Legal

Privacy Policy

Last updated: March 6, 2026

What We Collect

We collect two types of information:

  • Information you provide — Name, email address, and password when you create an account; name, email, and message content when you use our contact form.
  • Embroidery files — Design files you upload for QA analysis (DST, PES, JEF, etc.).
  • Analytics data (with consent) — Page views, device type and browser, approximate geographic location (country/region), HTTP referrer, and usage events such as viewing the pricing page, starting checkout, and subscription status changes.
  • Payment data — Billing events (plan selected, subscription activated/cancelled) processed by Paddle. We never receive or store full card details.

Cookies & Identifiers

We use the following cookies and browser-side identifiers:

NamePurposeExpiry
laravel_sessionKeeps you logged inSession
XSRF-TOKENCSRF protectionSession
ss_analytics_consentStores your analytics preference (yes/no) 1 year
_ga, _ga_*Google Analytics — set only after you accept 2 years

Analytics cookies are never set until you explicitly click "Accept" in the consent banner.

Why We Collect It

  • Provide, maintain, and improve the embroidery QA service.
  • Process and analyze embroidery files and produce quality reports.
  • Understand which pages perform best and how users navigate the site (analytics).
  • Attribute sign-ups to marketing channels so we can invest in content that helps you (attribution).
  • Send service-related communications and support responses.
  • Detect and prevent fraud, abuse, and security incidents.

Third-Party Services

Google Analytics (Google LLC)

Used for page-view tracking, funnel analysis, and marketing attribution. Data is sent to Google's servers only when you grant consent. Google may process data in the United States under their standard contractual clauses. You can opt out at tools.google.com/dlpage/gaoptout.

Paddle (Paddle.com Market Ltd)

Handles payment processing and subscription management. Paddle acts as the Merchant of Record. We receive webhook events from Paddle (subscription activated, cancelled, etc.) and may forward minimal conversion signals to Google Analytics via the Measurement Protocol. We never store full card details.

AI providers

Embroidery metadata (stitch counts, thread colors, dimension data — not raw files) may be sent to AI providers to generate QA summaries.

We never sell your personal data or embroidery designs to third parties.

What We Do NOT Collect

StitchSentry is designed so that sensitive user data stays private by default.

  • Raw embroidery file contents are never forwarded to analytics systems.
  • Names, email addresses, and account identifiers are not intentionally sent to Google Analytics.
  • We do not use persistent fingerprinting or cross-site tracking.
  • We do not sell, rent, or share personal data with advertising networks.

Your Choices

You are in control of analytics tracking:

  • Consent banner — On your first visit you will see a banner asking whether to enable analytics. No tracking occurs until you click "Accept".
  • Change your preference — Use the "Cookie settings" link in the footer or the button below to update your choice at any time.
  • Browser opt-out — Install the Google Analytics Opt-out Browser Add-on.
  • Ad blockers — Privacy-focused extensions (uBlock Origin, etc.) will also block GA requests.

Your current analytics preference

You haven't made a choice yet.

Data Storage & Security

Your data is encrypted in transit (TLS 1.2+) and at rest. Embroidery files are stored in isolated, encrypted storage. We implement industry-standard security measures including regular audits, access controls, and monitoring.

All embroidery files are stored in isolated, encrypted storage with strict access controls.

Retention

  • Account data — Retained while your account is active; deleted at your request.
  • Embroidery files — Retained according to your plan's storage policy; can be deleted at any time from your dashboard.
  • Contact form messages — Retained for up to 12 months.
  • Analytics data — Google Analytics is configured with a 14-month data retention window. Raw event data expires automatically after that period.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Export your data in a portable format.
  • Object to processing of your data for specific purposes.
  • Withdraw analytics consent at any time (see "Your Choices" above).

To exercise these rights, contact us at [email protected].

Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this privacy policy or our data practices, please contact us at [email protected].

Related