Privacy Policy

1. About

Embrowser ("Embrowser," "we," "our," or "us") is committed to making embroidery design accessible to all. This Privacy Policy explains how we collect, use, and disclose your personal information and assists you in exercising your privacy rights.

Capitalized terms not defined in this Privacy Policy have the meanings set forth in our Terms of Service.

2. Scope

This Privacy Policy applies to personal information processed by us, including on our website (embrowser.com), our web application, and our related online services (collectively, the "Services").

This Privacy Policy does not apply to any third-party websites, services, or applications, even if they are accessible through our Services.

3. Personal Information We Collect

The personal information we collect depends on how you interact with our Services.

3.1 Account Information

When you create an Embrowser account, we collect the personal information you provide to us, such as:

• Name
• Email address
• Password (encrypted)
• Profile picture (if uploaded)

3.2 Payment Information

When you purchase a subscription through the Services, we use third-party payment processors such as Stripe to process your payments. These third-party applications collect information from you to process a payment on behalf of Embrowser, including your name, email address, payment card information, and billing address. Embrowser does not receive or store your complete payment card information, but we may receive and store information associated with your payment (e.g., the fact that you have paid, the last four digits of your credit card, and your country of origin).

3.3 Customer Content

We collect embroidery designs and materials that are created, uploaded, or otherwise provided by you on the Services. Customer Content may include personal information such as any names or text you use in your designs. We do not automatically scan or analyze Customer Content for advertising or profiling purposes.

3.4 Support Chat Information

Our support chat feature is only available to users with Embrowser accounts. When you use our support chat to contact our support team, we collect:

• Your name and email address
• Chat messages and conversation history
• Subscription plan information
• Any files or information you choose to share with support

3.5 Usage Data and Technical Information

We automatically collect certain information when you use the Services, including:

• Internet protocol (IP) address
• Browser type and version
• Device information
• Pages visited and features used
• Session duration and interaction data
• Cookie identifiers and other unique identifiers

4. How We Use Your Information

We use your personal information for the following business purposes:

• Providing the Services: To create and manage your account, authenticate users, process payments, and provide access to our embroidery design tools and features
• Storing Your Content: To store and sync your embroidery designs, projects, and related files across devices
• Customer Support: To respond to your questions, comments, and support requests through our support chat system
• Communications: To send you important service notifications, updates about your account, and respond to your inquiries
• Improving Services: To analyze usage patterns, troubleshoot issues, and improve our software and user experience
• Security and Fraud Prevention: To protect our Services, detect and prevent fraud, abuse, and security incidents
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

Legal Basis for Processing (EEA/UK Users):

• Performance of Contract: Account creation, authentication, storing your designs, providing design tools and features, customer support
• Legitimate Interests: Improving Services, usage analytics, security monitoring, fraud prevention
• Consent: Marketing emails, optional analytics (where applicable)
• Legal Obligation: Billing records, tax compliance, responding to legal requests

5. Data Sharing and Disclosure

We do not sell your personal information. We may disclose personal information we collect to the following categories of third parties:

Service Providers

We share personal information with trusted third-party service providers that help us operate our platform, including:

• Supabase: Authentication, database services, and support chat infrastructure
• Cloudflare R2: Secure file storage for your designs and projects
• Stripe: Payment processing for subscriptions

Design Sharing

When you use our sharing features to share designs using share links, the content you choose to share becomes accessible to anyone with the link. Any information included in shared designs is also publicly available.

Legal Requirements

We may access, preserve, and disclose your information if we believe doing so is required or appropriate to:

• Comply with law enforcement or legal process, such as a court order or subpoena
• Protect your, our, or others' rights, property, or safety
• Enforce our agreements and policies
• Prevent fraud or investigate suspected illegal activity

Business Transfers

If we are involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction in accordance with applicable law.

