This Privacy Policy describes how JewelForge(“we”, “us”, “our”) collects, uses, and safeguards information when you use our 3D jewelry generation platform at jewelforge.ai(the “Service”). It applies to all visitors, free users, and paying customers.
We aim to be direct: we only collect what we need to run the Service, we don’t sell your data, and we honor any valid request to access, correct, export, or delete your information.
1. What we collect
Information you provide
- Account details: name, email address, hashed password (bcrypt, never stored in clear text), avatar URL.
- Generation inputs: text prompts, reference images you upload, and parameters (jewelry category, metal type, model options) used to produce 3D models.
- Project metadata: project names, collection names, favorites, and notes you save in the Service.
- Billing information: subscription tier, payment method token, invoice history. Actual card numbers are held by Stripe and never touch our servers.
Information collected automatically
- Usage data: pages visited, features used, counts of generations, exports, and errors — to operate the Service and diagnose problems.
- Device and log data: IP address, browser type, OS, referring URL, timestamps, and crash reports.
- Security events: login attempts, password changes, token redemptions, and rate-limit trips — retained for fraud and abuse prevention.
2. How we use your information
- To provide the Service: authenticate you, generate 3D models from your prompts, store your projects, and deliver exports.
- To process payments and manage subscriptions (through Stripe).
- To send transactional emails (verification, password reset, security alerts, generation-ready notifications). These are not marketing — you cannot opt out of transactional email without deleting your account.
- To improve the Service: diagnose bugs, monitor performance, and understand aggregate usage patterns.
- To enforce our Terms and comply with legal obligations.
3. Third-party service providers
We use a small, carefully chosen set of vendors to operate the Service. Each processes data only on our instructions.
| Provider | Purpose | Data shared |
|---|---|---|
| Vercel | Hosting, CDN, serverless compute | All web requests (IP, URLs, timings) |
| Supabase | Managed PostgreSQL database | All account & project data (encrypted at rest) |
| Tripo3D | AI model generation backend | Prompts and reference images submitted for generation |
| Stripe | Payment processing | Name, email, billing address, payment method |
| Resend | Transactional email delivery | Email address, email content |
| Google (OAuth) | Optional sign-in with Google | Name, email, avatar (only if you use Google sign-in) |
4. Your generated content
You own the 3D models and exports you create. We store them so you can view, download, and revise them. We do not use your generated models or prompts to train AI systems. We do not share them with other users or make them public unless you explicitly enable a share link.
Prompts and reference images are forwarded to our generation provider (Tripo3D) strictly for the purpose of producing your model. Review Tripo3D’s privacy policy at tripo3d.ai/privacy.
5. Cookies & similar technologies
We use a small number of cookies that are strictly necessary to operate the Service (authentication session, CSRF token, theme preference). We do not currently use third-party advertising or cross-site tracking cookies. For a full list and the ability to manage non-essential cookies, see our Cookie Policy.
6. Data retention
- Account data is retained for as long as your account is active.
- Generated models and projects are retained until you delete them or your account is closed.
- Security / audit logs are retained for up to 12 months for fraud prevention and legal compliance.
- Deleted accounts: most data is removed within 30 days. Minimal records required for legal obligations (e.g., tax receipts, abuse investigation) may be retained longer.
7. Your rights
Regardless of where you live, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Export your data in a machine-readable format.
- Delete your account and associated data.
- Withdraw consent for optional processing at any time.
Users in the EEA, UK, and Switzerland have additional rights under the GDPR. California residents have specific rights under the CCPA and CPRA, including the right to know, the right to delete, and the right to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined in California law.
To exercise any right, email privacy@jewelforge.ai. We will respond within 30 days.
8. Security
We use industry-standard safeguards: HTTPS everywhere, strict Content Security Policy headers, password hashing with bcrypt (cost 12), hashed password-reset tokens, account lockout after repeated failed logins, rate limits on public endpoints, and encrypted backups. No system is perfectly secure; if we learn of a breach affecting your data, we will notify you without undue delay as required by law.
9. International data transfers
Our servers and vendors are located in the United States, European Union, and Asia-Pacific. By using the Service you consent to the transfer of your data to these regions. Where required we rely on Standard Contractual Clauses and equivalent safeguards.
10. Children
The Service is not intended for children under 13, and we do not knowingly collect data from anyone under 13. If you believe a child has provided us data, contact us and we will remove it.
11. Changes to this policy
We may update this policy from time to time. Material changes will be announced in-app or by email at least 14 days before they take effect. The “Last updated” date at the top reflects the most recent revision.
12. Contact
Questions, complaints, or data requests: privacy@jewelforge.ai.