30-Day Free Trial.|Limited Time Only
Back to Home
Effective February 21, 2026

Privacy Policy

How we collect, store, and protect your information.

Information We Collect

We collect the following categories of information when you use Etch Express: (a) Account information - name, email address, username, and password (stored as a cryptographic hash, never in plain text); (b) Organization and store information - business name, phone number, and physical address; (c) Payment information - billing details and payment method, processed and stored by Stripe (we do not store your full card number); (d) Uploaded files - spreadsheets, images, and documents you upload for AI-assisted parsing and design creation; (e) Design data - plate designs, data tables, material selections, and exported production files you create on the platform; (f) Usage data - internal business analytics such as design activity, material usage, and cost tracking aggregated at the store level.

How We Use Your Information

We use your information to: (a) provide, operate, and maintain the Etch Express platform; (b) process uploaded files through AI services to parse data tables, extract material information, and generate plate designs; (c) process payments and manage your subscription through Stripe; (d) send transactional emails such as password reset codes and account verification via Google Gmail API; (e) provide customer support through Intercom; (f) convert business addresses to geographic coordinates via Google Maps Geocoding API for store location features; and (g) generate internal business analytics at the store level to power your analytics dashboard. We do not use your data for advertising, marketing profiling, or any purpose unrelated to delivering the services.

Third-Party Service Providers

We share data with the following third-party providers solely to operate the platform: (a) Google Gemini API and Anthropic Claude API - uploaded files and document content are sent to these AI services for data parsing and design generation; these providers process data under their respective privacy policies and do not retain your data for model training under our API terms; (b) Stripe - processes and stores your payment and subscription information; (c) Intercom - receives your name, email, and user ID to provide in-app customer support; (d) Google Cloud Storage - stores your uploaded documents, design files, and custom fonts; (e) Google Gmail API - sends transactional emails (password resets, verification codes) from noreply@etchexpress.ai; (f) Google Maps Geocoding API - converts business addresses to coordinates. We never sell, rent, or trade your personal information. We may disclose information if required by law, subpoena, or court order.

Google Privacy Policy →Anthropic Privacy Policy →Stripe Privacy Policy →Intercom Privacy Policy →

Cookies & Authentication

Etch Express uses cookies strictly for authentication and security. We set the following cookies: (a) access_token and refresh_token - secure, HttpOnly cookies that cannot be read by JavaScript, used to authenticate your session; (b) csrf_token - a security cookie used to protect against cross-site request forgery attacks. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. There are no Google Analytics, pixel trackers, or similar tracking technologies on the platform. All cookies are essential to the operation of the service.

Data Storage & Infrastructure

Your data is stored across the following infrastructure, all hosted in the United States: (a) MongoDB - account information, designs, data tables, material records, and business analytics; (b) Google Cloud Storage - uploaded documents, design files, exported production files, and custom fonts; (c) Stripe - payment methods and billing history (managed entirely by Stripe). All data transmission uses HTTPS encryption. Passwords are stored using bcrypt hashing and are never stored or transmitted in plain text. Authentication tokens are signed using HMAC-SHA256.

Data Retention

Account data, designs, and uploaded files are retained for the duration of your active subscription. Upon account termination, you have 30 days to request a data export by contacting support@etchexpress.ai. After the 30-day post-termination window, we reserve the right to permanently delete all data associated with your account. Files sent to AI services (Gemini, Claude) for processing are not permanently stored by those providers under our API agreements. Payment records are retained by Stripe in accordance with their data retention policies and applicable financial regulations.

Your Rights

You have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate information; (c) request deletion of your account and associated data; (d) request an export of your designs and data in a standard format; and (e) withdraw consent for non-essential data processing. To exercise any of these rights, contact us at the email below. We will respond to all requests within 14 business days. Account deletion requests will be processed within 48 hours of verification.

support@etchexpress.ai

Security Measures

We implement the following security measures: HTTPS encryption for all data in transit; HttpOnly cookies for authentication tokens (preventing JavaScript access); CSRF protection using double-submit cookie verification; bcrypt password hashing; rate limiting on API endpoints; strict Content Security Policy headers; IP-based audit logging for authentication events; and CORS restrictions limiting API access to authorized domains. While we take reasonable measures to protect your data, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

Updates

This privacy policy may be updated to reflect changes in our practices. Significant changes will be communicated via email to affected users.

Questions about this policy?

Contact support@etchexpress.ai