Back to home

Privacy Policy

Last updated: 9 March 2026

1. Overview

Printforge (“we”, “us”, “our”) operates the Printforge platform at crm.printforge.com.au (the “Service”). This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your personal information.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

Information you provide:

  • Account details — name, email address, and password (stored as a secure bcrypt hash)
  • Business information — business name, ABN, address, logo, and contact details
  • Client data — names, emails, phone numbers, and addresses of your clients
  • Operational data — quotes, invoices, jobs, materials, printers, and supplier information
  • Files — STL files, G-code files, design files, job photos, and documents you upload
  • Support messages — content you send through our in-app support system

Information collected automatically:

  • Authentication cookies — essential session tokens for keeping you signed in
  • Usage metadata — login timestamps and feature interactions for service improvement
  • Analytics data — page views and basic usage patterns via Google Analytics (see Section 6)

3. How We Use Your Data

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Send transactional emails — password resets, email verification, quote delivery, invoice delivery, and support replies
  • Send onboarding and product update emails (you can unsubscribe at any time)
  • Process payments and manage subscriptions
  • Respond to support requests
  • Improve the Service based on aggregate usage patterns

We will never sell, rent, or share your personal data with third parties for marketing purposes.

4. Data Storage & Security

Your data is stored in a PostgreSQL database hosted on secure infrastructure. We implement industry-standard security measures including:

  • Encryption in transit — all connections use HTTPS/TLS
  • Encryption at rest — sensitive credentials (OAuth tokens, API keys) are encrypted with AES-256-GCM
  • Password hashing — bcrypt with salt rounds, never stored in plain text
  • Two-factor authentication (TOTP) — available for all accounts
  • Rate limiting — protection against brute-force and abuse on all endpoints
  • CSRF protection — Origin header validation on all mutating requests
  • Input validation — all user inputs sanitised and validated with Zod schemas
  • File validation — uploaded files verified by magic byte signatures, not just file extensions
  • Session management — secure HTTP-only cookies with 7-day expiry

5. Third-Party Services

We use the following third-party services to operate the platform. Data shared with these providers is limited to what is necessary for their function:

  • Google Analytics — website analytics (collects anonymised page views, device type, and general location; no personally identifiable information is shared)
  • Resend — transactional email delivery (receives recipient email addresses and email content)
  • Stripe — payment processing (receives payment details; we do not store card numbers)
  • Anthropic (Claude AI) — AI assistant features (receives design briefs and chat messages you submit; no personal data is shared)

Optional integrations you may connect:

  • Xero — accounting sync (invoices, contacts)
  • Shopify — order import (order data)
  • Google Drive / OneDrive — cloud file storage (files you choose to export)

These integrations only activate when you explicitly connect them and can be disconnected at any time. OAuth tokens for connected services are encrypted at rest.

6. Cookies

Essential cookies:

  • Session cookie — authenticates your login session (HTTP-only, secure, 7-day expiry)
  • 2FA cookie — remembers two-factor verification status
  • CSRF token — protects against cross-site request forgery

Analytics cookies:

  • Google Analytics (_ga, _ga_*) — collects anonymised usage data to help us improve the Service. These cookies are set by Google and expire after 2 years. No personally identifiable information is collected.

We do not use advertising cookies or social media trackers.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data (including quotes, invoices, clients, jobs, materials, and files) is permanently deleted within 30 days.

Email logs are retained for 90 days for deliverability monitoring, then automatically purged. System logs are retained for 30 days for security monitoring.

8. Your Rights

You have the right to:

  • Access — request a copy of all data we hold about you
  • Correction — update or correct any inaccurate information
  • Deletion — request permanent deletion of your account and all associated data
  • Export — download your data in standard formats (CSV, PDF, JSON) via the Master Backup feature
  • Unsubscribe — opt out of marketing emails at any time via the unsubscribe link in any email
  • Disconnect — revoke any third-party integration access at any time

To exercise any of these rights, contact us at the address below. We will respond within 30 days of your request.

9. Children's Privacy

The Service is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or a prominent notice within the Service. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact

For questions, concerns, or requests regarding this Privacy Policy or your data, contact us at:

hello@printforge.com.au

Printforge · Australia

Privacy Policy | Printforge