At Stencil Lab, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, share, and protect your data when you use our web application.
1. Information We Collect
1.1 Account Information
- Email Address: Used for account creation, login, and communication
- Password: Encrypted and securely stored (we never store plain-text passwords)
- Account Preferences: Settings, display preferences, notification preferences
1.2 User-Generated Content
- Uploaded Images: Photos you upload for stencil conversion
- Generated Stencil Files: Output files (SVG, DXF, PDF, PNG) created by our service
- Project Metadata: Project names, layer counts, color settings
1.3 Usage Data
- Device Information: Browser type, operating system, screen resolution
- Usage Analytics: Pages visited, features used, session duration
- IP Address: For security, fraud prevention, and geographic analytics
- Cookies: Essential cookies for authentication and preferences (see Section 9)
1.4 Payment Information
- Billing Details: Processed by Stripe (we do not store full credit card numbers)
- Transaction History: Invoice records, subscription status, refund requests
2. How We Use Your Information
We use your data for the following purposes:
2.1 Service Delivery
- Process uploaded images and generate stencil files
- Store and retrieve your projects
- Authenticate your account and maintain session security
- Process payments and manage subscriptions
2.2 Service Improvement
- Analyze usage patterns to improve features
- Identify and fix technical issues
- Develop new features based on user needs
2.3 Communication
- Send service-related notifications (account changes, subscription updates)
- Provide customer support
- Send optional marketing emails (you can opt-out anytime)
2.4 Legal Compliance
- Comply with legal obligations (tax reporting, DMCA requests)
- Prevent fraud and abuse
- Enforce our Terms of Service
3. Data Sharing and Third Parties
We share your data only with trusted service providers under strict agreements:
| Service Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication, Database, Storage | Email, uploaded images, stencil files |
| Vercel | Web Hosting | IP address, usage logs |
| Stripe | Payment Processing | Email, billing information |
We do not sell your personal information to third parties.
4. Data Security
We implement industry-standard security measures:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Authentication: Secure password hashing (bcrypt), optional two-factor authentication
- Access Controls: Role-based permissions, audit logs
- Breach Notification: Within 72 hours of discovery (GDPR requirement)
5. Data Retention
| Data Type | Retention Period |
|---|---|
| Account Information | Until account deletion + 30 days |
| Uploaded Images & Stencils | Until deletion by user or account closure |
| Payment Records | 7 years (tax compliance) |
| Usage Logs | 90 days |
6. Your Rights
Depending on your location, you have the following rights:
6.1 GDPR Rights (EU/UK Users)
- Right to Access: Request a copy of your personal data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Portability: Receive your data in a structured, machine-readable format
- Right to Rectification: Correct inaccurate data
- Right to Object: Object to processing for direct marketing
- Right to Restriction: Limit how we use your data
6.2 CCPA Rights (California Users)
- Right to Know: What personal information we collect and how it's used
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
6.3 Exercising Your Rights
To exercise any of these rights, email us at support@stencillab.ai with:
- Your registered email address
- Description of your request
- Proof of identity (for security purposes)
We will respond within:
- GDPR: 30 days
- CCPA: 45 days
7. Children's Privacy
Stencil Lab is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately at support@stencillab.ai.
8. International Data Transfers
Your data may be transferred to and stored in countries outside your jurisdiction. We ensure adequate protection through:
- Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
- Data Processing Agreements (DPAs): With all service providers
- EU Data Residency: Option available for enterprise customers
9. Cookies and Tracking
We use the following types of cookies:
| Cookie Type | Purpose | Can You Opt-Out? |
|---|---|---|
| Essential | Authentication, security, session management | No (required for service) |
| Analytics | Usage statistics, feature popularity | Yes (browser settings) |
| Preferences | Save your settings (theme, language) | Yes (clears on logout) |
You can manage cookies in your browser settings. Note that disabling essential cookies will prevent you from using Stencil Lab.
10. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via:
- Email notification (30 days before effective date)
- Prominent notice on our website
- Updated "Last Updated" date at the top of this page
11. Contact Us
For questions about this Privacy Policy or data protection concerns:
- Email: support@stencillab.ai
- Data Protection Officer: support@stencillab.ai
- Response Time: Within 2-3 business days
Company Information
Tomwellywells Limited, a company registered in United Kingdom under company number 15706110 whose registered office is at Building 3 North London Business Park, Oakleigh Road South, London, England, N11 1GN
12. Supervisory Authority
If you are located in the EU/UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
By using Stencil Lab, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and sharing of your information as described herein.