Karasawa Labs
Karasawa Labs
Legal

Privacy Policy

Last updated: April 4, 2026

This Privacy Policy describes how Karasawa Labs ("Company", "we", "us", or "our") collects, uses, and protects your information when you use our websites, the Karaslice Pro application, and manufacturing services (collectively, the "Services").

1. Information We Collect

1.1 Account Information

When you create an account β€” via email/password registration or a third-party provider (Google, Apple) β€” we collect:

  • Name
  • Email address
  • Password (hashed and salted β€” we never store plaintext passwords)
  • Profile photo (if provided by OAuth provider)
  • OAuth provider identifier (if applicable)

1.2 Billing Information

When you subscribe to Karaslice Pro or place a manufacturing order, our payment processor Stripe collects:

  • Full name and billing address
  • Phone number
  • Payment method details (credit/debit card)

We do not store your full payment card details on our servers. All payment data is processed and stored securely by Stripe in accordance with PCI DSS standards.

1.3 Uploaded Files

When you use Karaslice, you may upload 3D model files (STL, OBJ, GLB, GLTF, FBX, 3MF, QDT). These files are:

  • Processed on-device or in-browser for client-side analysis, slicing, and repair.
  • Uploaded to our cloud infrastructure when you use cloud features such as Deep Repair, Smart Split (AI part segmentation), cloud slicing, or AI mesh tools.
  • Temporarily stored for processing and automatically deleted within 72 hours of job completion.

1.4 Usage & Security Data

We automatically collect:

  • Browser type and version
  • Pages visited and features used
  • Session duration and timestamps
  • Error logs and performance metrics
  • IP address at login (for fraud prevention and account security)
  • Device fingerprint identifiers (cookie-based, for trial abuse prevention)

1.5 AI & Machine Learning Data

When you use AI-powered features (mesh repair, analysis, Smart Split, remeshing, texturing, text-to-3D, image-to-3D, or Brain optimization), we collect:

  • Mesh metadata (triangle counts, topology statistics, bounding box dimensions).
  • Processing parameters and results (repair steps taken, segmentation labels, optimization settings).
  • Anonymized pipeline telemetry to improve AI model accuracy.

Your actual 3D model geometry is processed server-side for these features but is never used to train AI models. Mesh files are deleted after processing.

2. How We Use Your Information

We use collected information to:

  • Provide the Services β€” process your meshes, manage your subscription, and fulfill manufacturing orders.
  • Communicate with you β€” send transactional emails (receipts, order updates, subscription changes).
  • Improve the Services β€” analyze usage patterns to fix bugs, improve performance, and develop new features.
  • Prevent fraud β€” detect and prevent unauthorized access, abuse, or fraudulent transactions.
  • Legal compliance β€” fulfill legal obligations, respond to lawful requests, and protect our rights.

We do not use your uploaded 3D files to train AI models, and we do not sell your personal data.

3. Information Sharing

We share your information only with:

  • Stripe β€” for web payment processing and subscription management.
  • Apple (StoreKit) β€” for iOS in-app purchase and subscription management. Apple processes payments directly; we receive transaction receipts but not your payment card details.
  • Shippo β€” for shipping label generation on manufacturing orders (name, address, phone, email).
  • Google Cloud β€” for cloud mesh repair, slicing, and split processing (uploaded files only).
  • Google AI (Gemini) β€” for AI-powered mesh analysis, quoting, and Brain optimization. Only mesh metadata and processing parameters are sent β€” not your actual model files.
  • Anthropic (Claude) β€” for AI-assisted mesh diagnostics and pipeline optimization. Only metadata and analysis results are shared.
  • Meshy.ai β€” for AI remeshing, retexturing, text-to-3D, and image-to-3D generation. Mesh files or prompts you submit are sent to Meshy for processing. See Meshy's privacy policy for their data practices.
  • Firebase (Google) β€” for authentication, database, and file storage infrastructure.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Data Retention

  • Account data β€” retained as long as your account is active, plus 30 days after deletion.
  • Uploaded files β€” automatically deleted within 72 hours of processing completion.
  • Transaction records β€” retained for 7 years as required for tax and legal compliance.
  • Usage logs β€” retained for 90 days, then aggregated and anonymized.

5. Data Security

We implement industry-standard security measures including:

  • TLS encryption for all data in transit.
  • Encrypted storage for data at rest.
  • Passwords hashed with bcrypt (12 salt rounds); OAuth authentication via Google and Apple.
  • Access controls, two-factor authentication for administrators, and audit logging for cloud infrastructure.
  • IP-based fraud detection and account security monitoring.
  • Regular security reviews of our codebase and dependencies.

No system is perfectly secure. If we discover a breach affecting your personal data, we will notify affected users within 72 hours.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access β€” request a copy of the personal data we hold about you.
  • Correction β€” request correction of inaccurate personal data.
  • Deletion β€” request deletion of your account and associated data.
  • Portability β€” request your data in a machine-readable format.
  • Objection β€” object to processing of your data for certain purposes.

To exercise any of these rights, contact us at build@karasawalabs.com.

7. iOS Application

The Karaslice iOS app collects the same categories of data described above. Additionally:

  • Subscriptions purchased through the App Store are managed by Apple. We receive transaction receipts to verify your subscription status across platforms (iOS and web).
  • On-device mesh processing (import, analysis, slicing) does not transmit your files to our servers unless you use cloud features.
  • The app uses Firebase Authentication to sync your account across platforms.

8. Account Enforcement

We reserve the right to suspend or permanently ban accounts that violate our Terms of Service. When an account is suspended or banned:

  • Your IP address may be logged and blocked to prevent circumvention.
  • Your data will be retained or deleted in accordance with applicable law.
  • Banned users will be notified via email.

9. Cookies & Local Storage

We use:

  • Session cookies β€” for authentication and CSRF protection.
  • localStorage β€” for storing user preferences (display name, UI settings) and order history on your device.

We do not use third-party tracking cookies or advertising pixels.

10. Children's Privacy

The Services are not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

11. International Users

The Services are operated from the United States. If you access the Services from outside the U.S., your data may be transferred to and processed in the U.S. By using the Services, you consent to this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes via email. The "Last updated" date at the top indicates the most recent revision.

13. Contact

For privacy-related questions or requests: