This Privacy Policy explains how ShapeMultiverse collects, uses, stores, and shares information when you use the ShapeMultiverse website, platform, tools, subscriptions, and related services.
Isaac Pourdaneshian is the data controller for ShapeMultiverse.
By using ShapeMultiverse, you acknowledge that your information will be handled as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the service.
We collect only the information reasonably needed to operate ShapeMultiverse, manage accounts, provide subscriptions, protect the service, and maintain necessary legal and billing records.
Account and identity information
Subscription and billing metadata
Payments are processed by our payment processor. We do not store your full payment card number, card security code, full card details, or bank account information.
When you attempt to redeem a free trial, we receive and process a limited payment-method identifier provided by Stripe, called a card fingerprint. Before storing it, we convert the fingerprint into a keyed cryptographic hash. We store that hash together with related trial, account, and Stripe metadata. We use this information to verify free-trial eligibility, prevent duplicate trial redemptions, prevent abuse, and protect against billing fraud.
Trial redemption records
When you attempt to redeem a free trial or promotional offer, we store trial redemption records. These records may include your user ID, product key, trial offer key, Stripe customer ID, Stripe price ID, Stripe subscription ID where applicable, a keyed cryptographic hash of the Stripe-provided card fingerprint, the fingerprint key version, redemption or reservation status, reservation, expiration, consumption, failure, or release timestamps, and limited error information where needed to troubleshoot failed trial redemption attempts.
Policy acceptance and checkout records
For paid subscriptions, we may store records showing that you accepted subscription terms, policies, and checkout disclosures. These records may include:
Service communications and email delivery records
When we send account, subscription, billing, trial reminder, refund, support, or legal-policy emails, we may keep limited records of those communications. These records may include the recipient email address, email type, subject or template version, related subscription or customer identifiers, delivery status, provider message identifiers, retry attempts, error messages, and sent or failed timestamps.
We use these records to send service communications, prevent duplicate messages, troubleshoot delivery issues, maintain billing and subscription records, and respond to disputes or legal obligations.
Service usage information
We use this information for service limits, performance, abuse prevention, product improvement, and operational analytics. We do not currently use this data to build third-party advertising profiles.
Technical information
Security and abuse-prevention records
We use limited security, abuse-prevention, and error-monitoring records to protect ShapeMultiverse, detect fraud or misuse, debug errors, enforce service limits, and maintain the integrity of subscriptions, payments, authentication, webhooks, and service operations.
For some security events, we record aggregate counters, such as how many times a type of event occurred during a time period. These counters help us identify service-level security, billing, authentication, webhook, quota, and abuse-prevention issues while limiting unnecessary personal information.
We do not currently record individual shape downloads as account-linked personal data.
In the future, we may record which shapes are downloaded to improve the catalog, recommendations, quality control, and platform features. If we introduce this feature, we intend to use it in aggregated or de-identified form where reasonably possible, and we will update this Privacy Policy before using download data in a materially different way.
If download data is connected to your account for service, security, subscription, or abuse-prevention reasons, we will handle it as personal data under this Privacy Policy.
We do not intentionally collect:
Although we do not store full payment card numbers or card security codes, we process limited payment-method identifiers provided by Stripe, such as card fingerprints, for free-trial enforcement, fraud prevention, and abuse prevention. Before storing a card fingerprint, we convert it into a keyed cryptographic hash.
We do not knowingly collect personal information from children under 13 in the United States or from anyone below the age of digital consent in their jurisdiction.
We use information for the following purposes:
We do not sell personal information.
ShapeMultiverse currently uses only cookies or similar technologies that are necessary for the service to work.
We do not currently use advertising cookies, behavioral tracking cookies, or analytics cookies.
If we later add non-essential cookies, analytics tools, advertising technologies, or similar tracking tools, we will update this Privacy Policy and provide any consent mechanism required by applicable law before those tools are used.
We share information only as needed to operate ShapeMultiverse, process subscriptions, protect the service, or comply with legal obligations.
We may share information with the following categories of service providers:
These providers may process information only for the services they provide to us, subject to their own legal and contractual obligations.
We may also disclose information if necessary to comply with law or legal process, respond to lawful requests from public authorities, protect the rights or safety of ShapeMultiverse or others, prevent fraud or abuse, or enforce our Terms of Service.
Payments are processed by third-party payment processors.
We store limited payment-related metadata, such as subscription status, customer ID, subscription ID, price ID, billing period information, cancellation status, payment or subscription confirmation status, and limited payment-method identifiers provided by Stripe.
For free-trial enforcement and abuse prevention, we store keyed cryptographic hashes of Stripe-provided card fingerprints. We use these hashes to determine whether the same payment method has already redeemed a free trial or promotional offer.
We do not store full card numbers, card security codes, or full payment credentials. Our payment processor, currently Stripe, may collect and process additional information under its own privacy policy and terms.
We keep personal information only as long as reasonably necessary for the purposes described in this Privacy Policy. Different categories of information may be retained for different periods depending on the purpose, legal requirements, security needs, billing needs, dispute risks, and operational requirements.
Account and identity data
We keep account and identity information while your account is active. If you request account deletion, we will delete or de-identify personal information that we no longer need, unless retention is reasonably necessary for billing, fraud prevention, security, dispute resolution, tax or accounting obligations, legal compliance, or enforcement of our Terms.
Subscription and billing records
We retain limited subscription and billing records for as long as reasonably necessary to administer subscriptions, process payments, maintain tax and accounting records, handle cancellations, respond to chargebacks or disputes, prevent fraud, comply with legal obligations, and maintain accurate records of subscription status.
