Fabricate Privacy Policy
Effective date: 2026-04-29 Version: 1
1. Who we are
Fabricate is operated by HELIXDREAMSCO LTD (Company Number 17158644) of 26 Watermint Quay, Craven Walk, London, N16 6DD, United Kingdom. We are the data controller for the personal data described below. Contact: helixdreamsco@gmail.com.
We are registered with the UK Information Commissioner's Office under registration Z9999999.
2. What we collect
| Category | Examples | Source |
|---|---|---|
| Account | Name, email, profile photo | Google sign-in |
| Maker profile | Display name, postcode, printer model, bio | You |
| Identity verification | Document type + verified-name + verified-address (extracted by Stripe Identity); we do not receive or store the document image | Stripe Identity |
| Calibration print | Photo you upload | You |
| Job content | Files you upload (STL, 3MF, STEP, OBJ), titles, notes | You |
| Communications | Chat messages, dispute messages, evidence images | You |
| Payments | Stripe customer/account ids, bid + payout amounts; we never see card numbers | Stripe |
| Reviews | Your ratings and comments after a job | You |
| Device | IP address, user-agent, approximate location derived from IP | Your browser |
| Usage logs | Pages visited, errors, performance traces | Your browser |
3. Why we use it (lawful bases under UK GDPR)
| Use | Lawful basis |
|---|---|
| Run your account, serve pages, process orders | Performance of a contract with you |
| Verify Maker identity to reduce fraud | Legitimate interests (marketplace integrity), and legal obligation (anti-fraud) where applicable |
| Send transactional notifications (bid received, dispute resolved) | Performance of a contract |
| Marketing emails and tips | Consent, only after explicit opt-in |
| Detect abuse, fraud, security incidents | Legitimate interests |
| Comply with HMRC and other regulators | Legal obligation |
4. Who we share it with
- Stripe Payments Europe Ltd — payments and identity verification.
- Resend — transactional email delivery.
- Google — sign-in (your name, email, photo).
- Hosting and infrastructure providers (e.g. Vercel, Cloud SQL).
- The other party to a job — Creators see Maker display name, city (outward postcode), printer model, bio, ratings, and verified status. Makers see Creator display name, file, materials, notes, and quoted price. Pickup address is shared between the two only after a bid is accepted.
- Law enforcement / regulators — when required by law.
We do not sell personal data. We do not share data with advertisers.
5. Where data lives
The platform is hosted in the United Kingdom. Stripe processes payments and identity globally; transfers outside the UK are made under the UK International Data Transfer Agreement or Standard Contractual Clauses.
6. How long we keep it
| Data | Retention |
|---|---|
| Account, jobs, payments, reviews | Lifetime of account + 6 years (HMRC + limitation periods) |
| Chat & dispute messages | Lifetime of account + 6 years |
| Identity-verification metadata | 6 years from last activity |
| Login/session logs | 90 days |
| Marketing-email opt-in records | While opted in + 1 year after withdrawal |
7. Your rights
Under UK GDPR you can ask us to:
- give you a copy of your personal data (Right of Access);
- correct it (Rectification);
- delete it where we no longer have a lawful basis (Erasure);
- restrict processing during a dispute about accuracy or basis;
- export it in a portable format (Portability);
- object to processing based on legitimate interests;
- withdraw any marketing consent at any time.
Email helixdreamsco@gmail.com. We respond within one calendar month.
You may complain to the Information Commissioner's Office at ico.org.uk or 0303 123 1113.
8. File security
We use TLS in transit and at-rest encryption on hosted storage. Files you upload are accessible only by:
- you (the uploader),
- the Maker assigned to your job (after they accept your bid),
- Fabricate staff (limited to support, dispute resolution, and platform safety).
We aim to detect and respond to security incidents within 72 hours and will notify the ICO and affected users when required by UK GDPR. You should not rely on the platform to store files you cannot afford to lose.
9. Children
The platform is not for use by anyone under 18.
10. Cookies
We use only the cookies necessary to keep you signed in and to keep the platform secure (CSRF, session). We do not use marketing cookies. Adjusting browser settings to reject cookies will break sign-in.
11. Changes
When this policy materially changes we'll bump the version number, publish the new text here, and require you to re-accept on your next visit before continuing to use the platform.
12. Contact
helixdreamsco@gmail.com for any data-protection question, subject-access request, or complaint.