Privacy policy

3D CertHub Privacy Policy

Last updated: May 4, 2026

3D CertHub UK Ltd operates this website, online store, and the 3D CertHub desktop application, including all related information, content, features, tools, products, software and services, in order to provide you with our services (the “Services”).

Our website and online store are powered by Shopify, which enables us to provide our store, checkout, order management, and related ecommerce services. This Privacy Policy explains how we collect, use, store, and disclose personal information when you visit our website, use our store, make a purchase, download or use the 3D CertHub app, activate a licence, start a trial, submit a bug report or feature request, or otherwise communicate with us.

If there is a conflict between our Terms of Service, Software Licence Agreement, Subscription Terms, and this Privacy Policy, this Privacy Policy controls in relation to the collection, processing, use, storage, and disclosure of personal information.

Please read this Privacy Policy carefully. By using or accessing any of the Services, you acknowledge that you have read this Privacy Policy and understand how your information is collected, used, and disclosed as described below.

1. Who We Are

For the purpose of applicable data protection laws, including the UK GDPR and Data Protection Act 2018, the data controller is:

3D CertHub UK Ltd
71–75 Shelton Street
Covent Garden
London
WC2H 9JQ
United Kingdom

Email: hello@3dcerthub.co.uk
Website: https://3dcerthub.co.uk

2. Personal Information We Collect or Process

When we use the term “personal information”, we mean information that identifies you or can reasonably be linked to you or another person. Personal information does not include information that has been anonymised or de-identified so that it can no longer reasonably identify you.

Depending on how you interact with the Services, we may collect or process the following categories of personal information.

3. Website and Store Information

When you use our website or make a purchase through our Shopify store, we may collect or process:

contact details, including your name, address, billing address, shipping address, phone number, and email address;
financial and transaction information, including payment details, purchase history, payment confirmations, and order details;
account information, including username, password, preferences, and settings where applicable;
transaction information, including products you view, add to your cart, purchase, return, exchange, or cancel;
communications with us, including information you include in customer support enquiries or other messages;
device information, including information about your device, browser, network connection, IP address, and other technical identifiers;
usage information, including how and when you interact with our website, store, checkout, and related services.

Payment information is processed by Shopify and/or relevant payment providers. We do not directly store full payment card details.

4. App Licensing and Access Information

When you use the 3D CertHub app, we may collect and send to our servers only the limited information needed to operate trials, licence activation, subscription access, entitlement checks, and licence enforcement.

This may include:

your email address, for example at trial signup, licence activation, or after a Shopify purchase;
licence key information;
key type;
plan type;
activation date;
expiry date;
licence or subscription status;
trial progression state, such as whether a technical file has been created and, where applicable, a completion timestamp;
a machine fingerprint used for licence enforcement and machine locking.

The machine fingerprint is a one-way SHA-256 hash generated from device characteristics such as MAC address, CPU, hostname, and operating system. It is used only for licence enforcement and machine locking. We do not use it for advertising, analytics, behavioural tracking, or profiling.

Where technically possible, we store the resulting one-way hash rather than the raw device characteristics used to generate it.

5. Bug Reports and Feature Requests

If you choose to submit a bug report or feature request through the app, we may collect:

the type of submission, such as bug report or feature request;
the subject or summary you enter;
the description you provide, including bug details, feature request details, and steps to reproduce where relevant;
your email address, if you choose to provide one so that we can reply.

If you choose to include diagnostic details as part of that submission, we may also collect:

app version;
operating system;
current screen or section within the app;
masked licence key.

Diagnostic details are optional. They are only sent if you actively submit the report, and you can choose whether or not to include them using the checkbox provided in the app.

6. Information Stored Locally on Your Machine

The 3D CertHub app is designed so that core working data remains on your own machine unless and until you choose to export, send, upload, share, or otherwise transmit it.

This local app data may include:

manufacturer business details, such as name, address, and contact information;
technical file content, including product names, materials, test results, risk assessments, compliance notes, and declarations;
uploaded files, including EN71-3 certificates, product photos, print files, labels, and related evidence;
batch, spool, and material register data;
app settings and local working records.

We do not send this locally stored technical file content to our servers as part of normal app operation.

You are responsible for managing, protecting, backing up, exporting, moving, or deleting locally stored app data on your own machine.

7. Incidental Technical Information

Some limited technical information may be processed as part of normal infrastructure operation, including:

IP address information in standard Cloudflare request logs;
request metadata needed to operate licensing and entitlement services;
app version information when the app checks for updates, for example via the GitHub Releases API;
basic server logs generated by infrastructure providers.