Trial redemption and payment-method identifier records
We retain limited trial redemption records, including keyed cryptographic hashes of Stripe-provided card fingerprints, for as long as reasonably necessary to enforce free-trial limits, prevent duplicate trial redemptions, prevent abuse, respond to billing disputes, protect the service, comply with legal obligations, and maintain accurate subscription records.
Policy acceptance and checkout records
For paid subscriptions, we retain policy acceptance and checkout records for as long as reasonably necessary to prove consent, comply with subscription and automatic-renewal laws, respond to billing disputes, defend against chargebacks, and maintain legal or billing records.
Service communication and email delivery records
We retain subscription, billing, trial reminder, refund, account, support, and policy-related email records for as long as reasonably necessary to administer the service, prove notices were sent, prevent duplicate messages, troubleshoot delivery issues, respond to disputes, and comply with legal, tax, accounting, or regulatory obligations.
Usage and operational data
We retain usage and operational data in personal form while needed to provide, secure, maintain, and improve the service, enforce service limits, prevent abuse, investigate technical issues, and preserve operational integrity. After an account is deleted, we may keep usage data in aggregate or de-identified form if it is no longer reasonably linked to you.
Purchases, credits, and future product records
If we offer one-time purchases, usage credits, AI credits, promotional credits, or similar features, we retain related purchase and credit records for as long as reasonably necessary to grant access, maintain balances, process refunds or adjustments, prevent abuse, comply with tax and accounting obligations, resolve disputes, and maintain accurate transaction records.
Server logs, backups, and security records
Server logs, backups, security records, aggregate security counters, and infrastructure records may be retained for limited periods based on operational, security, backup, debugging, fraud-prevention, abuse-prevention, and legal needs. Backup copies may persist for a period of time before being overwritten or deleted through normal backup cycles.
De-identified or aggregate data
We may retain de-identified or aggregate data indefinitely where it cannot reasonably be used to identify you.
You may request deletion of your account by contacting us at the email listed below.
When you request deletion, we will delete or de-identify personal information that we no longer need to provide the service or satisfy a valid legal, security, billing, tax, accounting, dispute, or compliance purpose.
If you request account deletion, we may retain limited trial redemption records or payment-method identifiers where reasonably necessary to prevent repeated free-trial abuse, investigate billing disputes, comply with legal obligations, or enforce our Terms.
This means we may keep some limited records where reasonably necessary, but we will aim to disconnect retained usage or operational data from your personal identity when it is no longer necessary to keep it linked to you.
Account deletion may not immediately remove information from backups, logs, or records that must be retained for legal, security, or operational reasons, but such information will be handled according to this Privacy Policy.
ShapeMultiverse is not intended for children under 13 in the United States or for anyone below the age at which they can lawfully consent to the processing of personal data in their jurisdiction.
We do not knowingly collect personal information from children below the applicable age requirement.
If we learn that we have collected personal information from a child without proper authorization, we may delete the information and close the account.
Parents or guardians who believe a child has provided personal information to ShapeMultiverse may contact us at the email listed below.
ShapeMultiverse is operated from the United States.
If you access the service from outside the United States, your information may be transferred to, stored in, or processed in the United States or other countries where our service providers operate.
Those countries may have data protection laws different from the laws of your country.
Where required, we rely on appropriate legal safeguards for international transfers, such as standard contractual clauses, data processing agreements, adequacy mechanisms, or other lawful transfer mechanisms recognized by applicable law.
You may contact us to request more information about the safeguards used for international transfers.
If you are located in the European Economic Area or the United Kingdom, we process personal data under the following legal bases:
Contract
We process account, authentication, subscription, and billing information when necessary to provide the service, manage your account, and perform our agreement with you.
Legitimate interests
We process certain information for legitimate interests, including securing the service, preventing fraud and abuse, enforcing service limits, maintaining operational records, improving the platform, responding to disputes, and keeping limited legal and billing records.
Our legitimate interests also include verifying free-trial eligibility, preventing repeated promotional redemptions, detecting abuse of subscriptions or free trials, and protecting the service from fraud.
We use legitimate interests only where those interests are not overridden by your rights and freedoms.
Legal obligations
We may process and retain information where necessary to comply with legal, tax, accounting, regulatory, or dispute-related obligations.
Consent
We may rely on consent where required, such as if we introduce non-essential cookies, optional tracking, or other processing that requires consent. You may withdraw consent where processing is based on consent.
Depending on where you live, you may have rights over your personal information.
You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with a data protection authority.
These rights may be subject to legal limits. For example, we may retain limited information where necessary for billing, fraud prevention, security, dispute defense, tax/accounting, legal compliance, or other lawful reasons.
To exercise privacy rights, contact us at the email listed below.
We do not sell personal information.
We do not currently share personal information for cross-context behavioral advertising.
We do not currently use third-party advertising cookies or behavioral advertising trackers.
Do Not Track
Some browsers offer a “Do Not Track” signal. Because there is no universally accepted standard for responding to Do Not Track signals, ShapeMultiverse does not currently respond to them in a uniform way.
Third-party tracking
We do not currently allow third parties to collect personally identifiable information about your online activities over time and across different websites for advertising purposes through ShapeMultiverse.
If this changes in the future, we will update this Privacy Policy and provide any required notices or choices.
We use reasonable technical and organizational measures designed to protect information from unauthorized access, loss, misuse, or alteration.
No online service can guarantee perfect security. You are responsible for keeping your account credentials secure and for notifying us if you believe your account has been compromised.
We may update this Privacy Policy from time to time.
If we make non-material changes, we may update the policy by posting the revised version and changing the “Last updated” date.
If we make material changes to how we collect, use, retain, or share personal information, we will provide notice by email, through the platform, or by another reasonable method where required by applicable law.
For privacy questions, account deletion requests, or privacy rights requests, contact: