Privacy Policy

Effective Date: February 11, 2026

PrintHQ ("we," "our," or "us") operates the PrintHQ platform accessible at printhq.io and app.printhq.io (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By accessing or using PrintHQ, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you register, we collect your email address, display name, and password (hashed and stored securely via our authentication provider).
• Profile Information: You may optionally upload an avatar image and set display preferences.
• User Content: Data you enter into the Service, including printer information, filament inventory, print logs, project details, maintenance records, file uploads, and AI chat conversations.
• Payment Information: If you subscribe to a paid plan, payment processing is handled by Stripe, Inc. We do not store your credit card number or full payment details on our servers. We receive only a transaction identifier, subscription status, and billing metadata from Stripe.
• Communications: If you contact us for support, we collect the content of your messages and any information you choose to provide.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, timestamps, and referring URLs.
• Device Information: Browser type, operating system, device type, and screen resolution.
• IP Address: Collected for security purposes, abuse prevention, and approximate geolocation (country/region level only).
• Cookies and Local Storage: We use essential cookies and browser local storage to maintain your session, store preferences (theme, language, units), and keep you logged in. We do not use third-party advertising or tracking cookies.

1.3 Information from Third Parties

• Authentication Providers: If you sign in using a third-party provider (e.g., Google OAuth), we receive your name, email address, and profile picture from that provider.
• Stripe: We receive subscription status, plan information, and billing cycle details from Stripe to manage your account tier.

2. How We Use Your Information

We use the information we collect to:

• Provide the Service: Operate, maintain, and deliver the features of PrintHQ, including inventory tracking, print logging, project management, file storage, and AI assistance.
• Process Payments: Manage subscriptions, process upgrades/downgrades, and handle billing through Stripe.
• Improve the Service: Analyze usage patterns to improve features, fix bugs, and optimize performance.
• Communicate with You: Send transactional emails (account verification, password resets, subscription changes), and respond to support requests.
• Ensure Security: Detect and prevent fraud, abuse, and unauthorized access. Enforce our Terms of Service.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. Data Storage and Security

3.1 Infrastructure

Your data is stored on secure cloud infrastructure provided by Supabase (powered by Amazon Web Services). All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

3.2 File Encryption

Files uploaded to PrintHQ (3D models, G-code, etc.) are encrypted client-side using AES-256-GCM before being transmitted to our servers. This means we cannot access the contents of your uploaded files. Encryption keys are derived from your account and stored securely.

3.3 Row-Level Security

Our database enforces row-level security (RLS) policies, ensuring that each user can only access their own data. Administrative access is strictly limited and audited.

3.4 Password Security

Passwords are hashed using bcrypt with appropriate salt rounds. We never store passwords in plaintext.

3.5 Security Measures

While we implement commercially reasonable security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using industry-standard practices.

4. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties. We may share your information only in the following circumstances:

• Service Providers: We share data with trusted third-party service providers who assist in operating the Service, including:
  • Supabase: Database hosting, authentication, and file storage
  • Stripe: Payment processing and subscription management
  • Anthropic: AI chat functionality (only the content of AI conversations you initiate; no other user data is shared)
  • Netlify: Website hosting and content delivery
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
• Protection of Rights: We may disclose information to protect our rights, property, or safety, or the rights, property, or safety of our users or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information is subject to a different privacy policy.

5. AI Chat Data

When you use the AI Print Assistant feature:

• Your conversation messages are sent to Anthropic's API for processing.
• If you attach context (printers, filaments), that equipment data is included in the AI request to provide relevant recommendations.
• AI conversations are stored in your account and can be deleted at any time.
• We do not use your AI conversations to train models or share them with other users.
• Anthropic's data handling is governed by their own privacy policy and data processing terms.

6. Your Rights and Choices

6.1 Access and Portability

You can export your data at any time using the CSV export feature available in the Service. This includes your filament inventory, print history, and project data.

6.2 Correction

You can update your profile information, display name, and avatar through the Settings page at any time.

6.3 Deletion

You may request deletion of your account and all associated data by contacting us through the Service. Upon request, we will delete your account and personal data within 30 days, except where we are required to retain information for legal or legitimate business purposes.

6.4 Data Minimization

We only collect information that is necessary to provide and improve the Service. You are not required to provide optional information (avatar, detailed printer specs, etc.) to use the core features.

6.5 Cookie Preferences

We only use essential cookies required for the Service to function. There are no advertising or optional tracking cookies to manage.

7. Data Retention

• Account Data: Retained for as long as your account is active. Deleted within 30 days of account deletion request.
• Usage Logs: Retained for up to 90 days for security and debugging purposes.
• Payment Records: Retained as required by tax and financial regulations (typically 7 years for transaction records).
• Backup Data: Database backups that may contain your data are automatically purged on a rolling schedule (maximum 30 days).

8. Children's Privacy

PrintHQ is not intended for use by individuals under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

9. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. GDPR Rights (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including:

• The right to access your personal data
• The right to rectification of inaccurate data
• The right to erasure ("right to be forgotten")
• The right to restrict processing
• The right to data portability
• The right to object to processing
• The right to withdraw consent at any time

To exercise any of these rights, contact us through the Service. We will respond to your request within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect about you
• Request deletion of your personal information
• Opt out of the sale of your personal information (we do not sell personal information)
• Non-discrimination for exercising your privacy rights

12. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read the privacy policies of any third-party services you interact with.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service with a new effective date. For significant changes, we may also send an email notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us through our Discord community or through the Service.