Privacy Policy

1. Introduction

Get3DPrints.com ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.get3dprints.com and use our 3D printing services (collectively, the "Services").

By accessing or using our Services, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

We reserve the right to modify this Privacy Policy at any time. We will notify you of any material changes by posting the new Privacy Policy on this page with a new "Last Updated" date and, where appropriate, by sending you an email notification. Your continued use of the Services after such modifications constitutes your acknowledgment and acceptance of the modified Privacy Policy.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us when you:

• Request a Quote: Name, email address, phone number (optional), shipping address, ZIP code
• Place an Order: Billing information (processed securely through Stripe/PayPal - we do not store complete credit card information)
• Contact Us: Name, email address, message content, and any other information you choose to provide
• Create an Account: Username, password, email address (if account functionality is implemented)

2.2 Design Files and Uploaded Content

When you upload 3D model files (STL, OBJ, 3MF, STEP formats) for printing, we collect and store:

• The design file itself
• File metadata (file name, size, type, upload timestamp)
• Associated order information (material, finish, quantity, specifications)
• Any notes or instructions you provide

File Storage and Security: Design files are transmitted via secure HTTPS connections and stored in encrypted AWS S3 cloud storage. Files are retained for 90 days after shipping confirmation to facilitate potential reprints or issue resolution. Files from cancelled or incomplete orders are deleted within 30 days. We may delete files earlier at our discretion.

Important: While we implement security measures to protect your files, we cannot guarantee absolute confidentiality. Do not upload trade secrets, highly confidential designs, or proprietary information requiring NDA-level protection. See our Terms of Service for more details.

2.3 Automatically Collected Information

When you access our Services, we automatically collect certain technical information:

• Device Information: Device type, operating system, browser type and version
• Usage Data: IP address, pages visited, time spent on pages, links clicked, referring website
• Location Data: Approximate geographic location based on IP address
• Cookies and Tracking: See Section 5 (Cookies and Tracking Technologies)

2.4 Information from Third Parties

We may receive information about you from:

• Payment Processors: Stripe and PayPal provide transaction confirmation and basic payment information (we do NOT receive or store your full credit card numbers)
• Shipping Carriers: USPS and UPS provide delivery confirmation and tracking information
• Analytics Services: Google Analytics provides aggregated usage statistics

2.5 Biometric Data

We do NOT collect, use, or store biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA), Texas Capture or Use of Biometric Identifier Act (CUBI), or other biometric privacy laws.

While design files you upload may contain 3D representations of objects (including potentially scanned representations of physical items), these files are used solely for manufacturing purposes and are NOT used for biometric identification, authentication, or any purpose that would trigger biometric privacy law requirements.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Process and fulfill your 3D printing orders
• Manufacture your custom parts from uploaded design files
• Calculate pricing and generate quotes
• Ship products to your specified address
• Provide customer support and respond to inquiries
• Send transactional emails (order confirmations, shipping notifications, quote responses)

3.2 Business Operations

• Process payments and prevent fraudulent transactions
• Maintain records for accounting and tax purposes
• Enforce our Terms of Service and legal agreements
• Respond to legal requests and prevent harm or illegal activity
• Resolve disputes and troubleshoot problems

3.3 Improvement and Analytics

• Analyze website usage and improve user experience
• Develop new features and services
• Understand customer preferences and behavior patterns
• Optimize our manufacturing processes
• Test and troubleshoot technical issues

3.4 Marketing (With Your Consent)

• Send promotional emails about new services, special offers, or updates (you can opt out anytime)
• Display targeted advertisements (where permitted by law)
• Conduct surveys or request feedback

Note: You can opt out of promotional communications by clicking the "unsubscribe" link in any marketing email or by contacting us at support@get3dprints.com. You cannot opt out of transactional emails related to your orders.

