Back to Summon3D

Platform Privacy Policy

Last updated: November 4, 2025

This Privacy Policy applies to shop owners (tenants) who use the Summon3D platform to run their 3D printing businesses.

If you are a customer ordering from a shop, please refer to that shop's individual privacy policy.

Summon3D ("we", "us", or "our") provides a SaaS platform that enables you to create and operate your own 3D printing service. This Privacy Policy explains how we collect, use, share, and protect your personal information when you use our platform. We are committed to protecting your privacy and being transparent about our data practices.

Information We Collect from Shop Owners

Account & Registration Information

When you create a Summon3D account, we collect:

  • Contact Details: Email address, first name, last name
  • Business Information: Company name (if applicable), whether you're an individual or company
  • Shop Details: Shop name, subdomain, custom domain (optional)
  • Location: Street address, city, state/province, country, postal code
  • Authentication Data: Password (encrypted), multi-factor authentication settings (if enabled)
  • Support Contact: Customer support email for your shop

Shop Content & Branding

  • Branding Assets: Shop icon/logo, portfolio images, about description, about image
  • Social Profiles: Makerworld, Printables, and Cults3D usernames (optional)
  • Shop Settings: Currency, tax rates, packaging fees, branding colors, shipping settings
  • Materials Catalog: Materials you offer (name, type, color, price per gram, density)

Financial & Payment Information

  • Stripe Connect Account: Stripe account ID, account status, onboarding completion status
  • Subscription Data: Plan tier (Apprentice/Mage/Archmage), subscription status, current period end date, trial information
  • Stripe Subscription ID: For billing your platform subscription
  • Stripe Tax Settings: Whether you've enabled Stripe Tax for automatic tax calculation
  • Payment Information: Processed and stored securely by Stripe (we do not store credit card details)

Third-Party Integration Keys

  • EasyPost API Key: Your personal EasyPost API key for shipping rate calculation (stored encrypted)
  • Note: Each shop owner maintains their own EasyPost account; we do not share API keys between shops

Platform Usage & Analytics

  • Usage Metrics: Number of slicing operations (slice count) per billing period
  • Feature Usage: Which features you use, when you access the dashboard
  • Onboarding Progress: Signup modal shown, dashboard tour completion, setup checklist completion, tier upgrade welcome shown
  • Product Updates: Last viewed changelog date
  • IP Address: Your IP address for security and fraud prevention
  • Device Information: Browser type, device type, operating system, user agent

Your Customers' Data (Data Processor Role)

We store data about your customers on your behalf. You are the data controller for your customers' data, and we are the data processor. This includes:

  • Customer Information: Names, email addresses, phone numbers, shipping addresses
  • Order Data: Order details, pricing, status, timestamps
  • 3D Model Files: STL, 3MF, and OBJ files uploaded by your customers
  • Quote Data: Temporary quote calculations (automatically deleted after 24 hours)
  • Analytics: Visitor analytics and conversion tracking for your shop
  • Terms Acceptance: IP addresses and timestamps when customers accept your terms

Important: You are responsible for your own privacy policy with your customers and for complying with applicable data protection laws when using our platform.

How We Use Your Information

  • Provide Platform Services: Operate and maintain your shop, process orders, handle payments, and provide core functionality
  • Account Management: Create and manage your account, authenticate you, and provide customer support
  • Billing & Subscriptions: Process subscription payments, manage your plan tier, and track usage limits
  • Payment Processing: Facilitate Stripe Connect onboarding and enable you to accept payments from your customers
  • Shipping Services: Use your EasyPost API key to calculate shipping rates and generate labels for your orders
  • Analytics & Insights: Provide analytics about your shop's performance, visitor behavior, and conversion metrics
  • Platform Improvements: Analyze usage patterns to improve our services, develop new features, and fix bugs
  • Communications: Send transactional emails (account notifications, billing updates, important service announcements)
  • Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity
  • Legal Compliance: Comply with legal obligations, enforce our Terms of Service, and protect our rights

Third-Party Services We Use

We use trusted third-party services to provide platform functionality. Your data may be shared with:

Supabase (Database & Authentication)

Provides secure PostgreSQL database hosting, user authentication (including MFA), and file storage for your shop's data. All data is encrypted at rest and in transit.

Supabase Privacy Policy →

Stripe (Payment Processing & Connect)

Processes platform subscription payments and facilitates Stripe Connect accounts for your shop. Stripe receives your business information, payment details, and customer payment data.

