This is a demo site — we are improving it daily. Built for laser cutters, CNC machines, and engravers. Found a bug or have feedback? Email us at [email protected] and we will send you a credit reward. We know AI can produce unpredictable outputs and we are working to fix them.

Privacy Policy

Last updated: March 2026

1. What We Collect

  • Account data: Email address, display name (optional), hashed password (managed by Supabase Auth).
  • Usage data: Generation history, job status, credit transactions, machine type selections.
  • Payment data: Stripe handles all payment information. We store only your Stripe Customer ID — never raw card details.
  • Uploaded images: Images you upload for processing are stored temporarily in Cloudflare R2 and automatically deleted after 24 hours.
  • Generated files: DXF output files are stored for 24 hours then deleted.
  • Log data: Standard server logs (IP address, request path, timestamps) for security and debugging. Logs are retained for 30 days.

2. What We Do NOT Store

  • Uploaded images are not retained beyond 24 hours and are never used to train AI models.
  • We do not sell, rent, or share your personal data with third parties for marketing.
  • We do not track you across other websites.

3. How We Use Your Data

  • To operate the service (process jobs, track credits, manage your account).
  • To send transactional emails (email verification, purchase receipts, bug report updates).
  • To detect and prevent abuse (rate limiting, spam protection via Google reCAPTCHA).
  • To improve the service through aggregated, anonymized usage analytics.

4. Third-Party Processors

ServicePurposeData Shared
SupabaseDatabase, authenticationEmail, profile data
Cloudflare R2File storageUploaded images, DXF files (24h TTL)
StripePayment processingEmail, payment details
Google reCAPTCHA v3Bot protection on signupBrowser fingerprint, IP
ResendTransactional emailEmail address
Google Gemini APIAI image generationUploaded images (processed, not stored by Google per their API terms)
Railway / VercelHostingLog data

5. Cookies

We use session cookies for authentication (managed by Supabase Auth). We do not use third-party advertising cookies or tracking pixels.

6. Your Rights

  • Access: You can view your account data and transaction history in your Account page.
  • Deletion: To request account deletion and erasure of all associated data, email [email protected]. We will process requests within 30 days.
  • Portability: You can export your transaction history from the Account page.
  • Correction: Update your display name from the Account page at any time.

7. Data Security

All data is encrypted in transit (TLS 1.2+). Supabase encrypts data at rest. Access to production systems is restricted to authorized personnel only. We use Row Level Security so users can only access their own data.

8. Children's Privacy

This service is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has created an account, contact us immediately.

9. Changes to This Policy

We will notify you by email of material changes to this policy at least 14 days before they take effect.

Contact

Privacy questions: [email protected]