Privacy Policy

1. Information We Collect

Account information

When you create an account we collect the information provided through your chosen sign-in method:

• Google Sign-In: your Google profile name, email address, and profile photo URL as provided by Google
• Email magic link: your email address and optionally a display name you provide
• Phone number (SMS): your phone number in E.164 format

No password is ever created or stored by OmniPlot.

Usage data

We store cut counts, job history (the canvas layout, patterns placed, plotter settings, and export format for each job), and the timestamp of your last activity. This data is used to enforce plan limits, display your job history, and improve the Service.

Subscription and billing data

We store your Stripe customer ID, subscription status, current plan, and billing period end date. Your full payment card details are never stored by us — they are handled entirely by Stripe.

Session data

We store a single session token per account in order to enforce our one-active-session policy. This token is stored in your browser's local storage and in your account record. When a new session is initiated from a different device, the prior session token is invalidated.

Shop and team data

If you create or join a shop, we store shop membership data including your role, the shop's name and plan, and invite records. Invite links are tied to the inviting user's account and expire after 7 days.

Plotter configuration

Plotter settings (blade force, speed, connection type, etc.) are stored per-session in your browser. Some settings may be persisted to your account profile to restore your configuration across devices.

2. How We Use Your Information

• To operate the Service: authenticate you, display your job history, enforce plan limits, and enable team features
• Billing: manage your subscription and communicate billing status changes via Stripe webhook events
• Security: detect and prevent unauthorized access through session management
• Product improvement: aggregate, anonymized usage patterns (which vehicles are searched, which export formats are used) help us prioritize pattern library additions and feature development
• Communications: transactional emails (sign-in links, billing receipts) and, if you opt in, product updates and changelog notifications

We do not sell your data, build advertising profiles, or share your information with third parties for their own marketing purposes.

3. Third-Party Services

OmniPlot is built on the following infrastructure providers. Each has its own privacy practices:

Firebase / Google Cloud (Google LLC)

Firebase Authentication manages sign-in for Google, email, and phone methods. Firestore stores account profiles, job history, and shop data. Cloud Storage serves pattern SVG files. All data is processed under Google Cloud's infrastructure in accordance with the Google Cloud Privacy Notice.

Stripe, Inc.

Stripe processes all subscription billing. Stripe receives your email address, payment card information, and billing-related events. Stripe's use of your data is governed by the Stripe Privacy Policy. Your full card details are never transmitted to or stored by OmniPlot servers.

Firebase reCAPTCHA (Google LLC)

Phone number sign-in uses Firebase's reCAPTCHA verification to prevent abuse. This involves Google's reCAPTCHA service loading on sign-in pages, which may set cookies and send signals to Google as described in the Google Privacy Policy.

4. Data Retention

Your account data is retained for as long as your account is active. Job history for Free accounts older than 90 days may be pruned. Lite plan accounts retain 90 days of job history; Pro and Shop plan accounts retain full job history.

If you close your account, your personal data and job history are scheduled for permanent deletion within 90 days, except where retention is required by law (e.g., billing records).

5. Cookies and Local Storage

OmniPlot does not use third-party advertising cookies. We use browser local storage for:

• Your session token (to keep you signed in)
• Pending sign-in state for magic link completion
• Plotter configuration preferences
• Theme preference (dark/light mode)

Firebase Authentication and reCAPTCHA may set their own cookies or local storage entries as part of their operation. Stripe may set cookies on billing portal pages hosted by Stripe.

6. Your Rights

Depending on where you are located, you may have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate data (update your display name in Settings → Profile)
• Request deletion of your account and associated data (Settings → Danger Zone, or email us)
• Object to or restrict certain processing
• Data portability (export your job files via the studio at any time)

To exercise any of these rights, contact us via our support page. We will respond within 30 days.

California residents (CCPA): OmniPlot does not sell personal information. You have the right to know what data we collect and to request deletion.

EEA/UK residents (GDPR): Our legal basis for processing is performance of a contract (operating the Service you signed up for) and, for analytics, legitimate interest. You may withdraw consent at any time by closing your account.

7. Children's Privacy

OmniPlot is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify subscribers of material changes via email or in-app notice. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes acceptance.

9. Contact

Questions about this Privacy Policy or your data? Contact us via our support page.