PrintPal API Privacy Policy

This Privacy Policy describes how PrintPal ("Company," "we," "us," or "our") collects, uses, discloses, and stores your personal data when you access our API services ("API Services"). Please read this Privacy Policy carefully together with our API Terms of Use.

1. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on Personal Data, such as collection, storage, use, or disclosure.

API User: A developer or entity that accesses our Services via the API.

Input: Images and data you submit to the API for 3D model generation.

Output: 3D models and related content generated by our API.

2. INFORMATION WE COLLECT

2.1 Account Information

When you create an API account, we collect:

• Name and email address
• Company name (if applicable)
• Account credentials (username, hashed password)
• API key metadata (creation date, last used date, key name)

2.2 Payment Information

When you purchase API credits:

• Billing name and address
• Payment method details (processed by our payment processor Stripe)
• Transaction history and credit balance
• Purchase date and amount

We do not store full credit card numbers. Our payment processor Stripe handles payment data in compliance with PCI-DSS standards.

2.3 API Usage Data

When you use our API, we automatically collect:

• API request timestamps and endpoints accessed
• API key used for authentication
• Request parameters (resolution, format, etc.)
• Response status codes and error messages
• IP address and user agent
• Request duration and processing time
• Credits consumed per request

2.4 User-Generated Content (Input and Output)

We collect and process:

• Input: Images you submit for 3D model generation
• Output: 3D models we generate from your images
• Associated metadata (file names, formats, generation settings)
• Generation history and status

2.5 Technical Information

• Device type and operating system
• Browser type and version
• Network information (IP address, ISP)
• Log data (server logs, error logs)

3. HOW WE USE YOUR INFORMATION

3.1 To Provide API Services

• Authenticate your API requests
• Process images and generate 3D models
• Track credit usage and balance
• Store generation history
• Provide customer support
• Send service-related notifications

3.2 To Improve Our Services

• Analyze API usage patterns to optimize performance
• Train and improve our AI models (using de-identified data)
• Develop new features and capabilities
• Monitor system health and identify issues

Important: To provide API Services, your submitted content (images, prompts, etc.) may be processed by third-party AI service providers depending on the specific feature. See Section 4.2 for detailed information about third-party AI processing.

3.3 For Security and Compliance

• Detect and prevent fraud or abuse
• Enforce our Terms of Use
• Comply with legal obligations
• Protect our rights and property
• Respond to legal requests

3.4 For Business Operations

• Process payments and manage subscriptions
• Send billing statements and payment confirmations
• Maintain financial records
• Conduct internal analytics

4. HOW WE SHARE YOUR INFORMATION

We do not sell your personal data. We may share your information with:

4.1 Service Providers

• Hosting providers: AWS, DigitalOcean (data storage and processing)
• Payment processors: Stripe (payment processing)
• Analytics providers: For monitoring API performance
• Customer support tools: For handling support requests

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Third-Party AI and Processing Services

CRITICAL FOR API USERS: When you submit images or content through our API for 3D model generation, texture generation, or other AI-powered processing, your content may be sent to and processed by external third-party AI service providers. Depending on the specific API endpoint, quality level, and our current infrastructure, we may process your content using our own AI models or through external services. When external third-party services are used, these services:

• Receive your API Input: Images, prompts, and parameters you submit may be transmitted to third-party AI providers
• Process content: External AI services may perform the actual 3D generation, image enhancement, or other requested operations
• Temporary storage: Your content may be temporarily stored during processing (typically seconds to minutes)
• Independent policies: Each provider operates under their own privacy policy and data protection practices
• International processing: Providers may be located in different countries and jurisdictions
• Model improvement: Providers may use de-identified data to improve their AI models

Your Responsibilities:

• If you submit end-user data through our API, you must ensure your end-users are aware their content may be processed by third-party AI services
• You must obtain necessary consents from your end-users for this potential processing
• You should review your own privacy obligations under applicable laws (GDPR, CCPA, etc.)

