Legal

Privacy policy

Effective date: June 10, 2026

Last updated: June 10, 2026

This Privacy Policy explains how StitchThis LLC (“StitchThis,” “we,” “us”) collects, uses, shares, and protects information when you use the StitchThis website at www.stitchthis.io and related services (the “Service”). By using the Service, you agree to this Policy. Capitalized terms not defined here have the meaning given in our Terms of Service.

1. Information we collect

You provide it:

Account information— name or username, email address, password (stored as a salted hash; we never store your plaintext password).
Photos and images you upload— source photos for pattern generation, images submitted to the AI image tools, and photos of floss/thread labels for stash import.
Patterns and project data— patterns you create or import, stitching progress, project names and settings.
Stash data— the thread/floss inventory you enter or import.
Community content— forum posts, replies, shared patterns, reports you file, and your interactions (follows, reactions).
Payment information — handled by Stripe, our payment processor. We do not receive or store your full card number; we receive limited information such as card brand, last four digits, expiration status, and transaction outcomes.
Communications— support requests and emails you send us.

Collected automatically:

Usage and device data— IP address, browser type, device information, pages viewed, features used, timestamps, and referral URLs.
Cookies and similar technologies— used for sign-in/session management, security, preferences, and analytics. See Section 8.

We do not knowingly collect sensitive categories of personal information (such as health, biometric identifiers, or precise geolocation), and we ask that you not include personal information about others in photos or posts without their permission.

2. How we use information

Provide the Service— generate patterns from your photos, run the AI image tools you invoke, track your stitching progress, manage your stash, operate the community, and process purchases and subscriptions.
Operate and improve— debugging, security, abuse prevention, rate-limiting, analytics, improving features and pattern quality, and training StitchThis’s own models as described below.
Communicate— transactional email (account, billing, security) and, with your consent or as permitted by law, product updates; you can opt out of non-essential email at any time.
Enforce and comply— enforce our Terms, respond to legal process, and meet legal obligations (including child-safety reporting, Section 7).

We do not sell your personal information.

Our own models:we use data from your activity in the Service — such as the patterns you generate, your settings and choices, and the quality scores and feedback you provide — to train and improve StitchThis’s own models, including pattern-quality scoring and FORGE’s personalized recommendations. These models are personal to your account and are not built from other users’ data. We do not use your uploaded photos to train our models.

Third-party providers: content you submit to AI-powered features is processed by the providers in Section 3 to return your result. These providers handle submitted content under their own terms, which may include retention for abuse monitoring.

3. Third-party AI processing (important)

When you use certain features, the content you submit is transmitted to third-party AI providers to perform the operation you requested:

Feature	Provider	What is sent
AI image tools (generate, stylize, remix, enhance, combine, merge, replace background)	OpenAI (image models)	The image(s) and text prompt you submit
Background removal	Amazon Web Services (Amazon Bedrock)	The image you submit
Stash photo import	OpenAI (vision model)	The photo(s) of your floss/threads you submit
Stash CSV import	OpenAI (large language model)	The Excel file of your floss/threads you submit

These providers process the content to return a result and handle it under their own terms and privacy commitments, which may include brief retention for abuse monitoring.

Core pattern generation (photo → cross-stitch chart) is performed on our own servers and does not involve these providers.

By using an AI-powered feature, you direct us to transmit the submitted content to the relevant provider. If you do not want a photo processed by a third party, do not use the AI image tools or photo-based stash import for it — manual stash entry and standard pattern generation remain available.

4. Service providers (sub-processors)

We share information with vendors who help us operate the Service, under contracts limiting their use of it:

Stripe — payment processing and subscription billing.
OpenAI — AI image operations and stash-photo recognition (Section 3).
Amazon Web Services — Amazon Bedrock image processing.
fly.io — application hosting.
Runpod — batch pattern processing on cloud GPUs.

We may also disclose information: to comply with law or valid legal process; to protect the rights, safety, or property of users, the public, or StitchThis; in connection with a merger, acquisition, or sale of assets (with notice); and with your direction or consent.

5. Community content is public

Patterns you share to the community, forum posts, your username, and profile information are visible to other users and may be viewable publicly. Don’t post anything you wouldn’t want public. Content you shared may remain visible after account deletion where others have interacted with it, as described in the Terms.

6. Data retention & deletion

Account data — retained while your account is active.
Uploaded source photos and AI inputs— retained up to 90 days or longer where required by law.
Patterns, progress, stash— retained until you delete them or your account.
Payment records— retained as required for tax, accounting, and fraud-prevention obligations.
On account deletion— we delete or de-identify your personal data within 30 days, except: backups (purged on a rolling 90-day cycle), records we must keep by law, community content as described above, and safety-report records (Section 7).

7. Child safety & legal preservation

The Service is not for children under 13, and we do not knowingly collect their data; if we learn we have, we will delete it. Users 13–17 may use the free Service only with parental consent (see Terms).

If we obtain knowledge of apparent child sexual abuse material, we report it to the National Center for Missing & Exploited Children (NCMEC) and preserve the related content and account records as federal law requires (18 U.S.C. §2258A), and we may preserve content and records in response to valid legal process.

8. Cookies & analytics

We use:

Essential cookies— sign-in/session (including a secure, httpOnly refresh token cookie), security, and preferences. These are required for the Service to work.
Analytics— StitchThis uses only first-party server-side request logging. We do not use Google Analytics, Mixpanel, PostHog, or any other third-party analytics, marketing, or behavioral-tracking service.

Most browsers let you control cookies; blocking essential cookies will break sign-in.

We do not use third-party advertising cookies and do not serve third-party ads.

9. Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, export (portability), or restrict/object to processing of your personal data, and to withdraw consent.

Self-service: you can edit account details, delete projects/uploads, and delete your account in settings.
Requests: email legal@stitchthis.io. We will verify your identity and respond within the time required by applicable law. You may authorize an agent where the law allows.
No discrimination:we won’t penalize you for exercising privacy rights.

California (CCPA/CPRA):we do not “sell” or “share” personal information as those terms are defined in the CPRA, and we do not use or disclose sensitive personal information for purposes requiring a “limit” right. The categories collected are described in Section 1; recipients in Sections 3–4; retention in Section 6.

EEA/UK (GDPR): our legal bases are contract (providing the Service you signed up for), legitimate interests (security, abuse prevention, product improvement), consent (non-essential cookies/marketing, where required), and legal obligation (tax, child-safety reporting). You may lodge a complaint with your supervisory authority.

10. International transfers

We are based in the United States and process data there; our providers may process data in other countries. Where required, we rely on appropriate safeguards for international transfers (such as standard contractual clauses or providers’ Data Privacy Framework certifications).

11. Security

We use industry-standard safeguards: encryption in transit (HTTPS), hashed passwords, access controls, scoped session tokens, input validation and rate-limiting, and isolation between users’ data. No system is perfectly secure; if we learn of a breach affecting your personal data, we will notify you and regulators as applicable law requires.

12. Changes to this Policy

We may update this Policy. For material changes we’ll give reasonable notice (email or in-app). The “Last updated” date shows the current version. Continued use after the effective date constitutes acceptance.

13. Contact

Privacy questions or requests: legal@stitchthis.io
StitchThis LLC.

Explore StitchThis

Home StitchSense AI Tools FORGE Floss preview Compare

New to StitchThis? Start with the free tier — no credit card required.