Skip to main content

Privacy Policy

Last updated: April 18, 2026

Who We Are

3D Services USA ("we," "us," "our") is a 3D printing and additive manufacturing company based in Florida, USA. We operate the website 3dservicesusa.com and provide FDM and SLA 3D printing services to businesses and individuals.

If you have questions about this policy, email us at privacy@3dservicesusa.com or write to us at the address listed in our Contact page.

What We Collect

We collect information you give us directly and information collected automatically when you use our site.

Information You Provide

  • Account info: name, email, phone number, company name when you register or check out as a guest.
  • Order info: shipping address, billing address, payment method details (processed by our payment processor; we do not store full card numbers).
  • Files you upload: CAD files (STL, STEP, OBJ, 3MF, etc.) submitted for quoting or production. These are stored in encrypted cloud storage (AWS S3).
  • Communications: emails, contact form messages, RFQ submissions, phone calls, and live chat transcripts.
  • Survey and feedback data: if you respond to surveys or leave a review.

Information Collected Automatically

  • Device and browser info: IP address, browser type, operating system, screen resolution, language preference.
  • Usage data: pages visited, time on site, click patterns, referral source.
  • Cookies and tracking: we use cookies, Google Analytics, Google Tag Manager, and Facebook Pixel. See the Cookies section below.

How We Use Your Information

  • Process and fulfill your orders.
  • Generate quotes and communicate about your projects.
  • Send transactional emails: order confirmations, shipping updates, invoice receipts.
  • Send marketing emails (only with your consent; you can unsubscribe any time).
  • Improve our website, services, and pricing.
  • Detect and prevent fraud.
  • Comply with legal obligations (tax reporting, export controls, etc.).
  • Respond to your questions, RFQs, and support requests.

How We Share Your Information

We do not sell your personal information. Period. We share data only with:

  • Payment processors: to charge your credit card or process invoices.
  • Shipping carriers: USPS, UPS, FedEx, or DHL. We share your name and shipping address so they can deliver your order.
  • Cloud infrastructure: AWS (file storage, hosting), Vercel (website hosting). These providers act as data processors under contract.
  • CRM and business tools: Zoho CRM and Zoho Books for managing leads, quotes, and invoices.
  • Analytics providers: Google Analytics and Facebook (aggregated, non-identifying data).
  • Legal requirements: if required by law, subpoena, or court order.

Your Uploaded Files

CAD files you upload are stored in encrypted AWS S3 buckets. We use your files only to generate quotes, manufacture your parts, and run design-for-manufacturability analysis. We do not share your files with third parties, use them for marketing, or claim any ownership of your designs.

You can request deletion of your files at any time by emailing privacy@3dservicesusa.com. Files associated with completed orders are retained for 90 days after delivery (for reorder and warranty purposes), then automatically deleted.

Cookies

We use these types of cookies:

  • Strictly necessary: session cookies that keep you logged in and remember your cart. These cannot be disabled.
  • Analytics: Google Analytics cookies to understand how visitors use our site. You can opt out via Google's opt-out browser add-on.
  • Marketing: Facebook Pixel and Google Ads cookies for retargeting. You can opt out through your browser settings or the DAA opt-out page.

Data Retention

  • Account data: retained as long as your account is active. You can request account deletion at any time.
  • Order records: retained for 7 years for tax and legal compliance.
  • Uploaded files: deleted 90 days after order delivery, or on request.
  • Marketing data: removed immediately upon unsubscribe.
  • Server logs: retained for 30 days, then purged.

Your Rights

Depending on your location, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: ask us to fix inaccurate data.
  • Deletion: ask us to delete your personal data (subject to legal retention requirements).
  • Portability: receive your data in a machine-readable format.
  • Opt out of marketing: unsubscribe from marketing emails at any time using the link in the email.
  • Do Not Sell (CCPA): we do not sell personal information. If you are a California resident, you have the right to confirm this and to know what data we collect.

To exercise any of these rights, email privacy@3dservicesusa.com. We will respond within 30 days.

California Residents (CCPA / CPRA)

Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, to opt out of the sale or sharing of personal information, and to limit use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined in the CPRA. To make a request, email privacy@3dservicesusa.com with "CCPA Request" in the subject line. We will verify your identity before processing your request and respond within 45 days. You may designate an authorized agent to submit a request on your behalf with written authorization. We will not discriminate against you for exercising any of these rights.