Stripe Privacy Policy →

EasyPost (Shipping API)

You provide your own EasyPost API key. We use it to calculate shipping rates and generate labels on your behalf. EasyPost receives shipping addresses from your customers' orders.

EasyPost Privacy Policy →

Brevo (Transactional Emails)

Sends order confirmation emails and status updates to your customers on your behalf. Receives customer email addresses, names, and order information.

Brevo Privacy Policy →

ip-api.com (Geolocation)

Determines approximate location from visitor IP addresses for analytics and tax calculation. Results are cached for 24 hours.

ip-api Terms →

Vercel (Hosting)

Hosts the Summon3D platform. Server logs may contain IP addresses, request URLs, and timestamps for security and performance monitoring.

Vercel Privacy Policy →

Data Retention

  • Account Data: Retained as long as your account is active
  • Shop Content: Retained until you delete it or close your account
  • Customer Data: Retained on your behalf until you delete it or close your account
  • Order Records: Retained indefinitely for accounting, tax compliance, and dispute resolution
  • Subscription & Billing Data: Retained for 7 years for tax and accounting purposes
  • Quote Cache: Automatically deleted after 24 hours
  • Analytics Data: Retained for 2 years
  • Security Logs: Retained for 90 days
  • Deleted Account Data: Permanently deleted within 30 days, except where retention is required by law

Data Security

We implement industry-standard security measures to protect your data:

  • All data transmission uses HTTPS encryption (TLS 1.3)
  • Passwords are hashed using industry-standard algorithms (never stored in plain text)
  • Multi-factor authentication (MFA) available for additional account security
  • API keys (like EasyPost) are stored encrypted in our database
  • Row-level security (RLS) policies enforce strict data isolation between shops
  • Regular security audits and updates
  • Database hosted on SOC 2 Type II certified infrastructure (Supabase)
  • Payment data handled by PCI-DSS Level 1 certified Stripe
  • Automated backups and disaster recovery procedures
  • Access controls limiting employee access to customer data

Your Privacy Rights

As a shop owner, you have the following rights:

  • Right to Access: Request a copy of all personal data we hold about you and your customers
  • Right to Correction: Update or correct your account information at any time through your dashboard
  • Right to Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
  • Right to Data Portability: Export your shop data, customer data, and orders in machine-readable format
  • Right to Restrict Processing: Request limitation on how we process your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Cancel your subscription and close your account at any time

To exercise these rights, contact us at support@summon3d.com or manage your data through your dashboard settings.

Your Responsibilities as a Data Controller

As a shop owner using our platform, you are responsible for:

  • Customer Privacy Policy: Maintaining your own privacy policy for your customers (we provide a template)
  • Data Protection Compliance: Complying with applicable data protection laws (GDPR, CCPA, etc.) in your jurisdiction
  • Customer Consent: Obtaining necessary consents from your customers
  • Data Accuracy: Ensuring customer data you collect is accurate and up-to-date
  • Customer Rights: Responding to your customers' data access, correction, and deletion requests
  • Security: Keeping your account credentials secure and using MFA when available
  • Terms Enforcement: Enforcing your own terms and conditions with customers

International Data Transfers

Summon3D operates globally. Your data may be transferred to and processed in countries outside your jurisdiction, including the United States. Our service providers (Supabase, Stripe, Vercel) have appropriate safeguards in place, including Standard Contractual Clauses (SCCs) and adherence to international data protection frameworks.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contractual Necessity: Processing is necessary to provide the platform services you've subscribed to
  • Legitimate Interest: Analytics, fraud prevention, platform security, and business operations are necessary for our legitimate business interests
  • Consent: You consent to our processing when you create an account and agree to our Terms of Service
  • Legal Obligation: We process data to comply with tax laws, financial regulations, and legal requirements

Data Breach Notification

In the unlikely event of a data breach that affects your account or your customers' data, we will notify you within 72 hours via email and provide details about the breach, affected data, and remediation steps. You will be responsible for notifying your customers as required by applicable laws.

Children's Privacy

Summon3D is a business platform intended for adults (18+ years old). We do not knowingly collect personal information from individuals under 18. If you believe we have collected information from someone under 18, please contact us immediately at support@summon3d.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform features. We will notify you of material changes via email and/or a dashboard notification at least 30 days before they take effect. The "Last Updated" date at the top indicates when the policy was last revised. Continued use after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or how we handle your data:

Data Protection Inquiries:

privacy@summon3d.com

Summon3D is a multi-tenant SaaS platform for 3D printing services.
© 2025 Summon3D. All rights reserved.