3DPrinterOS Data Handling Policy
Below is the 3DPrinterOS Data Handling Policy, which summarizes how your Data is being handled and the measures taken to secure it.
3DPrinterOS servers are hosted by data centers in the USA, California.
3DPrinterOS uses firewalls and logical access control to protect our servers from unauthorized system access, allowing only trusted operations personnel to manage our systems. We also make sure to use strong configuration standards to harden our servers, and we keep them up-to-date with the latest security patches. As such data access is limited to explicitly authorized personnel only.
We support strong cryptography (SHA-256 with RSA encryption) for communication over public networks, so that your 3DPrinterOS password and contents of your activity may be protected in transit as set forth below.
3DPrinterOS also has rate limiting in place on UI and API calls to prevent brute force attacks. Password complexity requirements are enforced on 3DPrinterOS password. We strive to only work with partners that are GDPR compliant and do our best to ensure that they adhere to the set regulations for data protection.
3DPrinterOS passwords are cryptographically hashed before storing in our database. 3DPrinterOS supports 2-factor authentication (2FA using Google Authenticator) when elected for customers who want to add an additional access control. In this case 3DPrinterOS logins require an additional verification code, which is generated by Google Authenticator.
Use and Storage of Customer Data
In our system customer data is collected for 3 purposes:
1. To guarantee the execution of all system services and keep the security of users: email, IP-address. This data is obligatory, so the user can’t revoke his consent to process it.
2. To provide social services and user interaction. All the data from public pages, IP address used in order to determine user’s location in our map of users and email, name, lastname, organization, specialization, avatar, wallpaper, mobile phone, address(country, city, address, some info about yourself, as data needed to cover users interactions). The user can revoke his consent on its processing.
3. To expand our services and customer base - data we collect from pre-registration form: country, institution name, type of institution, role, company, industry, department, organization, main 3D Printer. The user can revoke his consent on its processing.
We share your personal data only in order to provide you the best experience and only in next cases:
- Your email and first name in orfer make conversation with our support easier with Intercom.
- Your email, first name, and last name to notify you about your activities throughout the system with Mandrill Mailer.
- Your email to notify you about our news with Mailchimp.
- Your IP address with Google Analytics in order to analyze your activities and provide the best services in the world.
We will not share your personal data for marketing purposes with companies outside.
All customer data is handled as confidential and sensitive information and is only accessed by a limited number of people from the 3DPrinterOS team.
The data is accessed and used only in cases of:
- 3DPrinterOS software that aggregate data to calculate statistics and analytics
- Customer support to the extent required to solve the case
- To ensure the compliance with applicable laws and regulations, including data storage demands as set forth by US and EU regulations
- Accessed by third parties only as far as is needed to sustain service functionality and stored by third parties as demanded by law