Privacy Policy

Last updated: February 16, 2026

Parcel OS ("we", "us", or "our") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable data protection laws.

1. Data Controller

Parcel OS
Contact: privacy@parcelos.app

2. Data We Collect

Category	Examples	Legal Basis
Account data	Name, email address, password (hashed)	Contract performance
Usage data	Pages visited, features used, timestamps	Legitimate interest
Project data	3D models, files, notes, tasks	Contract performance
Payment data	Processed by Stripe — we never store card numbers	Contract performance
Technical data	IP address, browser type, device info	Legitimate interest

3. How We Use Your Data

Provide and maintain the Parcel OS platform
Process payments via Stripe
Send transactional emails (account confirmation, password reset)
Improve our services and fix bugs
Comply with legal obligations

We do not sell your personal data to third parties.

We share data only with:

Recipient	Purpose	Location
Stripe	Payment processing	US (EU–US Data Privacy Framework)
AWS / Cloud Provider	File storage & hosting	EU region
AI Render Provider	AI image generation (viewport screenshots only)	Varies

All third-party processors are bound by Data Processing Agreements (DPAs).

5. Data Retention

Account data: Retained while your account is active. Deleted within 30 days of account deletion.
Project data: Retained while the project exists. Deleted when you delete the project or account.
Usage logs: Retained for up to 12 months, then anonymized or deleted.

Under the GDPR, you have the right to:

Access — Request a copy of your personal data
Rectification — Correct inaccurate or incomplete data
Erasure ("Right to be forgotten") — Request deletion of your data
Restriction — Restrict processing of your data
Portability — Receive your data in a structured, machine-readable format
Object — Object to processing based on legitimate interest
Withdraw consent — Where processing is based on consent

To exercise any of these rights, contact us at privacy@parcelos.app. We will respond within 30 days.

7. Cookies

Parcel OS uses only essential cookies required for authentication and session management. We do not use advertising or tracking cookies.

Cookie	Purpose	Duration
`next-auth.session-token`	Authentication session	Session
`parcelos-theme`	Theme preference (localStorage)	Persistent

8. Data Security

We implement appropriate technical and organizational measures, including:

Encryption in transit (TLS/HTTPS)
Encryption at rest for stored files
Hashed passwords (bcrypt)
Regular security reviews

9. International Transfers

Where data is transferred outside the EEA, we ensure adequate safeguards through:

EU Standard Contractual Clauses (SCCs)
EU–US Data Privacy Framework certifications
Adequacy decisions where applicable

10. Children

Parcel OS is not intended for users under the age of 16. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification.

12. Contact & Complaints

For any questions about this policy or your data:

📧 privacy@parcelos.app

You also have the right to lodge a complaint with your local Data Protection Authority (DPA).

1. Data Controller​

2. Data We Collect​

3. How We Use Your Data​

4. Data Sharing​

5. Data Retention​

6. Your Rights (GDPR)​

7. Cookies​

8. Data Security​

9. International Transfers​

10. Children​

11. Changes to This Policy​

12. Contact & Complaints​