models that produced them. - **Job metadata** — printer make/model you selected, file size, processing time, success/failure status, error messages if any. Used for billing, support, and product analytics. - **API keys you create** — only the hashed prefix is queryable; the full key exists in our database only as a one-way SHA-256 hash. - **Webhook endpoints you configure** — destination URL, name, signing secret. Revocable from your settings at any time. - **Saved preferences** — printer presets, UI preferences, and similar configuration data you create within the Service. ### 2.3 Information collected automatically - **Usage data** — pages visited, features used, errors encountered. Used to improve the product. - **Network metadata** — IP address, user agent string, request timestamps. Logged for security, debugging, and audit-trail purposes (for example: recording when and how you accepted our Terms of Service, so we have a defensible record). - **Cookies** — first-party session cookies set by Clerk for authentication. We do not set advertising cookies, do not use third-party trackers for advertising purposes, and do not share data with ad networks. ### 2.4 Payment information We do **not** collect or store credit card details. When you pay, Stripe handles the entire payment flow on their pages or via their embedded elements. We receive only: - A Stripe customer identifier - The amount paid and the product purchased - Subscription status (active / canceled / past due) - Invoice and refund metadata for our internal records Your card data is between you and Stripe. ## 3. How we use your information - To provide the Service (process your jobs, deliver your output files, manage your subscription). - To authenticate you and protect your account. - To respond to support requests. - To send transactional emails (welcome, payment receipts, refund notifications). - To detect and prevent fraud, abuse, and security incidents. - To comply with legal obligations (tax records, valid legal requests, law enforcement subpoenas). - To improve the Service via aggregated, non-identifying analytics. We do **not** use Your Content (uploaded 3D models or generated outputs) to train AI models. We do not sell or rent your information to anyone. ## 4. Who we share your information with ### 4.1 Service providers We use the following providers to operate the Service. Each is contractually bound to use your data only for the purpose of providing service to us. - **Cloudflare** — hosting, storage, DNS, processing infrastructure. All your interactions with the Service are routed through and processed on Cloudflare's global network. - **Clerk** — authentication and user management. - **Stripe** — payment processing, subscription management, refund processing. - **Resend** *(planned)* — transactional email delivery. - **Sentry** *(planned)* — error tracking. PII is scrubbed from errors before transmission. - **PostHog** *(planned)* — product analytics. No personally identifying information is sent; user identifiers are anonymized. ### 4.2 Legal disclosures We may disclose your information when legally required (subpoena, court order, valid law-enforcement request) or when we believe disclosure is necessary to protect our rights, property, or the safety of users or the public. ### 4.3 Business transfers If we are acquired by, merge with, or sell substantially all of our assets to another company, your information may be transferred as part of that transaction. You will be notified by email and via a prominent in-app notice before any change in ownership of your data. ## 5. How long we keep your information | Data type | Retention | |---|---| | Account info (email, name, profile) | While your account is active; deleted on request | | Uploaded 3D models | Per subscription tier: Free 1 day / Maker 30 days / Studio 90 days | | Generated output files | Same as source models that produced them | | Job metadata | 24 months for billing reconciliation, then aggregated | | Audit logs (incl. ToS acceptances, login events) | 7 years for legal compliance | | Payment records | 7 years for tax compliance | | API key hashes | Until you revoke them | | Webhook configurations | Until you delete them | When you delete your account, we delete account info and Your Content immediately. Audit logs and payment records are retained per the above; PII fields in those records are anonymized at deletion time. ## 6. Cross-border data transfers The Service is operated from the United States. If you access it from outside the US, your data will be transferred to and processed in the US. By using the Service, you consent to this transfer. For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (SCCs) for transfers to our US-based service providers. SCCs are the legal mechanism approved by the European Commission for such transfers. ## 7. Your rights You can: - **Access** the personal data we hold about you, via your account settings or by emailing us. - **Correct** profile information directly via your account settings. - **Delete** your account at any time from settings; certain records are retained per the table in §5 with PII fields anonymized. - **Export** a machine-readable copy of your data; email team@printemhuge.com to request. - **Object** to non-essential processing (such as analytics) via your settings. - **Withdraw consent** for processing based on consent (such as marketing emails) by clicking the unsubscribe link in any email. ### EU/EEA, UK, Swiss users (GDPR) In addition to the rights above, you have the right to: - Restrict processing of your personal data; - Receive your data in a portable format and transmit it to another controller; - Lodge a complaint with your supervisory authority (in the EEA, the data protection authority of your member state). ### California users (CCPA / CPRA) In addition to the rights above, you have: - The right to know what categories of personal information we collect and the purposes for collection. - The right to opt out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information for cross-context behavioral advertising, so this is automatic. - The right to non-discrimination for exercising any of these rights. To exercise any of these rights, email **team@printemhuge.com**. We respond within 30 days for GDPR requests and 45 days for CCPA requests. ## 8. Security We use industry-standard practices: - All data in transit is encrypted with TLS 1.2 or higher. - Authentication tokens are scoped and expire automatically. - API keys are hashed with SHA-256 before storage. - Webhook signing secrets are stored encrypted at rest. - Access to production systems is restricted to authorized personnel and audit-logged. - We review dependency security and apply updates regularly. No system is perfectly secure. If you believe your account has been compromised, contact us immediately at team@printemhuge.com. ## 9. Cookies and tracking We use first-party session cookies set by Clerk for authentication. We do not use third-party advertising cookies, advertising fingerprinting, or cross-site tracking pixels. If we add product analytics (e.g., PostHog) post-launch, it will use first-party event tracking with anonymized user identifiers; you will be able to opt out from your account settings. ## 10. Children The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18. If you believe we have collected information from a person under 18, contact us at team@printemhuge.com and we will delete it promptly. ## 11. Changes to this Policy We may update this Privacy Policy from time to time. The "Effective Date" above will reflect the latest version. For material changes that meaningfully affect your rights, we will notify you via email to the address on file and via a prominent notice in the Service before the changes take effect. A historical record of policy versions is retained alongside our Terms of Service version registry. ## 12. Contact Questions about this Privacy Policy or about your data? - Email: **team@printemhuge.com** - Web: [https://printemhuge.com/contact](https://printemhuge.com/contact)