3.4.1 How We Obtain Marketing Consent

We obtain your consent for marketing communications through the following methods:

• Opt-In Checkboxes: During account creation or checkout, we provide unchecked opt-in boxes for promotional emails (we never use pre-checked boxes)
• Separate Consent: We obtain separate consent for each type of marketing communication (e.g., product updates vs. special offers)
• Clear Language: All consent requests clearly explain what you're agreeing to and how to withdraw consent
• Easy Withdrawal: Every marketing email includes a clear "unsubscribe" link; withdrawal does not affect service delivery

Ways to Withdraw Marketing Consent:

• Click "unsubscribe" in any promotional email
• Email support@get3dprints.com with subject "Unsubscribe from Marketing"
• Adjust preferences in your account settings (if applicable)
• Call or write to request removal from marketing lists

Withdrawal is effective within 10 business days. You will continue to receive transactional emails (order confirmations, shipping updates) as these are necessary for service delivery and are not considered "marketing" under CAN-SPAM or GDPR.

4. How We Share Your Information

We do NOT sell your personal information to third parties. We may share your information in the following limited circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

• Payment Processors: Stripe and PayPal (for secure payment processing)
• Cloud Storage: Amazon Web Services (AWS S3) for secure file storage
• Shipping Carriers: USPS and UPS (for order fulfillment and delivery)
• Analytics: Google Analytics (for website usage analysis - see Section 5.2)
• Email Service: Email service providers for transactional and marketing communications

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

• Comply with legal obligations, court orders, or subpoenas
• Enforce our Terms of Service or other agreements
• Protect our rights, property, or safety, or that of our users or the public
• Respond to claims of copyright infringement (DMCA requests)
• Investigate fraud, security issues, or technical problems
• Prevent harm or illegal activity

4.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, bankruptcy, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or prominent website notice before your information becomes subject to a different privacy policy.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction.

5. Cookies and Tracking Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your browsing experience.

5.2 Cookies We Use

Essential Cookies: Required for basic website functionality (e.g., maintaining your session, remembering items in your quote).

Analytics Cookies (Google Analytics): Help us understand how visitors use our website, which pages are most popular, and how to improve user experience. Google Analytics collects:

• Pages viewed and time spent on each page
• Traffic sources and referring websites
• Device type, browser, and screen resolution
• General location (city/region level, not precise location)
• Anonymized IP addresses

Google Analytics data is subject to Google's Privacy Policy.

IMPORTANT FOR CALIFORNIA RESIDENTS: Under California law (CCPA/CPRA), sharing data with Google Analytics may be considered a "sale" or "sharing" of personal information, even though we receive no monetary compensation. This is because Google may use the data for its own purposes beyond providing analytics services to us.

How to Opt Out of This Potential "Sale":

• Option 1: Install the Google Analytics Opt-out Browser Add-on
• Option 2: Email ccpa@get3dprints.com with subject line "Do Not Sell or Share My Personal Information"
• Option 3: Adjust your browser settings to block third-party cookies

We respect your right to opt out and will not discriminate against you for exercising this right.

5.3 Managing Cookies

You can control cookies through your browser settings:

• Block All Cookies: Most browsers allow you to refuse all cookies, but this may limit website functionality
• Delete Cookies: You can delete cookies already stored on your device
• Opt Out of Google Analytics: Install the Google Analytics Opt-out Browser Add-on

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

6. Data Security

We implement industry-standard security measures to protect your personal information:

• Encryption: All data transmitted between your browser and our servers uses SSL/TLS encryption (HTTPS)
• Secure Storage: Design files are stored in encrypted AWS S3 buckets with access controls
• Payment Security: We do NOT store credit card information; all payments are processed through PCI-compliant providers (Stripe/PayPal)
• Access Controls: Only authorized personnel have access to personal information, and access is logged and monitored
• Regular Security Audits: We review and update our security practices regularly

Important Limitation: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. Internet transmissions are never completely private or secure, and any message or information you send may potentially be read or intercepted by others.

If you believe your information has been compromised, please contact us immediately at security@get3dprints.com.

6.4 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify Affected Users: Within 72 hours of becoming aware of the breach (as required by GDPR and many state laws)
• Notify Supervisory Authorities: Report to relevant data protection authorities and state attorneys general as required by law
• Provide Details: Describe the nature of the breach, categories of data affected, approximate number of affected individuals, and steps we've taken to address the breach
• Recommend Actions: Advise you of measures you can take to protect yourself (e.g., password changes, fraud monitoring)

Notification will be provided via email (to the address on file) and/or prominent website notice. We will not delay notification unreasonably, even if the investigation is ongoing.

