Draft: This privacy policy is a draft and should be reviewed by a qualified legal professional before going live.

Privacy Policy

Last updated: March 2026

1. Who We Are

CutZilla Pro ("we", "our", "us") provides cutting layout optimization software for woodworkers, cabinet makers, and fabricators. This privacy policy explains how we collect, use, store, and protect your personal data when you use our website (www.cutzilla.pro) and application (app.cutzilla.pro).

For questions about this policy or your data, contact us at: privacy@cutzilla.pro

2. Data We Collect

Account Data

• Email address (required for account creation)
• Full name (optional)
• Password (stored securely hashed, never in plain text)

Usage Data

• Projects, materials, and cutting layouts you create
• Application preferences and settings
• Feature usage statistics (e.g. number of optimizations run)
• Login timestamps and session information

Technical Data

• IP address (for security and abuse prevention only)
• Browser type and version
• Device type and operating system
• Pages visited and actions taken (when analytics consent is given)

Payment Data

Payment processing is handled by Stripe. We do not store your credit card details. We receive and store your Stripe customer ID and subscription status.

3. Cookies We Use

Essential Cookies (Always Active)

These cookies are necessary for the application to function and cannot be switched off.

• Authentication cookies — Keep you logged in securely (Supabase auth tokens)
• Cookie consent — Remember your cookie preferences
• Application settings — Store your preferences (units, theme, layout)

Analytics Cookies (Opt-in)

These cookies help us understand how you use the site so we can improve it. Only active if you consent.

• Google Analytics 4 — Page views, feature usage, user journeys. IP addresses are anonymised by default. Data is processed under Google's Privacy Policy.

Marketing Cookies (Opt-in)

We do not currently use marketing cookies. This category exists for future use and will be updated if we add advertising or remarketing services.

4. How We Use Your Data

• Provide the service — Store your projects, materials, and cutting layouts
• Manage your account — Authentication, subscription management, customer support
• Improve the product — Aggregate usage analytics to prioritise features (legitimate interest)
• Security — Detect and prevent fraud, abuse, and unauthorised access (legitimate interest)
• Communication — Service-related emails (password resets, subscription changes). We will not send marketing emails without your explicit consent.

5. Legal Basis for Processing

We process your data under the following legal bases:

• Contract — Processing necessary to provide the service you signed up for
• Consent — Analytics and marketing cookies (you can withdraw consent at any time via cookie preferences)
• Legitimate interest — Security monitoring, fraud prevention, service improvement through aggregate analytics

6. Third-Party Services

We use the following third-party services that may process your data:

• Supabase — Database and authentication (Privacy Policy)
• Stripe — Payment processing (Privacy Policy)
• Cloudflare — Bot protection and CDN (Privacy Policy)
• Google Analytics 4 — Website analytics, only when you consent (Privacy Policy)
• Vercel — Website hosting (Privacy Policy)

7. Data Retention

• Account data — Retained while your account is active and for 30 days after deletion
• Project and material data — Retained while your account is active
• Security logs (IP addresses) — Retained for up to 12 months
• Analytics data — Google Analytics retains data for up to 14 months
• Cookie consent records — Retained for 6 months, then re-requested

8. Your Rights

Under GDPR (EU), UK GDPR, and POPIA (South Africa), you have the right to:

• Access — Request a copy of the personal data we hold about you
• Rectification — Correct inaccurate personal data
• Erasure — Request deletion of your personal data ("right to be forgotten")
• Portability — Receive your data in a structured, machine-readable format
• Restriction — Restrict processing of your data in certain circumstances
• Objection — Object to processing based on legitimate interest
• Withdraw consent — Withdraw cookie consent at any time via the cookie preferences banner

To exercise any of these rights, contact us at privacy@cutzilla.pro. We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit (HTTPS/TLS) and at rest
• Row-level security policies in our database
• Regular security reviews and updates
• Access controls and audit logging for administrative actions
• Bot protection via Cloudflare Turnstile

10. International Transfers

Your data may be processed in countries outside your own, including the United States (where our hosting and third-party service providers are located). We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required.

11. Children's Privacy

CutZilla Pro is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

12. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes by updating the "Last updated" date and, where appropriate, providing notice via email or the application. If changes affect how we use cookies, we will re-request your consent.

13. Contact Us

If you have questions about this privacy policy or wish to exercise your data rights, contact us at:

Email: privacy@cutzilla.pro
Website: www.cutzilla.pro