Privacy Policy

Last updated: March 25, 2026

PinCAD lets hardware teams get async feedback on 3D models by pinning comments directly to geometry. Upload a CAD file (GLB, STEP, IGES, STL, OBJ, or 3MF), share a link, and collaborators open it instantly in their browser — no installs or accounts required. Files are converted in your browser and securely stored with private, time-limited access links.

🔒 Your designs stay private You own your files No AI training on your data No advertising or data selling🏗️ US-hosted (AWS us-west-1)⏱️ Access links expire in 1 hour

Your data stays yours

You retain full ownership of all CAD files and content uploaded to PinCAD. We do not access, use, or share your files except to provide the service. We do not sell, rent, or use your data for advertising or AI model training.

What data we collect

  • Account information: If you sign in via Google or GitHub OAuth, we store your email address and display name. Reviewers who leave comments provide only a display name (stored in their browser's localStorage).
  • CAD files: When you upload a 3D model (GLB, STEP, IGES, STL, OBJ, or 3MF), the file is converted to GLB in your browser and uploaded directly to our private AWS S3 bucket.
  • Comments and pins: Comments pinned to 3D geometry are stored in our database along with 3D coordinates and camera viewpoint data.
  • Usage analytics: We use PostHog and Google Analytics for anonymous usage events (e.g., page views, model uploaded). No personally identifiable information is sent to analytics providers.

How we store your data

  • CAD files are stored in a private AWS S3 bucket (us-west-1) with AES-256 encryption at rest. Files are never publicly accessible — access is granted only through signed URLs that expire after 1 hour.
  • Database records (projects, comments, replies, user accounts) are stored in Supabase (hosted PostgreSQL) with row-level security policies.
  • Authentication is handled by Supabase Auth using OAuth providers (Google, GitHub). We never store or see your OAuth provider password.

Access to stored files is restricted to infrastructure systems only. Our team does not access your files unless explicitly required for support you request.

We do not share your data with third parties except as required to operate the service (e.g., AWS for file storage, Supabase for database, Vercel for hosting). These providers are bound by their own privacy and security policies.

Data retention

We retain your data until you delete it. Deleted projects and files are permanently removed immediately. Account deletion removes all associated data.

How to delete your data

Deleting a project from your dashboard permanently removes:

  • The uploaded CAD file from S3
  • All comments and replies associated with the project
  • The shareable link (it will stop working immediately)

Dashboard account deletion button coming soon. Currently email pincadapp@gmail.com for full account deletion.

Cookies and tracking

PinCAD does not use tracking cookies for advertising. We use PostHog and Google Analytics (GA4) for anonymous product analytics. Analytics events are anonymous and never include CAD files, file contents, or personally identifiable information. We use PostHog solely to understand product usage patterns. Your browser's localStorage is used only to remember your reviewer display name — no cross-site tracking occurs.

Third-party services

  • AWS S3 — file storage (US-West-1 region)
  • Supabase — database and authentication
  • Vercel — hosting and deployment
  • PostHog — anonymous product analytics
  • Google Analytics — anonymous page view analytics
  • Google / GitHub — OAuth sign-in (only if you choose to create an account)

Contact

For any privacy questions or data deletion requests, contact us at pincadapp@gmail.com.

Security

For security concerns or vulnerability reports, contact pincadapp@gmail.com. We take security seriously and respond promptly.