CNC3D Business
Sign inSign up

Privacy Policy

What we collect, how we use it, and how we keep it safe.

Last updated: 21 May 2026

CNC3D respects your privacy and is committed to handling personal information in accordance with the Australian Privacy Principles (APPs) set out in the Privacy Act 1988 (Cth). This policy explains what personal information we collect, why we collect it, who we share it with, how long we keep it, and the rights you have over it.

1. What we collect

We collect the following categories of personal information:

  • Account information: name, email address, password (hashed and salted, never stored in clear), display name, organisation name, time zone, locale, language.
  • Marketplace activity: quote requests you post, bids you submit, messages you exchange with counterparties, NDAs you sign, files you upload, capability tags you set.
  • Business data (Business and Business Plus tiers only): clients, jobs, time entries, stock, invoices and related records you create within the platform.
  • Payment information: handled by Stripe; we receive only the data needed for billing reconciliation (last 4 digits of card, brand, country, billing email). We do not store full card numbers or CVV.
  • Technical data: IP address, user agent, device identifiers, session tokens, log timestamps, error reports.
  • Communications: emails, support tickets, chat transcripts, NDA signature evidence (legal name, IP, UTC timestamp).
  • Cookies and similar technologies: session cookies, CSRF tokens, preference cookies. We do not use third-party advertising or behavioural-tracking cookies.

2. Why we collect it

We collect personal information to:

  • Create and authenticate your account;
  • Operate the platform features you use (marketplace, business management, integrations);
  • Process payments and remit funds via Stripe Connect;
  • Send transactional messages such as email verification, password reset, marketplace notifications and invoices;
  • Provide customer support and resolve disputes;
  • Detect, prevent and respond to fraud, abuse, security incidents, and breaches of our Terms;
  • Comply with legal obligations, including tax reporting, AML/CTF obligations and lawful requests from authorities;
  • Improve the platform through aggregated, de-identified analytics.

3. Who we share it with

We share personal information only as needed to operate the platform or comply with the law:

  • Service providers: Stripe (payments and escrow), Microsoft Azure / Amazon Web Services (hosting), our chosen transactional email provider (verification and notification emails). Each is bound by contractual confidentiality and data-handling obligations.
  • Marketplace counterparties: when you post a request, the request title, description, capability tags, location, NDA requirement and any non-NDA-gated files become visible to fabricators we surface it to. When you submit a bid, your bid information, display name and org name become visible to the requester. We never reveal one fabricator's bid amount to another.
  • Authorities: when required by valid Australian or foreign legal process and we are satisfied of its validity.
  • Successors: in the event of a merger, acquisition, asset sale or reorganisation, personal information may transfer to the successor entity. Notice will be provided.
  • With your consent: in any other case, only with your express consent.

We do not sell personal information.

4. Where it's stored

Our primary data storage is hosted in Australia. Our payment processor (Stripe) operates globally and may process payment data in the United States, the United Kingdom, the European Union, Singapore and Ireland in accordance with their published Privacy Policy. By using the platform you consent to that international transfer for the purpose of processing your payments.

5. How long we keep it

We keep personal information only as long as is reasonably necessary for the purposes described above, or as required by law. Indicative retention periods:

  • Active account data: while your account is open and for 12 months thereafter, unless you request earlier deletion;
  • Marketplace transaction records: 7 years (tax and dispute-resolution requirements);
  • Audit logs and security incident records: 2 years;
  • Payment records: as required by Stripe and Australian tax law (typically 7 years).

You may request earlier deletion via the contact below. We will delete or anonymise data that is no longer required, except where retention is required by law or to defend a legal claim.

6. Your rights

Under the Australian Privacy Principles you have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Request deletion of your account and associated personal information (subject to legal retention requirements);
  • Withdraw consent for any processing based on consent;
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you believe we have mishandled your personal information.

To exercise any of these rights, email us at solutions@cnc3d.com.au with the subject line “Privacy request”. We will respond within 30 days.

7. Security

We use industry-standard safeguards to protect personal information:

  • TLS 1.2+ encryption for all data in transit;
  • AES-256 encryption at rest for databases and file storage;
  • Argon2id password hashing;
  • DPAPI-protected refresh tokens on the desktop client;
  • Principle-of-least-privilege access controls for our team;
  • Audit logging of administrative actions;
  • Regular dependency security scans and prompt patching.

No system is perfectly secure. If we become aware of a data breach that affects you, we will notify you in accordance with the Notifiable Data Breaches scheme.

8. Cookies

We use a small number of strictly-necessary cookies (session, CSRF, theme preference) on the website. We do not use third-party advertising or behavioural-tracking cookies. We may use first-party privacy-respecting analytics to understand aggregate usage. You may disable cookies in your browser but the platform may not function correctly without session cookies.

9. Children

The platform is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you become aware that a child has provided us personal information, please contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. We will publish the updated version on this page and update the “Last updated” date. Material changes will be notified by email or in-app notice.

11. Contact

Privacy questions? Email solutions@cnc3d.com.au with “Privacy” in the subject line.

See also: Terms of Use · Privacy Policy · Refund Policy · Acceptable Use