Privacy Policy

Effective Date: January 1, 2025 Last Updated: October 24, 2025

MatterHackers, Inc. (the "Company," "we," or "us") created this Privacy Policy for the website www.pinshape.com (the "Site"). This policy explains how we collect, use, share, and protect your personal information when you visit our Site or use our services. Your use of the Site is also governed by our Terms of Use.

Geographic Scope

This privacy policy applies to all users of our Site regardless of location. However, residents of certain jurisdictions may have additional rights as described in the "Your Privacy Rights" section below.

What is Personal Information?

Personal information means any information that identifies, relates to, describes, or is capable of being associated with you, including but not limited to your name, address, email address, phone number, payment information, IP address, device identifiers, and online activity data.

What Personal Information Do We Collect?

Information You Provide Directly

Account Information: Name, email address, username, password, and profile information
Contact Information: Physical address, phone number, and communication preferences
Payment Information: Credit card details, billing address, and transaction history (we use secure third-party processors and do not store complete payment card numbers)
Communications: Content of messages you send to us, customer service interactions, and survey responses
User-Generated Content: Reviews, comments, forum posts, uploaded designs, and other content you create

Information Collected Automatically

Device and Browser Information: IP address, browser type, operating system, device identifiers, and screen resolution
Usage Data: Pages visited, time spent on Site, clicks, downloads, search queries, and referring websites
Location Data: General location based on IP address (we do not collect precise geolocation without consent)
Cookies and Similar Technologies: We use cookies, web beacons, and similar technologies as described in our Cookie Policy
Fraud Prevention and Security Data: Form interaction timing, mouse movement patterns, and behavioral patterns to detect automated bots and prevent abuse

Information from Third Parties

We may receive information about you from: - Social media platforms (when you connect accounts or share content) - Payment processors and fraud prevention services - Marketing and analytics partners - Other users who refer you or mention you in content

Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process personal information based on: - Consent: When you provide explicit consent for specific purposes - Contract Performance: To fulfill orders and provide requested services - Legitimate Interests: For business operations, fraud prevention, and improving our services - Legal Compliance: To comply with applicable laws and regulations

How We Use Your Personal Information

We use personal information for the following purposes: - Service Provision: Processing orders, managing accounts, and providing customer support - Communication: Sending order confirmations, service updates, and responding to inquiries - Marketing: Sending promotional emails and personalized offers (with your consent) - Analytics: Understanding how our Site is used and improving user experience - Security: Detecting fraud, preventing abuse, and protecting against security threats - Legal Compliance: Meeting regulatory requirements and responding to legal requests

Fraud Prevention and Security Measures

To protect our platform and users from automated abuse, fraud, and security threats, we implement several security measures:

Rate Limiting: We track the number of requests from each IP address to prevent excessive automated activity. IP addresses that exceed rate limits may be temporarily blocked.
Behavioral Analysis: During form submissions (such as registration or login), we analyze behavioral patterns including:
Form completion time (to detect suspiciously fast submissions)
Mouse movement presence (to distinguish human users from bots)
Form field interaction patterns (to detect automated form fillers)
Number and timing of user interactions
IP Address Tracking: We log IP addresses associated with account activity, failed login attempts, and rate-limited actions for security monitoring and abuse prevention.

This data is used solely for security purposes and is retained only as long as necessary to protect against ongoing threats. Behavioral tracking occurs automatically during form submissions and does not require additional consent as it is necessary for the security and integrity of our services.

How We Share Your Personal Information

We may share personal information with:

Service Providers

Third parties who perform services on our behalf, including: - Payment processors (Stripe, PayPal, etc.) - Shipping and logistics providers - Email and SMS service providers - Cloud hosting and data storage providers - Analytics and advertising platforms - Customer support tools

Business Transfers

In connection with mergers, acquisitions, or sales of business assets, personal information may be transferred to the acquiring entity.

Legal Requirements

When required by law, court order, or to protect our rights, property, or safety, or that of our users or others.

