This Privacy Policy describes how Karasawa Labs ("Company", "we", "us", or "our") collects, uses, and protects your information when you use our websites, the Karaslice Pro application, and manufacturing services (collectively, the "Services").

1. Information We Collect

1.1 Account Information

When you create an account through a third-party provider (Google, Apple), we receive:

Name
Email address
Profile photo (if available)
OAuth provider identifier

1.2 Billing Information

When you subscribe to Karaslice Pro or place a manufacturing order, our payment processor Stripe collects:

Full name and billing address
Phone number
Payment method details (credit/debit card)

We do not store your full payment card details on our servers. All payment data is processed and stored securely by Stripe in accordance with PCI DSS standards.

1.3 Uploaded Files

When you use Karaslice, you may upload 3D model files (STL, OBJ, GLB, GLTF, FBX, 3MF). These files are:

Processed in-browser for client-side analysis and repair.
Uploaded to our cloud infrastructure only when you explicitly use the Deep Repair pipeline.
Temporarily stored for processing and automatically deleted within 72 hours of job completion.

1.4 Usage Data

We automatically collect:

Browser type and version
Pages visited and features used
Session duration and timestamps
Error logs and performance metrics

2. How We Use Your Information

We use collected information to:

Provide the Services — process your meshes, manage your subscription, and fulfill manufacturing orders.
Communicate with you — send transactional emails (receipts, order updates, subscription changes).
Improve the Services — analyze usage patterns to fix bugs, improve performance, and develop new features.
Prevent fraud — detect and prevent unauthorized access, abuse, or fraudulent transactions.
Legal compliance — fulfill legal obligations, respond to lawful requests, and protect our rights.

We do not use your uploaded 3D files to train AI models, and we do not sell your personal data.

3. Information Sharing

We share your information only with:

Stripe — for payment processing and subscription management.
Shippo — for shipping label generation on manufacturing orders (name, address, phone, email).
Google Cloud — for cloud mesh repair processing (uploaded files only).
Google AI (Gemini) — for AI-powered mesh analysis and quoting. Only mesh metadata (triangle counts, topology stats) is sent to the AI — not your actual model files.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Retention

Account data — retained as long as your account is active, plus 30 days after deletion.
Uploaded files — automatically deleted within 72 hours of processing completion.
Transaction records — retained for 7 years as required for tax and legal compliance.
Usage logs — retained for 90 days, then aggregated and anonymized.

5. Data Security

We implement industry-standard security measures including:

TLS encryption for all data in transit.
Encrypted storage for data at rest.
OAuth-based authentication (no passwords stored).
Access controls and audit logging for cloud infrastructure.
Regular security reviews of our codebase and dependencies.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify affected users within 72 hours.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

Access — request a copy of the personal data we hold about you.
Correction — request correction of inaccurate personal data.
Deletion — request deletion of your account and associated data.
Portability — request your data in a machine-readable format.
Objection — object to processing of your data for certain purposes.

To exercise any of these rights, contact us at build@karasawalabs.com.

7. Cookies & Local Storage

We use:

Session cookies — for authentication and CSRF protection.
localStorage — for storing user preferences (display name, UI settings) and order history on your device.

We do not use third-party tracking cookies or advertising pixels.

8. Children's Privacy

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

9. International Users

The Services are operated from the United States. If you access the Services from outside the U.S., your data may be transferred to and processed in the U.S. By using the Services, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes via email. The "Last updated" date at the top indicates the most recent revision.

11. Contact

For privacy-related questions or requests:

Email: build@karasawalabs.com
Web: karasawalabs.com/contact
Feature requests & feedback: Feedback Form