EU / UK / EEA Residents (GDPR)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, the EU General Data Protection Regulation (GDPR) and UK GDPR apply to our processing of your personal data.

Data Controller

3D Services USA is the data controller for personal data collected through 3dservicesusa.com. Contact: privacy@3dservicesusa.com.

Lawful Bases for Processing

  • Contract (Art. 6(1)(b)): to generate quotes, fulfill orders, process payments, and provide customer support.
  • Legitimate interests (Art. 6(1)(f)): to operate and secure our site, prevent fraud, improve our services, and communicate with business customers.
  • Consent (Art. 6(1)(a)): for marketing emails, non-essential cookies, and analytics tracking where required.
  • Legal obligation (Art. 6(1)(c)): to comply with tax, accounting, export-control, and sanctions laws.

Your GDPR Rights

In addition to the rights listed in the "Your Rights" section above, EU/UK residents have the right to: restrict processing, object to processing based on legitimate interests, withdraw consent at any time (without affecting the lawfulness of prior processing), and lodge a complaint with your local supervisory authority (e.g., the Information Commissioner's Office in the UK, CNIL in France, or the data protection authority where you reside or work).

International Data Transfers

We are based in the United States and our primary infrastructure providers (AWS, Vercel, Neon) operate data centers in the US. When personal data is transferred from the EEA, UK, or Switzerland to the US, we rely on the European Commission's Standard Contractual Clauses (2021/914) and, where applicable, the UK International Data Transfer Addendum, together with supplementary technical measures (encryption in transit and at rest, access controls, and vendor due diligence). Copies of the relevant transfer mechanisms are available on request to privacy@3dservicesusa.com.

Sub-processors

We engage the following sub-processors to help us deliver our services. Each sub-processor is bound by a written contract containing GDPR-compliant data protection terms (Art. 28).

ProviderPurposeRegion
Vercel Inc.Website hosting, edge networkUS / Global
Amazon Web Services (AWS)Encrypted file storage (S3), API hostingUS
NeonManaged PostgreSQL databaseUS
Stripe, Inc.Payment processingUS / Global
Zoho CorporationCRM, invoicing, emailUS / India / EU
EasyPostShipping label generation, trackingUS
SentryError monitoring and performance telemetryUS
Google LLCAnalytics (GA4), Tag Manager, AdsUS / Global

We review each sub-processor's security posture before onboarding and annually thereafter. We will notify registered account holders of any new or replacement sub-processor at least 30 days before they begin processing your personal data, giving you an opportunity to object. Objections should be sent to privacy@3dservicesusa.com.

Data Breach Notification

If we confirm a personal data breach that is likely to affect your rights and freedoms, we will notify affected account holders without undue delay (and, where GDPR / UK GDPR applies, within 72 hours of becoming aware of the breach where feasible under Art. 33) by email to the address on file. The notification will describe: the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures we have taken or recommend you take to mitigate harm. We will also cooperate with any competent supervisory authority as required by law.

Automated Decision-Making

Our instant quoting engine calculates pricing automatically from the geometry you upload and the options you select (material, finish, quantity). This is a computational price estimate, not a legal, credit, or eligibility decision, and it has no significant legal or similarly significant effect on you under Art. 22 GDPR. A human reviews flagged orders before production. Credit decisions for net-30 accounts involve human review and are not made solely by automated means.

Do Not Track

Some browsers send a "Do Not Track" (DNT) signal. Because there is no industry-standard interpretation of DNT, our site does not currently respond differently to DNT signals. You can still opt out of analytics and marketing cookies using the controls described in the Cookies section above, and we honor opt-out-preference signals such as Global Privacy Control (GPC) for California "Do Not Sell or Share" purposes.

Security

We use industry-standard security measures including TLS/SSL encryption for all data in transit, AES-256 encryption for files at rest in AWS S3, hashed and salted passwords (bcrypt), and role-based access controls for internal systems. No system is 100% secure, but we take reasonable steps to protect your data.

Children

Our services are not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our site. The "last updated" date at the top of this page tells you when the policy was last revised.

Contact

3D Services USA
Email: privacy@3dservicesusa.com
Website: 3dservicesusa.com/contact