Privacy policy
Draft v0.1 — pending legal review before launch.
What we collect
- Account info: your email, display name, and a password hash. We never store plain-text passwords.
- Design content: the patterns, projects, fabrics, and files you upload. These remain yours.
- Billing info: handled entirely by Stripe. We never see your card number — we store only Stripe's customer/subscription identifiers.
- Operational data: IP address (for security and rate limiting), user-agent (for compatibility), and the timestamps of meaningful actions for auditing.
What we don't do
- We do not sell your data.
- We do not show ads.
- We do not use third-party analytics that track you across sites.
- We do not use your designs to train AI models.
How long we keep things
Your content stays as long as your account is active. If you delete your account, we delete your designs and files within 30 days. Billing records (invoices, payment events) are retained for as long as required by law (typically 7 years). Anonymized audit logs are kept for 18 months for security forensics.
Your rights
You can request:
- Access & export: a JSON export of your profile + file index, on demand from your Account page.
- Deletion: via your Account page or by emailing us.
- Correction: update your details on the Account page.
Cookies
We use a single first-party session cookie, required for you to stay logged in. (Our CSRF protection uses a token stored server-side in your session, not a separate cookie.) We don't use tracking cookies and don't require a banner.
Security
Passwords are stored using Argon2id with a separate server-side pepper. Sessions are HTTPS-only with strict same-site cookies and 24-hour idle / 7-day absolute expiry. Payment data is handled exclusively by Stripe (PCI DSS compliant).
International transfers
QuiltCraft is hosted in the United States. If you're in the EU, we transfer your data under Standard Contractual Clauses where applicable. Stripe handles cross-border transfers for payment data under its own compliance program.
Children
QuiltCraft isn't directed at children under 13. We don't knowingly collect data from anyone under 13 (or 16 in the EU). If you believe a child has created an account, please contact us.
Changes
We'll email you and post in-app at least 30 days before any material change to this policy.
Contact
This page is a working draft. Final language pending legal review.