Privacy policy & data inventory
This policy explains what personal data this app holds, why we hold it, the legal basis for it, how long we keep it, and who it is shared with. We keep this to what the service needs.
Last updated: 19 June 2026
Who is responsible
The site operator, reachable via the contact path in the Terms of Service.
What personal data we hold
Each category below lists where it is stored, why we hold it, the legal basis, how long we keep it, and who it is shared with.
| Data category | Where it is stored | Purpose | Legal basis | Retention | Third parties |
|---|---|---|---|---|---|
| Public handle | SQLite database, AspNetUsers table (ASP.NET Core Identity) — your chosen username. | Your public identifier and your sign-in credential: you log in with your handle and password, and your handle is shown to attribute the designs, comments, ratings, and prints you create (it appears as the author/owner across the gallery and design pages). It is the only account-name shown publicly — your email is never shown. | Performance of a contract (Art. 6(1)(b)) — a handle is required to provide and identify you an account; its public display attributes the content you choose to share. | Kept for the life of the account; erased when you delete your account. Public/unlisted content and fork provenance you created may retain a name snapshot of the handle as it was at the time, so attribution on copies others made survives your deletion. | Shown publicly as your author/owner name on content at the visibility you choose. Stored by the hosting provider on our behalf. |
| Account email | SQLite database, AspNetUsers table (ASP.NET Core Identity). | A private contact address — NOT your login (you sign in with your handle) and NEVER shown publicly. We use it only to send essential account messages: password reset, account activation/verification, and to contact you about your account or our service. | Performance of a contract (Art. 6(1)(b)) — a contact address is required to operate your account securely (e.g. password reset and account verification). | Kept for the life of the account; erased when you delete your account or on request. | Never shown publicly and not shared, except with the hosting provider that stores the database on our behalf, and (only if you choose external sign-in) the OAuth provider that returns it — see below. |
| Account password (hash) | SQLite database, AspNetUsers table — stored only as a salted hash, never the plaintext. | Verify your sign-in for local email+password accounts. | Performance of a contract (Art. 6(1)(b)). | Kept for the life of the account; erased on account deletion. Not held at all for OAuth-only accounts. | Never shared. Stored as a one-way hash; we cannot recover your plaintext password. |
| OAuth profile link (optional) | SQLite database, AspNetUserLogins table — the provider name and the provider's stable user identifier; your email is stored as the account email above. | Let you sign in with Google or Facebook instead of a password, by linking that external identity to your account. | Consent (Art. 6(1)(a)) — used only if you choose an external sign-in; you can use a local password instead. | Kept while the external login is linked; removed when you unlink it or delete your account. | Google and/or Meta (Facebook) authenticate you and return your email and a stable id. See the third-party processors below. |
| Designs you create | SQLite database, Designs table — the design name, optional description, your inventory/box input, and the resolved layout, stored as JSON keyed to your account. | Save your designs so you can edit, publish, share, fork, and download them. | Performance of a contract (Art. 6(1)(b)). Where you choose to publish publicly, that sharing is your consent (Art. 6(1)(a)). | Kept until you delete the design or your account. Public/unlisted designs others have forked become independent copies that survive your deletion (fork provenance is a name snapshot). | Visible to others only at the visibility you choose (private, unlisted, or public). Stored by the hosting provider on our behalf. |
| Engagement (comments, likes, ratings, prints) | SQLite database — Comments, Likes, Ratings, and Prints tables — keyed to your account and the design's revision lineage. | Let you comment on, like, rate, and post 'I printed this' makes for designs, and show those aggregates to the community. | Performance of a contract (Art. 6(1)(b)) for the feature; the public display of what you post is your consent (Art. 6(1)(a)). | Kept until you delete the item or your account; erased with your account. | Comment/print text and aggregate counts are shown to anyone who can view the design. Stored by the hosting provider on our behalf. |
| Uploaded 'I printed this' photos | Image bytes on the configured uploaded-images directory (outside the web root, a mounted volume); metadata (owner, content type, size, path) in the UploadedImages table. | Show community photos of printed designs alongside the design. | Consent (Art. 6(1)(a)) — you choose to upload and share the photo. | Kept until you delete the print/photo or your account; erased with your account. | EXIF metadata (including any embedded location) is STRIPPED on upload before storage. The photo is shown to anyone who can view the design. Stored by the hosting provider on our behalf. |
| Cached renders & thumbnails | Mesh/PNG bytes in the render cache directory; an index in the Renders table. Derived from your designs and keyed to the design they came from. | Avoid re-rendering identical geometry — serve previews, thumbnails, and downloadable 3MF/STL files quickly. | Legitimate interests (Art. 6(1)(f)) — efficient operation of the service; the underlying design is held under the contract basis above. | Cache entries are derived artefacts; your account's renders are purged on account deletion, and the cache may be evicted at any time without data loss. | Served only at the owning design's visibility. Stored by the hosting provider on our behalf. |
| Server & access logs (incl. IP address) | Transient operational logs at the application and the reverse-proxy/host layer; not stored in the application database. | Operate the service securely — diagnose errors, detect and rate-limit abuse, and keep the service available. | Legitimate interests (Art. 6(1)(f)) — security, abuse prevention, and reliability. | Kept only as long as needed for operations and security (short-lived, rotated), not tied to your account lifetime. | Held by us and the hosting provider operating the infrastructure; not sold or shared for marketing. |
Third parties
We share personal data only with the parties below, and only as described.
- Google — OAuth sign-in provider (optional). If you choose to sign in with Google, Google authenticates you and returns a stable account identifier and your email to create or match your account. Used only when you opt to use it; local email+password sign-in does not involve Google. https://policies.google.com/privacy
- Meta (Facebook) — OAuth sign-in provider (optional). If you choose to sign in with Facebook, Meta authenticates you and returns a stable account identifier and your email to create or match your account. Used only when you opt to use it. https://www.facebook.com/privacy/policy
- Hetzner Online GmbH — Infrastructure / host. The server, database, and uploaded files are hosted on infrastructure operated by Hetzner Online GmbH (our hosting provider), acting as a data processor under contract. They do not use your data for their own purposes. See the hosting provider's privacy policy: https://www.hetzner.com/legal/privacy-policy
Your rights
Under the GDPR you have the following rights over your personal data:
- Access — get a copy of the personal data we hold about you.
- Rectification — correct inaccurate data, by editing your profile.
- Erasure — delete your account and the data tied to it.
- Portability — export your account, designs, engagement, and uploads as a downloadable archive.
- Object or restrict — object to or restrict processing based on legitimate interests.
- Complain — lodge a complaint with your data protection authority.
Self-service data export and account deletion are available from your account settings; for anything else, use the contact path in the Terms of Service.