Privacy Policy

Effective Date: May 17, 2026 · Last Updated: May 17, 2026

1. Introduction

This Privacy Policy explains how Printhouse Studio, LLC ("Printhouse," "we," "us," or "our") collects, uses, and protects your information when you use the Printhouse platform at useprinthouse.com and app.useprinthouse.com (the "Service").

By using the Service, you agree to the practices described here. This policy is part of our Terms of Service.

2. Information We Collect

Information you provide

  • Account information. We use a third-party authentication provider (Clerk) to manage sign-up and login. We do not store your email, name, or password in our own database. We receive only an internal account identifier.
  • Conversations and files. Messages you send to your agent, files you upload, and your agent's responses are stored in your dedicated workspace.
  • Connected App credentials. When you connect external services, we store the credentials you provide, encrypted at rest.
  • Payment information. Billing is handled by Stripe. We do not collect or store payment card details. We store subscription status, billing period dates, and usage records for billing purposes.

Information collected automatically

  • Usage metrics. We record which AI models your agent uses and token consumption, for billing. We track cost and volume — not message content.
  • Analytics events. We collect basic product events (page views, conversations started, messages sent) to understand how the Service is used. These include your account identifier and an anonymous browser identifier, but never message content or file contents.
  • Error reports. When errors occur, we send diagnostic data to our error monitoring service, including stack traces, your account identifier, and email address. We redact credentials and tokens from error reports before transmission.
  • Server logs. Our servers log API requests with your account identifier, request path, and response status. These logs do not contain message content or request bodies.
  • Cookies and local storage. We set a small number of cookies for authentication (managed by our auth provider) and analytics (an anonymous identifier). We use browser local storage for functional preferences like theme and draft messages.

Information we do NOT collect

We do not collect your physical address, phone number, browsing history outside our platform, precise location, or device fingerprints.

3. How We Use Your Information

  • Provide the Service — run your agent, store your workspace, process messages through AI models, execute Connected App actions.
  • Bill you — track usage, manage subscriptions, process payments.
  • Improve the Service — understand usage patterns through aggregate analytics, diagnose errors.
  • Communicate with you — transactional notifications (subscription changes, security alerts) and, in the future, marketing communications you can opt out of.
  • Comply with law — respond to legal process, enforce our terms, protect rights and safety.

4. AI Providers and Your Data

This is the section that matters most. Your agent works by sending conversations to AI model providers.

What AI providers receive

When you message your agent, your conversation history, system instructions, and tool outputs (including file contents and command results your agent accesses) are sent to the AI provider. The provider used depends on your model selection.

Which providers we use

  • Anthropic (Claude models)
  • OpenAI (GPT models)
  • Fireworks AI (DeepSeek, Kimi models)

What providers do NOT receive

Your real Connected App credentials are never sent to AI providers. Our credential proxy substitutes placeholder values — real keys exist only in an isolated security boundary that AI models cannot access.

Training and retention

None of these providers use data sent through their standard APIs to train models. However, all providers temporarily retain API data (typically up to 30 days) for safety monitoring and abuse prevention before deleting it. We do not use your data to train our own models. If any of these practices change, we will update this policy and notify you before such changes take effect.

5. Third-Party Services

We use third-party services to operate the platform:

  • Authentication (Clerk) — manages your login credentials, email, and sessions.
  • AI model providers (Anthropic, OpenAI, Fireworks AI) — process your conversations as described in Section 4.
  • Payment processing (Stripe) — handles payment methods, invoices, and billing. Stripe may collect your email and billing address directly.
  • Analytics — we use a product analytics service to track aggregate usage patterns (page views, feature adoption). We do not send message content to analytics.
  • Error monitoring — we use an error monitoring service to detect and fix bugs. It receives error diagnostics, account identifiers, and email.
  • OAuth brokering — for Connected Apps using OAuth (e.g., Google, Notion), we use a broker service to manage the token exchange lifecycle.
  • Cloud infrastructure (AWS) — all data is hosted on Amazon Web Services.

We do not sell your personal information. We do not share your data for advertising purposes.

6. Data Security

  • Encryption in transit. All external connections (browser to server, server to third-party APIs) use TLS. Internal service-to-service communication occurs within an isolated private network.
  • Encryption at rest. Our database is encrypted. Connected App credentials receive an additional layer of application-level encryption before storage.
  • Sandbox isolation. Each user's agent runs in its own isolated container with a dedicated filesystem. One user's agent cannot access another user's data. We use an additional kernel-level isolation layer for defense in depth.
  • Credential isolation. Your Connected App credentials are held in a dedicated security process and are never exposed to your agent's runtime, to AI models, or written to logs.

No system is perfectly secure. If we discover a breach affecting your data, we will notify you in accordance with applicable law.

7. Data Retention

  • Workspace data (conversations, files) is retained for the lifetime of your account.
  • Usage records (token counts, costs) are retained indefinitely for billing and audit purposes.
  • Server logs containing account identifiers are retained for 30 days.
  • Database backups containing all stored data are retained for 7 days before automatic deletion.
  • Third-party service data (analytics, error reports) is subject to those services' own retention policies.

8. Account Deletion

You may request deletion of your account by contacting privacy@useprinthouse.com. When we process a deletion:

  • All database records associated with your account are permanently deleted.
  • Your workspace storage (files, conversation history) is permanently destroyed.
  • Your authentication account is deleted.
  • Your payment processor record is anonymized (personal details removed, but the record is retained by the processor for tax and dispute compliance).
  • Data may persist in automated backups for up to 7 days after deletion.

Deletion is irreversible. We aim to process requests within 30 days.

9. Your Rights

All users

You can access your workspace files and conversation history directly through the Service. You can update your account information (email, password) through our authentication provider at any time. You can request account deletion as described above.

European Economic Area, UK, and Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland:

  • Legal basis. We process your data under: (a) contract performance (providing the Service), (b) legitimate interests (analytics, security, error monitoring), and (c) consent (marketing communications, if applicable).
  • Additional rights. You may request data portability, object to processing based on legitimate interests, request restriction of processing, or withdraw consent where applicable.
  • Supervisory authority. You have the right to lodge a complaint with your local data protection authority.

California (CCPA/CPRA)

If you are a California resident:

  • We do not sell or share your personal information for cross-context behavioral advertising.
  • You may request details about the information we hold, request deletion, or correct inaccuracies.
  • We will not discriminate against you for exercising your rights.

To exercise any privacy rights, contact privacy@useprinthouse.com.

10. International Data Transfers

Our infrastructure is hosted in the United States (AWS, Ohio region). If you are outside the US, your data is transferred to and processed in the US.

11. Children

The Service is not intended for anyone under 18. We do not knowingly collect information from children. If you believe someone under 18 is using the Service, contact us and we will delete their account.

12. Changes to This Policy

We may update this policy. If we make material changes, we will notify you through the Service before such changes take effect.

13. Contact

Email: privacy@useprinthouse.com

Printhouse Studio, LLC
New York