Privacy Policy

When you use Calloy we collect information you provide (name, email, company, shipping address, billing info via Stripe), files you upload (CAD geometry, drawings, photos), and usage data (IP, device, pages visited, interactions). Payment card data is handled entirely by Stripe and never stored on Calloy servers.

• Operate the marketplace, instant-quote engine, and Work Dashboard.
• Route jobs to matched shops and facilitate payouts.
• Send transactional emails (order confirmations, shipping updates).
• Prevent fraud, abuse, and ITAR-regulated uploads.
• Improve our pricing, matching, and Cal-L AI models using aggregated, de-identified data.

We share information only with: (a) the shop matched to your job, limited to what they need to manufacture and ship; (b) payment processors (Stripe); (c) shipping carriers and logistics providers (Shippo, Warp, etc.); (d) service providers bound by confidentiality (hosting, analytics, email); and (e) authorities when required by law. We do not sell your personal information.

Your CAD files are stored encrypted and shared only with the shop matched to your order. We retain them for the duration of your account plus the warranty window (30 days post-delivery) for dispute purposes, then delete on request or after a standard retention period.

We use essential cookies for authentication and session management, plus a small number of analytics cookies (PostHog) to understand how the Service is used. You can opt out of analytics in Account settings.

You can access, export, correct, or delete your personal data at any time via Account settings or by emailing privacy@calloy.app. California (CCPA/CPRA) and EU (GDPR) residents have additional rights, including the right to know, the right to delete, and the right to opt out of sale (Calloy does not sell personal data).

The Service is not directed to anyone under 18. We do not knowingly collect information from minors.

Data in transit is TLS-encrypted; data at rest is encrypted in Supabase and Stripe. We use workspace-scoped Row-Level Security across every user-owned table. No system is perfect — contact us immediately if you suspect your account has been compromised.

We'll post material changes here and, when appropriate, email account holders. Continued use of the Service after changes take effect constitutes acceptance of the revised Policy.

Privacy questions or requests: privacy@calloy.app.