Our Safeguards:

• When using external providers, we select them based on security standards and data handling practices
• We use commercially reasonable efforts to ensure providers maintain appropriate security measures
• We establish contractual data protection provisions where feasible
• However, we do not control third-party providers' data practices

By using our API Services, you acknowledge and agree that submitted content may be processed by external third-party AI service providers. Upon request, we can provide information about whether specific API features use third-party services and which service providers we currently use. Contact us at [email protected]

4.3 Legal Requirements

We may disclose your information if required by law, such as:

• In response to subpoenas or court orders
• To comply with legal processes
• To protect our rights or property
• To prevent fraud or security threats
• To protect public safety

4.4 Business Transfers

If PrintPal is involved in a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.5 With Your Consent

We may share your information for other purposes with your explicit consent.

5. DATA RETENTION

We retain your data for as long as necessary to provide services and comply with legal obligations:

• Account data: Retained while your account is active and for 2 years after closure
• API usage logs: Retained for 1 year for analytics and troubleshooting
• Payment records: Retained for 7 years to comply with tax and accounting laws
• Generated 3D models: Retained according to your subscription plan or until deletion request
• Input images: Processed and deleted within 30 days unless stored for your generation history

You may request deletion of your data at any time, subject to legal retention requirements.

6. DATA SECURITY

We implement industry-standard security measures to protect your data:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access controls: Multi-factor authentication and role-based access
• API key hashing: API keys are hashed using SHA-256
• Regular audits: Security assessments and penetration testing
• Monitoring: 24/7 system monitoring for threats
• Backups: Regular encrypted backups

However, no system is completely secure. You are responsible for protecting your API keys and account credentials.

7. YOUR RIGHTS AND CHOICES

7.1 Access and Portability

You have the right to:

• Access your personal data
• Request a copy of your data in a portable format
• View your API usage history and generation records

7.2 Correction and Updates

You can update your account information at any time through your account settings or by contacting us.

7.3 Deletion

You may request deletion of:

• Your account and associated data
• Specific generation records
• API keys

Note: Some data may be retained for legal compliance or legitimate business interests.

7.4 Opt-Out of Communications

You can opt-out of marketing emails by clicking the unsubscribe link. You will continue to receive essential service notifications.

7.5 API Key Management

You can create, view, and delete API keys at any time through your account dashboard.

8. INTERNATIONAL DATA TRANSFERS

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by relevant authorities
• Adequacy decisions for certain countries
• Compliance with applicable data protection laws

9. CHILDREN'S PRIVACY

Our API Services are not intended for individuals under 13 years of age (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If we discover we have collected data from a child, we will delete it promptly.

10. API USERS AND END-USER DATA

If you use our API to provide services to your end-users:

10.1 Your Responsibilities

You are responsible for:

• Obtaining necessary consents from your end-users
• Providing privacy notices to your end-users
• Complying with applicable data protection laws (GDPR, CCPA, etc.)
• Handling data subject rights requests from your end-users
• Ensuring end-user data submitted to our API is lawful

10.2 Our Role

PrintPal acts as a data processor for end-user data you submit via the API. We:

• Process end-user data only as instructed by you
• Do not use end-user data for our own purposes (except service improvement in de-identified form)
• Implement appropriate security measures
• Assist with data subject rights requests when required

11. COOKIES AND TRACKING

Our API does not use cookies. However, our web dashboard may use cookies for:

• Authentication and session management
• Analytics and performance monitoring
• User preferences

You can control cookies through your browser settings.

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

California residents have additional rights:

• Right to Know: Request disclosure of data collected about you
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: We do not sell personal data
• Right to Non-Discrimination: We will not discriminate for exercising your rights

To exercise these rights, contact us at [email protected]

13. GDPR RIGHTS (EU/EEA RESIDENTS)

If you are in the EU or EEA, you have additional rights under GDPR:

• Right of access and data portability
• Right to rectification
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending an email notification
• Displaying a notice in your account dashboard

Your continued use of the API after changes constitutes acceptance of the updated policy.

15. CONTACT US

For questions about this Privacy Policy or to exercise your rights:

• Email: [email protected]
• Data Protection Officer: [email protected]
• Website: https://printpal.io
• Mail: Atlas Rodin LLC, Privacy Department, 400 W Deming Place, Chicago, IL 60614, USA

We will respond to your request within 30 days.