Back to Home
Legal Document

Privacy Policy

Last updated: April 28, 2026

1

Introduction

This Privacy Policy explains how Tisfile S.R.L. (“TisFile”, “we”) collects, uses, and protects personal data in compliance with the General Data Protection Regulation (GDPR).

2

Roles Under GDPR

Subscribers

Data Controllers for their End Users

TisFile
  • Data Controller for Subscriber data
  • Data Processor for End User data
3

Data We Collect

3.1 Subscriber Data

  • Name
  • Email
  • Profile image
  • Stripe customer ID
  • Subscription status

3.2 Subscriber Content

  • STL files (3D models)
  • Product configurations
  • Viewer settings
  • API keys

3.3 End User Data (Processed on Behalf of Subscribers)

  • Email address
  • Optional description
  • SVG logo files
  • Rendered STL files
  • Configuration metadata

3.4 Studio AI Inputs & Outputs

When Subscribers or End Users interact with TisFile Studio (our AI-driven 3D product generator), the following content is sent to third-party AI processors on the Subscriber’s behalf:

  • Reference images uploaded to drive generation (e.g. product photos, mannequin shots)
  • Logos and graphics uploaded for placement on generated products
  • Text prompts and configuration parameters (size, fit, material descriptors)
  • Generated images and 3D models (GLB) returned by the providers

These inputs and outputs are stored under the Subscriber’s account so they can re-open and edit prior generations. We do not train models on your content. See the Subprocessors section for the list of AI providers we use.

3.5 Studio Billing & Anti-Abuse Data

  • Studio credit balance and ledger entries (purchases, AI spend, refunds)
  • Stripe customer ID, saved payment method ID (if auto-top-up is enabled), and payment intent records
  • IP address at the time of credit-consuming operations (used for per-IP daily caps and anomaly detection)
  • Auto-top-up configuration, daily/burst spend caps, and trip-wire telemetry
4

Purpose of Processing

We process data to:

  • Provide and operate the Service
  • Process payments and Studio credit purchases
  • Deliver transactional emails
  • Enable 3D rendering and customization
  • Generate AI imagery, 3D models, and product previews via third-party AI providers (TisFile Studio)
  • Enforce credit balances, spend caps, and detect abusive usage patterns
  • Ensure security and prevent abuse
5

Legal Bases

  • Contractual necessity
  • Legitimate interests
  • Legal obligations
  • Consent (where applicable)
6

Data Retention

Data is retained:

  • While the account is active
  • According to subscription limits
  • Until deleted by the Subscriber
  • Or as required by law

Account deletion removes all associated data permanently.

7

Data Subject Rights

Subscribers may:

  • Access, correct, export, or delete their data
  • Revoke API keys
  • Close their account at any time

End Users must contact the Subscriber directly for rights requests.

8

Cookies & Storage

We use:

  • Session cookies
  • Authentication tokens
  • Local storage for viewer preferences

We do not use advertising or tracking cookies.

9

Security

We apply industry-standard safeguards including:

🔒HTTPS encryption
🔐Secure authentication
🛡️Access controls
File validation
10

Subprocessors

We engage the following third-party processors to deliver the Service. Each is bound by a data processing agreement and processes data only on our documented instructions.

Google (Gemini API)

Generates images and text used by TisFile Studio. Receives uploaded reference images, logos, and prompts.

Tripo3D

Generates 3D models (GLB) from images submitted via TisFile Studio. Receives the cleaned product image used to drive generation.

Stripe

Processes subscription payments, Studio credit pack purchases, and saved payment methods for auto-top-up. Receives billing data only.

Amazon Web Services (S3)

Hosts STL files, SVG logos, generated images, GLB models, and rendered previews.

Resend

Sends transactional emails (quote notifications, billing alerts, magic-link authentication, spend-velocity alerts).

MongoDB Atlas

Hosts our application database (accounts, products, generations, ledger).

Vercel

Hosts the TisFile web application and serverless functions.

We do not authorise any of these subprocessors to use your content to train their own models, and we configure each integration to disable training where the provider offers such a control.

11

International Transfers

Data may be processed outside the EU using providers with appropriate safeguards (e.g., Standard Contractual Clauses).

12

Changes to This Policy

We may update this Privacy Policy. Material changes will be communicated via email. Continued use constitutes acceptance.

13

Contact

Tisfile S.R.L.
titus@tisfile.comtisfile.com