6. Data Storage and Security

Your data is stored securely using reputable cloud infrastructure:

• Supabase: Authentication and database services hosted in enterprise-grade data centers with provider-managed encryption at rest
• Cloudflare R2: Design files and projects stored with provider-managed encryption at rest and encrypted in transit via TLS
• TLS/SSL Encryption: All data transmitted between your browser and our Services is encrypted using HTTPS

We implement appropriate technical and organizational security measures to protect your personal data, including:

• Access controls limiting data access to authorized personnel
• Regular security reviews and updates
• Secure authentication mechanisms including password hashing

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Privacy Rights

In accordance with applicable law, you may have the following rights:

• Access: Request access to and receive information about the personal information we maintain about you
• Rectification: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information and account
• Data Portability: Request an electronic copy of your personal information or have it transferred to another service
• Restriction of Processing: Request restriction of how we process your personal information
• Object to Processing: Object to our processing of your personal information based on legitimate interests
• Withdraw Consent: Withdraw consent for processing based on your consent (without affecting the lawfulness of processing before withdrawal)
• Opt-out of Marketing: Unsubscribe from marketing communications at any time

To exercise these rights, please contact us using the information in the Contact Us section below. We will process such requests in accordance with applicable laws and may need to verify your identity before fulfilling your request.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

8. Your Choices

Email Communications

If you receive marketing emails from us, you can use the unsubscribe link at the bottom of the email to opt out. Note that you will continue to receive transaction-related emails regarding Services you have requested. We may also send certain non-promotional communications, and you will not be able to opt out of those (e.g., communications regarding the Services or updates to our Terms or this Privacy Policy).

Cookies and Tracking Technologies

We use cookies and similar technologies as described below:

We do not use advertising or remarketing cookies. You can control cookies through your browser settings. We honor Global Privacy Control (GPC) signals where required by law. We do not currently respond to browser "Do Not Track" signals as there is no universal standard, but we do honor GPC as a valid opt-out signal. Please note that disabling essential cookies may affect the functionality of the Services.

9. Data Retention

We retain personal information based on the following schedule:

• Account information: Retained while your account is active, deleted within 30 days of account deletion
• Customer Content (designs): Retained while your account is active, deleted within 30 days of account deletion (backups may persist for up to 90 days)
• Support chat logs: Retained for 2 years for quality assurance and dispute resolution
• Server logs and IP addresses: Retained for 90 days for security and debugging purposes
• Billing records: Retained for 7 years as required for tax and accounting compliance
• Analytics data: Retained for 90 days in identifiable form, then aggregated/anonymized

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we must retain it for legal obligations as described above.

10. International Data Transfers

The personal information we collect may be transferred to, processed, and stored in the United States and other jurisdictions which may have data protection laws that are different from the laws where you are located.

Where we transfer your personal information to countries outside the European Economic Area (EEA), Switzerland, or the UK, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws. We may rely on Standard Contractual Clauses (SCCs) and, where applicable, supplementary technical and organizational measures to ensure an adequate level of data protection.

11. Children's Privacy

Our Services are not intended for children under 13 years of age (or other age as required by local law, such as 16 in certain jurisdictions). We do not knowingly collect personal information from children. Account creation requires a valid email address and, for paid features, payment information. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

12. Supervisory Authority

If you are located in the European Economic Area or the UK, you have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal information violates applicable law.

13. California Residents

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information.

Categories of Personal Information Collected

We collect the categories of personal information described in Section 3 of this Privacy Policy, including identifiers, commercial information, internet activity, and other information you provide to us.

Your Rights

California residents have the right to:

• Know what personal information we collect, use, and disclose
• Request deletion of personal information
• Request correction of inaccurate personal information
• Opt-out of the sale or sharing of personal information
• Not be discriminated against for exercising these rights

Sale and Sharing: We do not sell your personal information. We do not share personal information for cross-context behavioral advertising. We contractually restrict our service providers from using your data for their own purposes.

Sensitive Personal Information: We do not intentionally collect sensitive personal information (such as precise geolocation, racial or ethnic origin, or health information) for purposes of inferring characteristics about you. If you voluntarily include such information in your designs or support communications, we do not use it to infer traits or for targeted advertising.

Verification and Response: We will verify your identity before processing rights requests and respond within 45 days (or as required by law). You may designate an authorized agent to make requests on your behalf by providing written authorization. If we deny a request, you may appeal by contacting us at support@embrowser.com with "Privacy Appeal" in the subject line.

To exercise these rights, please contact us using the information in the Contact Us section below.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time at our discretion. If there are material changes to this Privacy Policy, we will notify you as required by applicable law, such as by email or through a prominent notice on our website. Your continued use of Embrowser after changes are posted constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us:

• Email: support@embrowser.com
• Support Chat: Available to users with Embrowser accounts via the chat widget in the bottom-right corner of our website