Privacy Policy

When you use SphereLinks, we collect information necessary to provide and improve the service.

Account information

• ·Email address — used to create your account and send transactional notifications.
• ·Password — stored as a secure hash via AWS Cognito. We never store plaintext passwords.
• ·Account creation timestamp.

Usage data

• ·Images you upload for 3D generation (processed and then deleted — see Data Retention).
• ·Generated 3D model files (GLB) stored temporarily for download.
• ·Job metadata: status, timestamps, processing duration, model statistics.
• ·Credit balance and transaction history.

Technical data

• ·IP address and browser user-agent (collected automatically by AWS infrastructure).
• ·AWS CloudFront and API Gateway access logs.
• ·Error logs for debugging purposes.

We use your information only for the following purposes:

• ·To authenticate your account and maintain your session.
• ·To process 3D generation jobs you submit.
• ·To manage your credit balance and process payments.
• ·To send transactional emails (password reset, payment confirmation).
• ·To debug errors and improve service reliability.
• ·To comply with applicable legal obligations.

We do not use your data for advertising, and we do not sell your personal information to any third party.

Your data is stored on Amazon Web Services (AWS) infrastructure in the us-east-1 region (United States).

Security measures include:

• ·All data in transit is encrypted via TLS 1.2+.
• ·Passwords are never stored — authentication is managed by AWS Cognito with industry-standard hashing.
• ·S3 storage buckets are private by default with bucket policies preventing public access.
• ·DynamoDB tables are encrypted at rest.
• ·IAM roles follow the principle of least privilege.
• ·Access tokens (JWT) expire and are not stored server-side.

While we implement robust security measures, no system is 100% secure. We encourage using a strong, unique password for your account.

Payment processing is handled by Razorpay, a PCI-DSS Level 1 compliant payment gateway. We do not store your card number, CVV, or other sensitive payment credentials on our servers.

When you purchase credits:

• ·Your payment details are entered directly into Razorpay's secure checkout.
• ·SphereLinks receives a payment confirmation and signature from Razorpay to verify the transaction.
• ·We store: the Razorpay order ID, payment ID, the package purchased, and the credits added.
• ·Razorpay's privacy policy governs how they handle your payment data.

SphereLinks uses minimal browser storage:

• ·AWS Cognito stores authentication tokens in browser localStorage to maintain your session.
• ·Google Analytics 4 (GA4) — we use analytics cookies to understand aggregated usage patterns. This is only activated after you give your consent via the cookie banner. You can withdraw consent at any time by clearing your browser’s localStorage (key: spherelinks_cookie_consent).
• ·PKCE code verifier — a short-lived sessionStorage entry used during Google sign-in to protect the OAuth flow. It is cleared automatically after authentication completes.
• ·No advertising or cross-site tracking cookies are set.

You can clear localStorage at any time via your browser settings, which will sign you out of the application.

SphereLinks relies on the following third-party services to operate:

Each third-party service operates under its own privacy policy and security standards.

SphereLinks stores and processes data on servers located in the United States (AWS us-east-1). If you are located in the European Economic Area (EEA), UK, or Switzerland, your personal data is transferred outside your jurisdiction.

We rely on the following legal mechanisms to legitimise these transfers:

• ·AWS (Cognito, S3, DynamoDB, Lambda, CloudFront) — Standard Contractual Clauses (SCCs) under the AWS Data Processing Addendum.
• ·Google Analytics — Standard Contractual Clauses (SCCs) under Google’s Data Processing Terms.
• ·Razorpay — SCCs and Razorpay’s Data Processing Agreement.

You may request a copy of the applicable transfer mechanisms by contacting us at the address in Section 12.

• ·Uploaded images: deleted from S3 after the generation job completes (within 24 hours).
• ·Generated GLB files: stored for 7 days from generation date, then automatically deleted.
• ·Job records: retained for 90 days in DynamoDB for support and debugging purposes.
• ·Account data (email, credit balance): retained for the lifetime of your account.
• ·Payment records: retained for 7 years to comply with financial regulations.
• ·Access logs: retained for 30 days by AWS infrastructure.

When you delete your account, all personal data and job records are permanently removed within 30 days, except payment records required by law.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• ·Access: Request a copy of the personal data we hold about you.
• ·Correction: Request correction of inaccurate or incomplete data.
• ·Deletion: Request deletion of your account and associated personal data.
• ·Portability: Request your data in a machine-readable format.
• ·Objection: Object to certain uses of your personal data.

To exercise any of these rights, contact us at the address listed in Section 12. We will respond within 30 days.

SphereLinks is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete that information.

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will:

• ·Update the "Effective" date at the top of this page.
• ·Send a notification to your registered email address for significant changes.

Your continued use of SphereLinks after any changes constitutes acceptance of the updated policy. We encourage you to review this page periodically.

If you have questions about this Privacy Policy, want to exercise your rights, or need to report a privacy concern, please contact us: