Privacy Policy

1. Introduction

Machines for Makers ("we", "our", or "us") operates Laser Studio and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and applicable US privacy laws.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, and profile information when you create an account through Clerk authentication.
• Payment Information: Billing details processed securely through Stripe. We do not store your full credit card numbers.
• Project Data: Designs, files, and content you create or upload to Laser Studio.
• Communications: Information you provide when contacting support.

2.2 Information Collected Automatically

• Usage Data: How you interact with our services, features used, and actions taken.
• Device Information: Browser type, operating system, and device identifiers.
• Log Data: IP address, access times, and pages viewed.
• Cookies: See our Cookie Policy for details.

3. How We Use Your Information

We use your information to:

• Provide, maintain, and improve our services
• Process payments and manage subscriptions
• Send service-related communications
• Respond to support requests
• Detect and prevent fraud and abuse
• Comply with legal obligations
• With your consent, send marketing communications

4. Legal Basis for Processing (GDPR)

For users in the EEA, we process personal data based on:

• Contract Performance: To provide our services as agreed in our Terms of Service.
• Legitimate Interests: For security, fraud prevention, and service improvement.
• Legal Compliance: To meet legal and regulatory requirements.
• Consent: For marketing communications (which you can withdraw at any time).

5. Data Sharing

We share data with:

• Service Providers: Clerk (authentication), Stripe (payments), Supabase (data storage), Vercel (hosting).
• Legal Requirements: When required by law or to protect rights.
• Business Transfers: In connection with mergers or acquisitions.

We do not sell your personal data to third parties.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to protect your data.

7. Data Retention

We retain your data for as long as your account is active or as needed to:

• Provide services to you
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

8. Your Rights

8.1 All Users

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Opt out of marketing communications

8.2 Additional Rights for EEA Users (GDPR)

• Data portability - receive your data in a portable format
• Restrict processing of your data
• Object to processing based on legitimate interests
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

8.3 California Residents (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights

To exercise any of these rights, please contact us at privacy@machinesformakers.com or use the account deletion feature in your dashboard settings.

9. Data Security

We implement appropriate security measures including:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication through Clerk
• Regular security assessments
• Access controls and monitoring

10. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by posting a notice on our website or sending you an email.

12. Contact Us

For privacy-related questions or to exercise your rights:

• Email: privacy@machinesformakers.com
• Company: Machines for Makers

For EEA users, you may also contact your local data protection authority.