Privacy Policy

1. Introduction

NeedleKit ("we," "us," or "our") is an embroidery business software platform operated by NeedleKit. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at needlekit.com. Please read this policy carefully. By using NeedleKit, you agree to the practices described here.

2. Information We Collect

Account information. When you create an account, we collect your name, email address, and password (stored securely via Supabase Auth — we never see your plain-text password).

Profile data. You may optionally provide a display name, avatar image, and billing address for invoice purposes.

Usage data. We collect information about how you interact with NeedleKit — which tools you use, features you access, and general usage patterns. This helps us improve the platform.

Payment data. Payments are processed by Stripe, Inc. We do not store your card numbers or full payment details. We store your Stripe customer ID and subscription status to manage your plan.

File uploads. Embroidery files (DST, PES, etc.) and images you upload are stored in Supabase Storage in a private bucket accessible only to you. Preview images may be stored in a public bucket for display purposes.

Thread inventory and machine data. Thread inventory, machine registrations, and maintenance logs you create are stored in our Supabase PostgreSQL database, scoped to your account with row-level security.

Cookies and analytics. We use essential cookies (for authentication sessions) and, with your consent, analytics cookies to understand aggregate usage patterns. We do not use advertising cookies or sell your data to ad networks.

3. How We Use Your Information

We use your information to provide and operate the NeedleKit platform, process payments and manage your subscription, send transactional emails (email verification, password reset), improve our tools and user experience, generate aggregate anonymized analytics, and communicate important service updates.

We do not use your data for targeted advertising, and we never sell your personal information to third parties.

4. Data Sharing

Supabase. Our database, authentication, and file storage infrastructure is hosted by Supabase, Inc. Your data is stored in Supabase's secure, SOC 2-compliant infrastructure.

Stripe. Payment processing is handled by Stripe, Inc. When you subscribe to a paid plan, you will interact directly with Stripe's secure checkout. Stripe's privacy policy governs their handling of your payment information.

Amazon Associates. When you click thread purchase links in the Thread Color Matcher, we may earn an affiliate commission from Amazon. Amazon's privacy policy governs any data collected through their platform.

We do not share your personal data with any other third parties except as required by law.

5. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it by law (for example, for financial records). Anonymized, aggregate usage data may be retained indefinitely for analytics purposes.

6. Your Rights

You have the right to access, correct, or delete your personal data at any time. You may export your thread inventory and machine data from within the application. To delete your account and all associated data, contact us at team@needlekit.com. If you are in the European Economic Area, you also have the right to object to processing, request portability of your data, and lodge a complaint with your local data protection authority.

7. Security

We implement industry-standard security measures including HTTPS encryption, bcrypt password hashing (via Supabase Auth), row-level security on all database tables ensuring users can only access their own data, signed URLs for private file access, and regular security audits. No system is 100% secure, and we cannot guarantee absolute security, but we take every reasonable measure to protect your information.

8. Third-Party Services

NeedleKit integrates with Supabase (database and auth), Stripe (payments), Amazon Associates (affiliate links), and Google (OAuth sign-in, optional). Each of these services has its own privacy policy governing their data practices. We encourage you to review their policies.

9. Children’s Privacy

NeedleKit is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by displaying a prominent notice on our platform. Your continued use of NeedleKit after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us at team@needlekit.com.