Legal

Privacy Policy

Your data belongs to you. Here's exactly how we handle it.

Effective date: June 22, 2025

At Spool, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use and store it, and what rights you have over your data. By using Spool, you agree to the practices described in this policy.

01

Overview

Spool is a SaaS platform built for 3D printing businesses. To provide our services — including printer management, filament tracking, cost calculation, inventory management, invoice generation, print library, business profiles, and premium request features — we need to collect and process certain information about you and your business.

We collect only what we need, store it securely, and never sell your personal data to third parties.

02

Information We Collect

We collect the following categories of information:

Account Information

  • Your name and email address (provided during registration or via Google OAuth)
  • Profile photo (if provided through Google OAuth)
  • Account creation date and login history
  • Preferred currency and regional settings

Business Profile Information

  • Business name, logo, address, and contact details
  • GST/tax identification numbers you choose to enter
  • Business tagline and branding preferences
  • Default invoice payment terms and notes

Usage Data

  • Pages visited and features used within the platform
  • Actions performed (calculations run, invoices created, etc.)
  • Browser type, operating system, and device information
  • IP address and approximate geographic location
03

Authentication Data Handling

Spool uses Supabase Auth to manage user authentication. Your password, if you choose email/password login, is hashed using industry-standard bcrypt encryption before being stored. We never store your password in plain text and never have access to your raw password.

Authentication session tokens are stored securely and expire automatically. We implement row-level security (RLS) policies at the database level to ensure your data is accessible only to your authenticated account.

We do not share authentication credentials or session tokens with any third parties beyond what is strictly required to operate Supabase as our infrastructure provider.

04

Google Login

Spool offers Google OAuth as a convenient login option. When you choose to sign in with Google, we receive the following information from Google:

Received from Google OAuth

  • Your Google account email address
  • Your display name as set in your Google account
  • Your Google profile picture URL (if publicly set)
  • A unique Google account identifier (sub claim)

We do not receive or store your Google password. We do not access your Gmail, Google Drive, Google Calendar, or any other Google services. The OAuth token received is used solely to identify and authenticate you within Spool.

Your use of Google Sign-In is also governed by Google's Privacy Policy. You can revoke Spool's access to your Google account at any time via your Google Account Security settings.

05

Business Data Storage

All business data you enter into Spool is stored securely in our Supabase-hosted PostgreSQL database with encryption at rest. This includes:

Stored Business Data

  • Printer profiles — name, brand, model, purchase cost, wattage, maintenance notes
  • Filament entries — brand, material type, color, spool weight, cost per kg
  • Print job records — filament used, print time, cost breakdown, photos, notes
  • Cost calculator inputs and result history
  • Business profile details used for invoice generation

Your business data is private to your account. No other users can view, access, or modify your data. Spool employees do not access individual user data except for legitimate technical support purposes when explicitly authorized by you.

06

Invoice & Inventory Data Storage

Spool stores the invoices you create and your inventory records as part of our core service. This data includes:

Invoice Data

  • Invoice number, date, due date, and payment status
  • Client/customer name, address, email, and phone number you enter
  • Line items — descriptions, quantities, unit prices
  • Applied tax rates (including GST CGST/SGST/IGST breakdown)
  • Discount amounts, total values, and currency
  • Custom invoice notes and payment terms

Inventory Data

  • Filament roll quantities and remaining weights
  • Inventory transaction history (usage, restocking)
  • Low-stock threshold settings
  • Timestamps of inventory updates

Client information you enter for invoices is stored solely to generate and display your invoices within Spool. We do not use your clients' contact details for any marketing or outreach purpose.

07

Cookies & Analytics

Spool uses a minimal set of cookies and local storage mechanisms required for the platform to function correctly:

Functional Cookies

  • Session authentication cookie — keeps you logged in across page refreshes
  • Theme preference cookie — remembers your light/dark mode choice
  • CSRF protection tokens — prevents cross-site request forgery attacks

We may use privacy-respecting analytics tools to understand how users interact with Spool at an aggregate level. These tools do not identify you personally and do not track you across other websites. Analytics data helps us improve the platform and identify areas where users may be experiencing difficulty.

We do not use advertising cookies, third-party tracking pixels, or behavioral profiling technologies. You can clear cookies at any time through your browser settings; note that clearing session cookies will log you out of Spool.

08

Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share data only in the following limited circumstances:

Limited Sharing Circumstances

  • Infrastructure providers — Supabase (database and auth), Vercel (hosting) who process data on our behalf under data processing agreements
  • Legal compliance — when required by law, court order, or governmental authority
  • Business transfers — in the event of a merger, acquisition, or sale of assets, where your data may transfer as part of the transaction with equivalent privacy protections
  • With your explicit consent — for any other purpose, only with your clear authorization
09

Data Retention

We retain your account data and business data for as long as your account is active. If you delete your account, we will:

Data Deletion Process

  • Delete your personal profile and authentication credentials within 30 days
  • Delete your business profile, printer data, filament data, and print records
  • Delete your invoice and inventory records
  • Remove your data from active databases within 30 days of account deletion
  • Retain anonymized, aggregated usage statistics that cannot identify you
  • Retain data for an additional period if required by applicable law

Backups may retain copies of your data for up to 90 days after deletion as part of our disaster recovery processes, after which it is permanently purged.

10

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Your Data Rights

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure — request deletion of your personal data ("right to be forgotten")
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — receive your data in a machine-readable format
  • Right to object — object to processing of your data for certain purposes
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at Instagram DM. We will respond to your request within 30 days. We may need to verify your identity before fulfilling certain requests.

11

Security

We implement appropriate technical and organizational security measures to protect your data, including:

Security Measures

  • All data transmitted between your browser and Spool is encrypted using HTTPS/TLS
  • Database encryption at rest via Supabase infrastructure
  • Row-level security (RLS) policies ensuring strict data isolation between user accounts
  • Password hashing with bcrypt (no plain-text passwords stored)
  • Automatic session expiration and secure cookie attributes
  • Regular security reviews of our infrastructure and access controls

Despite these measures, no method of data transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to Instagram DM.

12

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our data practices, legal requirements, or features. We will update the "Effective date" at the top of this page whenever changes are made.

For material changes that significantly affect how we handle your data, we will make reasonable efforts to notify you (for example, via email or an in-app notification). Continued use of Spool after such changes constitutes acceptance of the updated policy.

13

Contact

If you have questions, concerns, or requests about this Privacy Policy or our data practices, please reach out:

Spool — Privacy Team

Need help? DM us on Instagram

We aim to respond to all privacy-related inquiries within 5–10 business days.

Last updated: June 22, 2025

Terms of Service →Back to Home