POLYFORM PRINTS

Privacy Policy

Last updated: 13 May 2026

This Privacy Policy explains how Polyform Prints ("we", "us", "our") collects and uses personal data when you use the PolyQuote API ("the Service"). We are committed to handling your data lawfully, fairly, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

Polyform Prints is the data controller for personal data processed in connection with PolyQuote. You can contact us at [email protected].

2. What data we collect

• Email address — provided by you at sign-up so we can deliver your API key and account communications.
• API usage data — counts of API calls made by your key, the number of remaining calls in your billing period, and the timestamp your account was created.
• Stripe customer ID — a reference issued by Stripe when you subscribe to a paid plan, allowing us to reconcile invoices with your API key.
• IP address (demo endpoint only) — when you use the public demo endpoint, your IP is used solely to enforce a short-term rate limit. It is stored as a hashed key in our datastore and expires automatically after one hour.

We do not collect or store the contents of your API requests (filament types, weights, print times) beyond the immediate scope of generating a response. We do not use cookies on this website. We do not run analytics or marketing trackers.

3. Why we collect it (lawful basis)

We process your personal data on the lawful basis of performance of a contract (UK GDPR Article 6(1)(b)) — namely, providing you with the PolyQuote Service you have signed up for. We also process limited data on the basis of legitimate interests (Article 6(1)(f)) to protect the Service from abuse (e.g. rate-limiting the demo endpoint).

4. How long we keep it

We retain your account data (email, API key metadata, Stripe customer ID) for the duration of your subscription, and for a further 12 months after cancellation to handle billing queries, fraud disputes, and statutory record-keeping obligations. Demo endpoint rate-limit records expire automatically within one hour.

5. Who we share it with

We share the minimum personal data required with the following processors:

• Stripe — for processing subscription payments. Stripe receives your email address and payment details directly. We never see or store your card information.
• Resend — for delivering your API key by email after sign-up. Resend receives your email address and the contents of the welcome email.

Both processors operate under their own privacy policies and contractual safeguards. We do not sell, rent, or trade your personal data, and we do not share it for marketing purposes.

6. Marketing

We do not send marketing emails. The only emails we will send you relate directly to your account: your initial API key, billing receipts (via Stripe), and any essential service notices.

7. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectify data that is inaccurate or incomplete.
• Erase your data ("right to be forgotten") subject to our legal retention obligations.
• Restrict or object to certain types of processing.
• Portability — receive your data in a structured, machine-readable format.
• Withdraw consent at any time, where consent is the basis of processing.
• Lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

To exercise any of these rights, email us at [email protected]. We aim to respond within 30 days.

8. Security

API keys and account metadata are stored in encrypted-at-rest infrastructure on Cloudflare. All API traffic is encrypted in transit (HTTPS). We take reasonable technical and organisational measures to safeguard your data, though no system is perfectly secure.

9. International transfers

Our processors (Stripe, Resend, Cloudflare) may process data outside the UK. Where this occurs, transfers are governed by appropriate safeguards — such as the UK International Data Transfer Agreement or Standard Contractual Clauses approved under UK GDPR.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent revision. Material changes will be communicated by email to active subscribers.

11. Contact

Questions, complaints, or data requests: [email protected].