Privacy Policy

Last updated: March 10, 2026

This Privacy Policy describes how AI DXF Converter ("we", "Service") collects, uses, and protects your information in accordance with the European General Data Protection Regulation (GDPR) and applicable privacy laws.

1. Information We Collect

Information you provide:

  • Email address and name: When registering for the service
  • Uploaded images: Processed on server for conversion and stored in S3 for your history
  • Generated DXF files: Stored in cloud for re-download

Automatically collected information:

  • IP address: Anonymized (first 3 octets only) for quota management
  • Usage data: Action type, date, number of lines generated
  • Essential cookies: To maintain login state
  • Terms consent: Date and time of consent to terms of service, IP address

2. Legal Basis for Processing (GDPR)

We process your data on the basis of:

  • Consent (Art. 6(1)(a)): For marketing and service improvement
  • Contract performance (Art. 6(1)(b)): To provide the conversion service
  • Legitimate interest (Art. 6(1)(f)): For security and fraud prevention
  • Legal compliance (Art. 6(1)(c)): To meet legal requirements

3. Use of Information

We use the information to:

  • Provide the conversion service and save design history
  • Manage user account and usage quotas
  • Send essential service notifications (email verification, password reset)
  • Improve service quality and analyze usage
  • Secure the service and prevent abuse

4. Sharing Information with Third Parties

We do not sell personal information. We share information only with:

  • OpenAI (GPT-4o): Images are sent for AI processing. OpenAI does not retain images after processing per their policy.
  • Amazon S3: Encrypted cloud file storage
  • Payment providers: For credit payment processing (encrypted, PCI-DSS compliant)
  • Law enforcement: Only as legally required

5. Data Security

All data is transmitted with TLS encryption. Files are stored with AES-256 encryption. We implement strict access controls and conduct regular security audits.

6. Data Retention

  • Uploaded images: Retained until user deletes history
  • DXF files: Retained until deleted by user
  • Account data: Retained until account deletion + 30 days
  • Logs and analytics: Retained up to 12 months
  • Consent records: Retained 7 years for legal purposes

7. Your Rights Under GDPR

If you are an EU resident, you have the following rights:

  • Right of access (Art. 15): To receive a copy of your data
  • Right to rectification (Art. 16): To correct inaccurate data
  • Right to erasure (Art. 17): "Right to be forgotten" — deletion of all your data
  • Right to restriction (Art. 18): To restrict how we use your data
  • Right to data portability (Art. 20): To receive data in a structured format
  • Right to object (Art. 21): To object to certain processing
  • Right to withdraw consent: To withdraw consent at any time

To exercise these rights, contact us through the homepage. We will respond within 30 days. You also have the right to lodge a complaint with the relevant data protection authority.

8. International Data Transfers

Data may be transferred and processed in the USA (OpenAI and Amazon servers). These transfers are conducted in accordance with the European Commission's Standard Contractual Clauses (SCCs).

9. Cookies

We use only essential cookies:

  • Session cookie: To maintain login state (httpOnly, secure)
  • Admin cookie: For administrator access (httpOnly, secure)

No advertising, analytics, or tracking cookies are used.

10. Changes to Policy

Material changes will be published on the website with 30 days' advance notice. Continued use after changes take effect constitutes acceptance.

11. Contact and DPO

For privacy questions, data deletion, or exercising GDPR rights, contact us through the homepage.