Report Security Concerns: If you suspect unauthorized access to your account or data, immediately contact security@get3dprints.com.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law:

• Design Files: Retained for 90 days after shipping confirmation to facilitate reprints or issue resolution; cancelled orders deleted within 30 days
• Order Information: Retained for 7 years to comply with federal tax recordkeeping requirements under 26 U.S.C. § 6501 (IRS statute of limitations for audits), state sales tax laws, and accounting standards
• Customer Account Data: Retained until you request deletion or close your account, subject to legal retention obligations
• Marketing Communications: Retained until you unsubscribe or request deletion
• Website Logs: Typically retained for 90 days unless needed for security investigations, fraud prevention, or legal proceedings

Legal Basis for Retention Periods: Our retention periods are based on:

• Federal tax law (26 U.S.C. § 6501 - 3 to 7 years depending on circumstances)
• State sales tax recordkeeping requirements (varies by state, typically 3-7 years)
• Accounting and financial reporting standards (Generally Accepted Accounting Principles)
• Contractual dispute statute of limitations (varies by state, typically 3-6 years)
• Product liability and warranty claims (statute of limitations typically 2-10 years)

After the retention period, we securely delete or anonymize your information. Some information may be retained in backup systems for a limited additional period (typically 30-90 days) for disaster recovery purposes, after which backups are also purged.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights (All Users)

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications
• Data Portability: Request your data in a structured, machine-readable format

8.2 California Residents (CCPA/CPRA Rights)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information (with certain exceptions)
• Right to Correct: Request correction of inaccurate personal information (CPRA)
• Right to Opt-Out: Opt out of the "sale" or "sharing" of personal information (see Section 5.2 regarding Google Analytics)
• Right to Limit Use of Sensitive Personal Information: Request that we limit use of sensitive personal information (see Section 8.2.1 below)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Shine the Light: Request information about personal information disclosed to third parties for direct marketing (California Civil Code § 1798.83)

CCPA/CPRA Disclosure: In the past 12 months, we have collected the categories of personal information described in Section 2 and used/disclosed them for the purposes described in Sections 3 and 4. We do NOT sell personal information for monetary consideration, but sharing data with Google Analytics may constitute a "sale" or "sharing" under California law's broad definition.

8.2.1 Sensitive Personal Information (California CPRA)

Under the California Privacy Rights Act (CPRA), certain categories of personal information are classified as "Sensitive Personal Information" (SPI), which receives additional protections.

Categories of Sensitive Personal Information We Collect:

• Account Login Credentials: Username and password (if you create an account) - encrypted and hashed
• Precise Geolocation: We do NOT collect precise geolocation (GPS coordinates)
• Financial Account Information: We do NOT collect or store credit card numbers, bank account numbers, or financial login credentials (these are handled by Stripe/PayPal)
• Government Identifiers: We do NOT collect Social Security numbers, driver's license numbers, passport numbers, or state ID numbers
• Biometric Information: We do NOT collect biometric identifiers (see Section 2.5)
• Health Information: We do NOT collect health or medical information
• Sex Life or Sexual Orientation: We do NOT collect this information
• Racial or Ethnic Origin: We do NOT collect this information
• Religious or Philosophical Beliefs: We do NOT collect this information
• Union Membership: We do NOT collect this information

Use of Sensitive Personal Information: We use the limited SPI we collect (account credentials only) solely for the purposes of:

• Performing the Services you requested (authentication and account access)
• Ensuring security and integrity of our systems
• Detecting and preventing fraud or security incidents
• Complying with legal obligations

Your Right to Limit Use of SPI: California residents have the right to direct us to limit the use of SPI to only what is necessary to provide the Services. Since we already limit our use of SPI to necessary purposes and do not use SPI for secondary purposes (e.g., marketing, profiling), there is no additional restriction available. However, if you wish to formally exercise this right, email ccpa@get3dprints.com with subject "Limit Use of Sensitive Personal Information."

