Privacy Policy

Effective Date: February 15, 2026

This Privacy Policy describes how CraftStage ("we", "us", or "our") collects, uses, and protects your personal information when you use our website at craftstage.com and our SaaS platform (collectively, the "Service"). CraftStage is operated by CraftStage Technologies LLC.

By using the Service, you agree to the collection and use of information as described in this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address — used to identify your account and communicate with you.
  • Password — stored in hashed form. If you use magic-link or social login, no password is stored.
  • Organization details — organization name and slug, team member invitations, and role assignments.
  • Profile photo — if you choose to upload one.

1.2 Payment Information

We use Stripe to process payments. When you subscribe to a paid plan, your payment details (credit card number, billing address) are collected and processed directly by Stripe. We do not store your full credit card number on our servers. We receive from Stripe only a partial card number (last four digits), card brand, expiration date, and billing address for record-keeping purposes.

For more information on how Stripe handles your data, please see Stripe's Privacy Policy.

1.3 Content You Upload

When you use the Service, you may upload:

  • CSV files containing names, inscriptions, or other text data for engraving and award production.
  • Image files such as template designs, logos, or backgrounds.
  • Job configuration data including text area coordinates, font selections, and layout settings.

This content is stored securely and is only used to provide the Service to you.

1.4 Data Generated by the Service

As you use the Service, we generate and store:

  • AI parsing results — when our AI processes your uploaded text, we store the parsed and classified output.
  • Proof images — rendered previews of your personalized items.
  • Export files — laser-ready production files generated from your jobs.
  • Approval records — timestamps and responses from your customers' proof approvals.

1.5 Automatically Collected Information

When you access the Service, we automatically collect:

  • Log data — IP address, browser type, operating system, referring URL, pages visited, and timestamps.
  • Device information — screen resolution, device type, and language preferences.

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service — process your uploads, generate proofs, manage approvals, and produce export files.
  • Process payments — manage your subscription, process charges, and send invoices via Stripe.
  • AI-powered text processing — send your uploaded text data to our AI provider (Anthropic) for intelligent parsing and classification. Only the text content necessary for parsing is sent; no account or personal information is included in AI requests.
  • Send notifications — email you about proof approvals, account activity, subscription changes, and service updates.
  • Improve the Service — analyze usage patterns to fix bugs, improve performance, and develop new features.
  • Provide support — respond to your questions and troubleshoot issues.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 Service Providers

We use trusted third-party services to operate the platform:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Stripe | Payment processing | Billing details, subscription status | | Anthropic | AI text parsing | Uploaded text content only (no personal data) | | Supabase | Database and file storage | Account data, uploaded files, generated files | | Vercel | Application hosting | Log data, request metadata | | Email provider | Transactional emails | Email address, notification content |

Each provider processes data according to their own privacy policies and our data processing agreements with them.

3.2 Proof Approval Links

When you send proof approval links to your customers, those customers can view the proof images and approve or reject them. The approval page only displays the proof image and approval controls — it does not expose your account information, pricing, or other job details.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, such as a subpoena, court order, or government request.

4. Cookies and Tracking

We use a minimal set of cookies:

  • Session cookie — maintains your authenticated session. This is essential for the Service to function and cannot be disabled.
  • Locale cookie (NEXT_LOCALE) — stores your language preference.

We do not use advertising cookies or third-party tracking cookies.

5. Data Retention

  • Account data — retained for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.
  • Uploaded content and generated files — retained while your account is active. Deleted within 30 days of account deletion.
  • Payment records — retained as required for tax and accounting obligations (typically 7 years).
  • Log data — retained for up to 90 days for security and debugging purposes.

6. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption in transit — all data transmitted between your browser and our servers uses HTTPS/TLS encryption.
  • Encryption at rest — uploaded files and database records are stored using encrypted storage.
  • Access controls — organizational data is isolated between teams. Only members of your organization can access your jobs, templates, and files.
  • Authentication security — we support two-factor authentication and passkeys for additional account protection.

While we take reasonable precautions, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal data we hold about you.
  • Correction — request that we correct inaccurate or incomplete data.
  • Deletion — request that we delete your personal data and account.
  • Data portability — request an export of your data in a machine-readable format.
  • Objection — object to certain types of processing of your personal data.

To exercise any of these rights, contact us at hello@craftstage.com. We will respond to your request within 30 days.

8. International Data Transfers

The Service is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

9. Children's Privacy

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected information from a child under 13, we will promptly delete it. If you believe a child under 13 has provided us with personal information, please contact us at hello@craftstage.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service prior to the change taking effect. Your continued use of the Service after the effective date of the revised policy constitutes your acceptance of the changes.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

CraftStage Email: hello@craftstage.com