This privacy policy explains how Xstitchify ("we", "us", "our") collects, uses, and protects your information when you use our website at xstitchify.com. We keep things simple and only collect what we need to make the site work well for you.

What We Collect

Account information: If you create an account, we collect your email address and a username. This is used to log you in and let you save patterns to your library.

Images you upload: When you use our pattern maker, your uploaded images are processed on our server to generate cross stitch patterns. These are stored temporarily and are not shared with anyone. We do not use your images for any purpose other than generating your pattern.

Pattern data: If you have an account, patterns you save to your library are stored in our database so you can access them later.

Payment information: If you purchase a premium upgrade, payment is handled entirely by Stripe. We do not see or store your card details. Stripe processes your payment securely and shares only a transaction reference with us so we can activate your account.

Session data: We use Django's session framework to keep track of things like your login state and daily pattern usage count. This is stored server-side.

Analytics: We use Google Analytics to understand how people use the site (which pages are popular, how long visits last, etc.). Google Analytics uses cookies and collects anonymised data such as your approximate location, browser type, and pages visited. You can opt out of Google Analytics by using a browser add-on or by adjusting your browser's cookie settings.

What We Don't Collect

• We don't sell your data to anyone
• We don't share your personal information with third parties for marketing
• We don't track you across other websites
• We don't use your uploaded images for training, advertising, or anything beyond generating your pattern

Cookies

We use a small number of cookies to keep the site working:

• Session cookie - keeps you logged in and tracks your session (essential)
• CSRF cookie - a security token that prevents cross-site request forgery (essential)
• Google Analytics cookies - help us understand site usage (only set if you accept via the cookie banner)

When you first visit, Google Analytics runs in cookieless mode and does not store cookies on your device. If you click "Accept" on the cookie banner, analytics cookies are enabled for a richer understanding of site usage. If you click "No thanks", no analytics cookies are set. You can change your preference at any time by clearing your browser's local storage for this site.

Affiliate Links

Some pages on our site contain affiliate links to Amazon. When you click these links and make a purchase, we may earn a small commission at no extra cost to you. These links are clearly labelled. The affiliate programme does not give us access to any of your Amazon account information.

Third-Party Services

We use the following third-party services:

• Stripe - for payment processing (Stripe's privacy policy)
• Google Analytics - for website analytics (Google's privacy policy)
• Cloudflare - for CDN and security (Cloudflare's privacy policy)
• Amazon Associates - for affiliate links

Data Retention

Uploaded images: Your original image is deleted from our server immediately after your pattern has been generated. We only keep the resulting pattern data (the grid of colours and stitches), not your original image.

Saved patterns: Stored for as long as you have an account. If you delete a pattern from your library, it is permanently removed.

Account data: Kept for as long as your account is active. If you'd like us to delete your account and all associated data, please contact us and we'll sort it out.

Your Rights

You have the right to:

• Access the personal data we hold about you
• Ask us to correct or update your information
• Ask us to delete your account and data
• Withdraw consent for analytics tracking (via your browser settings)

To exercise any of these rights, please get in touch. We'll respond as quickly as we can.

Security

We take reasonable steps to protect your data, including HTTPS encryption, secure password hashing, and rate limiting to prevent abuse. However, no system is 100% secure, and we cannot guarantee absolute security.

Children

Our service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. If we make significant changes, we'll note the new date at the top. Continued use of the site after changes means you accept the updated policy.

Contact

If you have any questions about this privacy policy, please contact us.