Privacy Policy

Last updated: March 20, 2026

1. Introduction

CutArc ("we", "our", "us") respects your privacy. This policy explains how we collect, use, and protect your personal information when you use our suite of browser-based design and manufacturing tools, including CutArc Plasma, Laser, Vinyl, and AI Generate (collectively, "the Service").

2. Information We Collect

2.1 Account Information

• Email address (for account creation and communication)
• Name (optional, for personalization)
• Password (stored securely using bcrypt hashing)

2.2 Payment Information

• Payment processing is handled by Stripe. We do not store your credit card number or payment details on our servers.
• We store your Stripe customer ID to manage your subscription and credit balance.
• See Stripe's privacy policy for how they handle payment data.

2.3 Usage Information

• Projects and designs you create
• Export history, AI generation history, and feature usage
• Settings, preferences, and machine configurations

2.4 AI-Generated Content

• Text prompts submitted to AI Generate
• Images uploaded for Photo to SVG conversion (processed by our AI provider and not retained after conversion)
• Generated SVG designs (stored in your generation history)

2.5 Technical Information

• IP address (for security and rate limiting)
• Browser and device information (for compatibility)
• Session data (for authentication)

3. How We Use Your Information

• Provide the Service: Process your designs, generate G-code and machine commands, and run AI generation
• Account Management: Authentication, password recovery, and security
• Billing: Process subscription payments and AI credit purchases via Stripe
• Communication: Service updates, security alerts, and support
• Improvement: Analyze usage patterns to improve the Service
• Security: Detect and prevent fraud and abuse

4. Data Storage and Security

• Data is stored on secure servers with encryption at rest
• Passwords are hashed using industry-standard bcrypt
• All connections use HTTPS encryption
• We implement rate limiting, 2FA support, and intrusion detection
• Regular backups ensure data availability

5. Data Sharing

We do NOT sell your personal information. We may share data only:

• With Stripe for payment processing
• With our AI provider (Recraft) for processing AI generation requests and photo-to-SVG conversion — only the prompt or image is sent, not your personal information
• With service providers who assist in operating the Service (hosting, email delivery)
• When required by law or to protect our rights
• In connection with a business transfer (merger, acquisition)

6. Your Rights

You have the right to:

• Access: Download all your data via Profile > Export My Data
• Correction: Update your account information at any time
• Deletion: Delete your account and all associated data
• Portability: Export your projects and settings

7. Cookies, Local Storage, and Third-Party Services

We use:

• Authentication tokens: To keep you logged in
• Local storage: To save your preferences and auto-save projects
• Session cookies: For security and functionality
• Stripe: For secure payment processing. Stripe may set cookies for fraud prevention. See Stripe's privacy policy.
• Google Analytics: To understand how visitors use our site and improve the experience. Google Analytics may set cookies to collect anonymous usage data. Learn more at Google's privacy policy.
• Google AdSense: To display relevant advertisements that help support the free tier. AdSense may use cookies to serve ads based on your browsing history. You can opt out of personalized ads at Google Ad Settings.

8. Data Retention

• Account data is retained while your account is active
• AI generation history is retained while your account is active
• Images uploaded for Photo to SVG are processed in memory and not permanently stored
• Upon account deletion, data is permanently removed within 30 days
• Backups are retained for up to 90 days for disaster recovery

9. International Users

The Service is hosted in the United States. By using the Service, you consent to data transfer to the US. We comply with applicable data protection regulations including GDPR for EU users.

10. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children.

11. CutArc Machine Connect Chrome Extension

The "CutArc Machine Connect" browser extension bridges CutArc to CNC controllers on your local network via WebSocket. Regarding this extension:

• No data collection: The extension does not collect, store, transmit, or share any personal data, browsing history, or usage information
• Local network only: The extension communicates exclusively between the CutArc web application and your CNC controller on your local network. No data leaves your network
• No analytics or tracking: The extension contains no analytics, telemetry, or tracking code
• No remote servers: The extension does not connect to CutArc servers or any third-party services. All communication is directly between your browser and your local machine
• Permissions: The extension only activates on CutArc web pages (cutarc.io) and requires no special browser permissions beyond connecting to your local network

12. CutArc Connect Mobile App (iOS & Android)

The "CutArc Connect" mobile application provides remote access to your CutArc account and connected CNC machines. In addition to the data practices described above, the mobile app:

• Camera access: Used solely to capture photos for conversion to SVG cut files via AI vectorization or image tracing. Photos are processed through the CutArc API and are not stored on our servers after processing is complete
• Photo library access: Used solely to select existing images for conversion to SVG cut files. We do not access, scan, or upload any photos beyond those you explicitly select
• Authentication tokens: Login credentials are stored securely on your device using encrypted storage (iOS Keychain / Android EncryptedSharedPreferences). Tokens are used to authenticate API requests to cutarc.io
• Machine control: The app communicates with your CNC machine through the CutArc server using your authenticated session. Machine status data (position, state) is polled in real time but is not stored or logged by the app
• No background data collection: The app does not collect data in the background, track location, or access contacts, microphone, or other device sensors
• No third-party advertising: The mobile app contains no ads, ad tracking, or third-party analytics SDKs
• Theme preferences: Your display theme preference (dark, light, system) is stored locally on your device and is not transmitted to our servers

13. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or Service notification. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or to exercise your rights, please reach out through our contact form.