8.3 European Residents (GDPR Rights)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Obtain confirmation of processing and access to your data
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Request deletion ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing for direct marketing or legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

Legal Basis for Processing (GDPR):

• Contract Performance: Processing necessary to fulfill our Services (orders, quotes, shipping)
• Consent: Marketing communications, cookies, optional data collection
• Legitimate Interests: Fraud prevention, security, improving Services
• Legal Obligation: Tax compliance, responding to legal requests

8.3.1 Automated Decision-Making and Profiling (GDPR Article 22)

The GDPR provides special protections regarding automated decision-making that produces legal or similarly significant effects.

Our Use of Automated Decision-Making:

• Automated Pricing: We use automated algorithms to calculate instant quotes based on file volume, material selection, and finish options. This is necessary to perform our contract with you and provide instant pricing. No human review occurs unless you request clarification.
• Fraud Detection: We use automated fraud detection systems to protect against fraudulent transactions. This is based on our legitimate interest in security and fraud prevention.
• No Profiling for Marketing: We do NOT use automated profiling to make decisions about your eligibility for services, pricing discrimination, or personalized marketing offers.

Your Rights: If you believe an automated decision has adversely affected you, you have the right to:

• Obtain human intervention and review of the decision
• Express your point of view and contest the decision
• Receive an explanation of the decision and the logic involved

To request human review of an automated decision, contact gdpr@get3dprints.com with subject "Automated Decision Review" and describe the decision you wish to contest.

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

We will respond within 30 days (45 days for complex requests). We may need to verify your identity before processing your request. You may designate an authorized agent to make requests on your behalf.

8.4.1 Authorized Agent Requests

California residents may authorize another person or entity (an "authorized agent") to submit privacy rights requests on their behalf. To protect your privacy, we require verification before processing authorized agent requests.

Requirements for Authorized Agent Requests:

• Written Authorization: The agent must provide a signed written authorization from you (the consumer) explicitly permitting the agent to submit the request on your behalf
• Proof of Agent Identity: The agent must provide proof of their own identity (e.g., driver's license, business registration)
• Proof of Consumer Identity: We will directly verify your identity by contacting you at the email address or phone number we have on file
• Power of Attorney: If the agent has a valid power of attorney under California Probate Code sections 4000-4465, we may waive some verification requirements

To Submit an Authorized Agent Request:

• Email: ccpa@get3dprints.com or privacy@get3dprints.com
• Subject Line: "Authorized Agent Request - [Consumer Name]"
• Include: Consumer's full name and email address, agent's name and contact information, signed authorization letter, proof of agent's identity

We will contact you directly to confirm authorization before processing the request. This is required by California law to prevent fraudulent requests and protect your privacy.

9. Children's Privacy

COPPA Compliance (Children Under 13): Our Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13 without verifiable parental consent, as required by the Children's Online Privacy Protection Act (COPPA).

Terms of Service Age Restriction (Under 18): Our Terms of Service Section 1.1 prohibit anyone under 18 years of age from using our Services without parental supervision. This age restriction is based on our business requirements and the nature of manufacturing services involving payment processing and legal contracts.

What We Do If We Learn of Underage Use:

• If we discover that a child under 13 has provided personal information, we will immediately delete that information without exception
• If we discover that a minor aged 13-17 is using our Services without parental consent, we will terminate their account and delete their information unless a parent or guardian confirms authorization
• We will notify parents/guardians if we discover unauthorized use by their minor child

Parental Rights and Responsibilities: Parents or guardians may use our Services on behalf of minors under 18 and are fully responsible for:

• All orders, payments, and legal obligations arising from the minor's use
• Supervising the minor's use of printed items and ensuring safety
• Providing consent for collection and use of the minor's personal information
• Reviewing and accepting our Terms of Service and Privacy Policy on the minor's behalf

Report Underage Use: If you are a parent or guardian and believe your child under 18 has provided personal information to us without your authorization, please contact us immediately at privacy@get3dprints.com with subject "Underage User Report." We will promptly delete the information and terminate any associated account.

10. International Data Transfers

Get3DPrints.com is based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States.

For EEA/UK/Swiss Users - Important Privacy Information:

The United States does not have an "adequacy decision" from the European Commission, meaning it is not deemed to provide an equivalent level of data protection as the European Economic Area, United Kingdom, or Switzerland. The EU-U.S. Privacy Shield framework was invalidated by the Court of Justice of the European Union in the "Schrems II" decision (July 2020) and is no longer a valid transfer mechanism.