With Your Consent

When you explicitly consent to sharing with specific third parties.

We do not sell personal information to third parties for monetary consideration.

Data Retention

We retain personal information for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods include: - Account Information: Until account deletion plus 30 days - Transaction Records: 7 years for tax and regulatory compliance - Marketing Data: Until you unsubscribe plus 2 years - Analytics Data: 26 months in aggregated form - Security Logs: IP addresses and behavioral data used for fraud prevention are retained for 30 days unless required for ongoing investigation

International Data Transfers

We are based in the United States and may transfer personal information to countries outside your residence. For transfers from the EU, we implement appropriate safeguards including: - Standard Contractual Clauses approved by the European Commission - Adequacy decisions where applicable - Other legally recognized transfer mechanisms

Your Privacy Rights

All Users

Access: Request information about personal information we have collected
Correction: Request correction of inaccurate personal information
Deletion: Request deletion of personal information (subject to legal obligations)
Opt-out: Unsubscribe from marketing communications

California Residents (CCPA/CPRA)

You have additional rights including: - Right to Know: Detailed information about personal information collected, used, and shared - Right to Delete: Request deletion of personal information we have collected - Right to Correct: Request correction of inaccurate personal information - Right to Opt-Out: Opt-out of the "sale" or "sharing" of personal information - Right to Limit: Limit use and disclosure of sensitive personal information - Right to Non-Discrimination: Equal treatment regardless of exercising your rights

EU Residents (GDPR)

You have additional rights including: - Data Portability: Receive personal information in a portable format - Object to Processing: Object to processing based on legitimate interests - Withdraw Consent: Withdraw consent at any time where processing is based on consent - Lodge Complaints: File complaints with data protection authorities

Exercising Your Rights

To exercise these rights, contact us at [email protected] or use our privacy request form. We will respond within the timeframes required by applicable law.

Cookies and Tracking Technologies

We use cookies and similar technologies to: - Enable site functionality - Remember your preferences - Analyze site usage - Provide personalized content and advertising

You can manage cookie preferences through your browser settings or our Cookie Preference Center. Note that disabling certain cookies may affect site functionality.

Security

We implement appropriate technical and organizational measures to protect personal information, including: - Encryption of data in transit and at rest - Regular security assessments and audits - Access controls and authentication procedures - Employee training on data protection

However, no system is completely secure, and we cannot guarantee absolute security.

Children's Privacy

We do not knowingly collect personal information from children under 13 (or 16 in the EU) without parental consent. If we discover we have collected such information, we will delete it promptly.

Third-Party Links

Our Site may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies before providing personal information.

Data Breach Notification

In the event of a data breach that poses risks to your rights and freedoms, we will notify affected individuals and relevant authorities as required by law.

Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through a prominent notice on our Site. Your continued use of our Site after changes become effective constitutes acceptance of the updated policy.

Contact Information

Privacy Officer: [email protected]
General Questions: [email protected]
Mailing Address:
MatterHackers, Inc.
Attn: Privacy Officer
20321 Valencia Cir
Lake Forest, CA 92630

California Privacy Rights Notice

Categories of Personal Information Collected (Last 12 Months):

Category	Examples	Collected	Sources	Business Purpose	Third Parties Shared With
Identifiers	Name, email, phone, IP address	Yes	You, automatic collection, third parties	Account management, communication, fraud prevention	Service providers, analytics partners
Commercial Information	Purchase history, preferences	Yes	You, automatic collection	Order processing, customer service, marketing	Service providers, payment processors
Internet Activity	Browsing history, interactions, form interaction patterns	Yes	Automatic collection	Analytics, personalization, security, bot detection	Analytics providers, advertising networks
Geolocation	General location from IP	Yes	Automatic collection	Fraud prevention, content localization	Service providers
Audio/Visual	Profile photos, support calls	Sometimes	You	Account management, customer service	Service providers

We do not sell personal information for monetary consideration. We may share personal information for cross-context behavioral advertising, which may be considered "sharing" under California law.