Privacy Policy

Effective date: March 27, 2026

Stitchuation ("we", "our", "the app") is operated by Enzo Aquino Labs, LLC. This Privacy Policy explains how we collect, use, and protect your information when you use the Stitchuation iOS app and related services.

Information We Collect

Account Information

When you create an account, we collect:

• Email address — used for account identification and communication
• Display name — shown within the app
• Bio and experience level (optional) — set in your profile settings
• Password (if using email/password login) — stored as a one-way cryptographic hash using bcrypt; we never store your actual password

Social Login Information

If you sign in with a third-party provider, we receive:

• Apple Sign-In: Your Apple user ID and email (which may be a private relay address)

Additional social login providers (such as Facebook and TikTok) may be added in the future. We will update this policy before enabling any new providers. We do not receive or store your passwords from any social login provider.

Content You Create

The app stores data you choose to enter:

• Thread inventory (brand, number, color, quantity, notes)
• Needlepoint pieces (designer, design name, status, dimensions)
• Journal entries and photos
• Materials lists for projects

AI Features

When you use the stitch guide parsing feature, the image you upload is sent to Anthropic's API for analysis. Anthropic processes the image to extract materials information and does not retain your images after processing. See Anthropic's Privacy Policy for details.

How We Use Your Information

• To provide and maintain the app's functionality
• To authenticate your account
• To sync your data across devices
• To process stitch guide images using AI

We do not sell your personal information. We do not use your data for advertising.

Analytics and Tracking

We do not use any third-party analytics services, ad networks, or tracking tools. We do not use cookies for tracking purposes. The app does not contain any advertising.

Our website uses Google Fonts, which are loaded from Google's servers when you visit our web pages. This results in your IP address being transmitted to Google. See Google's Privacy Policy for details. The iOS app bundles fonts locally and does not contact Google.

Data Storage and Security

Your data is stored on Microsoft Azure infrastructure:

• Account and content data in a PostgreSQL database
• Images in Azure Blob Storage

All data is transmitted over encrypted HTTPS connections. Passwords are hashed using bcrypt with a cost factor of 12. Authentication tokens expire after 15 minutes (access) and 30 days (refresh).

Third-Party Services

We share data with the following services only as needed to operate the app:

• Apple — authentication (Sign in with Apple) and subscription billing (App Store)
• Anthropic — AI image analysis for stitch guide parsing
• Microsoft Azure — cloud infrastructure (database and image storage)
• Resend — transactional email delivery (verification and password reset emails)

Data Retention

We retain your account and content data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days. Some data may be retained in encrypted backups for up to 90 days.

Lawful Basis for Processing

We process your personal data on the following legal bases:

• Contract performance — processing necessary to provide the service you signed up for (account management, data sync, core app functionality)
• Legitimate interest — security, fraud prevention, and service improvement

Your Rights

Under applicable data protection laws, including the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

• Right to access — request a copy of the personal data we hold about you
• Right to rectification — request correction of inaccurate or incomplete personal data
• Right to erasure — request deletion of your account and all associated data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to restrict processing — request that we limit how we use your data
• Right to object — object to our processing of your personal data
• Right to withdraw consent — withdraw consent at any time where processing is based on consent

Account Deletion

You can delete your account directly within the app:

• Go to Settings > Delete Account
• Type "DELETE" to confirm
• Your account and all associated data will be permanently deleted within 30 days
• Encrypted backups may be retained for up to 90 days before being purged

Data Export

You can export all of your data directly within the app:

• Go to Settings > Export My Data
• A JSON file containing all your data will be downloaded
• The export includes threads, pieces, journal entries, and materials
• Image URLs are provided for separate download and are valid for 24 hours

California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request deletion of your personal information, and opt out of the sale of personal information. We do not sell personal information.

For EU Residents

If you are located in the European Union or European Economic Area, all GDPR rights listed above apply to you. To exercise any of these rights, please contact us at privacy@stitchuation.app. At our current scale, our support email serves as the point of contact for all data protection inquiries.

Sub-Processors

We use the following third-party data processors to operate the service:

• Microsoft Azure — cloud infrastructure, database hosting, and image storage
• Anthropic — optional AI-powered stitch guide parsing (images are processed but not retained)
• Apple — App Store distribution, Sign in with Apple authentication, and subscription billing
• Resend — email delivery for verification and password reset emails (receives email addresses)

Children's Privacy

Stitchuation is not directed at children under 13 (or under 16 in the European Union, where required by local law). We do not knowingly collect personal information from children under these ages. If you believe a child has provided us with personal information, please contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

privacy@stitchuation.app