Safeguards We Implement for International Transfers:

• Standard Contractual Clauses (SCCs): We use the European Commission's Standard Contractual Clauses approved on June 4, 2021 (Decision 2021/914) with our service providers (AWS, payment processors, shipping carriers) to ensure adequate protection for data transferred outside the EEA/UK/Switzerland
• Encryption: All data transmitted to and stored in the U.S. is encrypted using industry-standard SSL/TLS protocols and at-rest encryption
• Access Controls: We limit access to personal data to authorized personnel only, with logging and monitoring of all access
• Data Minimization: We transfer only the minimum data necessary to provide our Services
• Supplementary Measures: We implement technical and organizational measures beyond SCCs to protect against access by U.S. government authorities without proper legal basis

U.S. Government Access: Under U.S. law, U.S. government authorities (e.g., National Security Agency, FBI) may have broad surveillance powers under laws such as Section 702 of the Foreign Intelligence Surveillance Act (FISA) and Executive Order 12333. We are not subject to these surveillance programs as we do not meet the criteria for "electronic communication service providers" under FISA. However, like any U.S. business, we may be compelled to disclose data pursuant to lawful court orders or subpoenas.

Your Rights Regarding International Transfers:

• You have the right to request a copy of the Standard Contractual Clauses we use
• You have the right to object to transfers if you believe adequate safeguards are not in place
• You have the right to lodge a complaint with your local data protection authority (see Section 8.3 for GDPR rights)

Consent to International Transfer: By using our Services from outside the United States, you acknowledge that your information will be transferred to and processed in the United States under the safeguards described above. If you do not consent to this transfer, please do not use our Services.

11. Third-Party Links and Services

Our website may contain links to third-party websites (e.g., Wikipedia, external resources, designer platforms). We are not responsible for the privacy practices of these external sites.

Third-Party Services We Use:

• Stripe: Stripe Privacy Policy
• PayPal: PayPal Privacy Policy
• Google Analytics: Google Privacy Policy
• AWS: AWS Privacy Policy

We encourage you to review the privacy policies of any third-party services you interact with. We are not responsible for their practices.

12. Do Not Track Signals

Some web browsers have a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activities tracked. Because there is no consistent industry standard for recognizing and implementing DNT signals, we do not currently respond to DNT browser signals.

However, you can control cookies and tracking as described in Section 5.3 (Managing Cookies).

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Post the revised Privacy Policy on our website
• Notify you via email (if you have provided an email address)
• Provide prominent notice on our website for significant changes

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after changes are posted constitutes your acceptance of the revised Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

For California Residents (CCPA/CPRA Requests):
Email: ccpa@get3dprints.com
Subject Lines: "California Privacy Rights Request" or "Do Not Sell or Share My Personal Information" or "Limit Use of Sensitive Personal Information"

For EEA/UK/Swiss Residents (GDPR Requests):
Email: gdpr@get3dprints.com
Subject Lines: "GDPR Privacy Rights Request" or "Automated Decision Review" or "Standard Contractual Clauses Request"

Summary

What we collect: Name, email, address, payment info (via processors), design files (encrypted in AWS S3), usage data, cookies, account credentials (if applicable)

Why we collect it: To fulfill orders, improve services, communicate with you, detect fraud, and comply with legal obligations (tax, accounting, consumer protection laws)

Who we share with: Service providers only (AWS, Stripe, PayPal, USPS, UPS, Google Analytics), legal authorities when legally required. We do NOT sell your information for money, but Google Analytics sharing may constitute "sale" under California law.

Your rights: Access, correction, deletion, opt-out of marketing and "sale", data portability, limit use of sensitive information (California), human review of automated decisions (EU). Rights vary by location.

Data retention: Design files 90 days after shipping, order records 7 years (tax law: 26 USC § 6501), account data until deletion requested

Security: SSL/TLS encryption, AWS S3 encrypted storage, no credit card storage (PCI-compliant processors), 72-hour breach notification

Children: COPPA: Not for under 13. Terms: Not for under 18 without parent/guardian authorization.