We do not use analytics, telemetry, crash reporting, or usage tracking within the 3D CertHub app.

8. Personal Information Sources

We may collect personal information from the following sources:

directly from you, including when you visit our website, place an order, sign up for a trial, activate a licence, submit a bug report or feature request, contact us, or otherwise provide information to us;
automatically through the Services, including through website cookies, app licensing requests, and routine server or infrastructure logs;
from Shopify and other service providers who help us operate the Services;
from payment and commerce providers involved in processing purchases, subscriptions, and renewals;
from communication providers used to send or receive service, support, bug report, or feature request emails.

9. How We Use Your Personal Information

Depending on how you interact with us, we may use personal information for the purposes below.

10. Provide, Operate, and Improve the Services

We use your personal information to provide the Services, including to:

process payments and purchases;
fulfil orders;
provide access to digital products, downloads, software, and services;
deliver trial access, subscription access, and licence activations;
create, maintain, and manage your account where applicable;
provide customer support;
maintain and improve our website, store, app, and related services.

11. Licence Enforcement and Access Control

For the 3D CertHub app, we use limited account and licensing information to:

activate and validate trials and licences;
apply machine-locking and entitlement controls;
determine licence status, plan type, activation date, and expiry date;
prevent misuse or abuse of trials, subscriptions, or activation keys;
manage expired, cancelled, read-only, or grace-period access states.

The machine fingerprint used for this purpose is a one-way hash. It is used only as a licence enforcement mechanism and is not intended to identify the machine owner personally.

12. Bug Reports, Feature Requests, and Support

We use information submitted through bug reports and feature requests to:

investigate bugs and technical issues;
understand how an issue occurred;
reproduce reported problems where possible;
assess, prioritise, and respond to feature requests;
contact you about your report if you choose to provide an email address.

Where diagnostic details are included, we use them only to help investigate the issue or understand the context of the request.

13. Marketing and Communications

We may use your personal information to send service messages, order emails, licence emails, support replies, renewal notices, and other communications connected with the Services.

We may also send marketing emails where permitted by law. You may opt out of marketing emails at any time by using the unsubscribe link in those emails. If you opt out of marketing emails, we may still send non-marketing messages, such as order confirmations, licence emails, subscription notices, security messages, or support replies.

14. Security and Fraud Prevention

We use personal information to authenticate accounts, protect purchases and activations, detect possible fraudulent, unlawful, unsafe, malicious, or abusive activity, protect our Services, and secure our systems.

15. Legal and Business Purposes

We may use personal information to:

comply with legal obligations;
meet tax, accounting, consumer protection, and business record requirements;
respond to valid legal process or lawful requests from authorities;
investigate disputes;
enforce our agreements and policies;
establish, exercise, or defend legal claims.

16. Lawful Bases for Processing

Where UK GDPR or similar laws apply, we process personal information under the following lawful bases:

Contract — where processing is necessary to provide purchases, downloads, software access, trial access, licence activation, subscriptions, support, and account-related services.
Legitimate interests — where processing is necessary for licence enforcement, fraud prevention, security, service operation, bug investigation, feature request handling, customer support, and improving the Services, provided those interests are not overridden by your rights and freedoms.
Legal obligation — where processing is necessary for accounting, tax, consumer law, compliance obligations, dispute handling, or lawful requests from authorities.
Consent — where we rely on your consent, for example for certain optional marketing communications or optional diagnostic details. Where we rely on consent, you may withdraw that consent at any time.

17. How We Disclose Personal Information

In certain circumstances, we may disclose personal information to third parties for legitimate purposes consistent with this Privacy Policy. These circumstances may include:

with Shopify, vendors, and other service providers who perform services on our behalf, such as ecommerce hosting, payment processing, communications, customer support, data hosting, or infrastructure services;
with cloud and infrastructure providers involved in app licensing, security, entitlement validation, and service operation;
with service providers used to receive and deliver bug reports, feature requests, or support emails on our behalf;
with payment, subscription, and commerce providers involved in processing purchases, renewals, cancellations, refunds, or account access;
where disclosure is required to comply with applicable law, legal process, or lawful requests from authorities;
in connection with a business transaction such as a merger, acquisition, restructuring, bankruptcy, or sale of assets;
to protect or defend the Services, our rights, and the rights of our users or others.

We do not sell your personal information.

However, Shopify and certain advertising, marketing, or analytics partners may process information for personalised advertising, store performance, fraud prevention, or similar purposes as described in Shopify’s privacy documentation and any cookie or privacy settings made available through the website.

18. Relationship with Shopify

Our website and store are powered by Shopify. Shopify collects and processes personal information about your access to and use of the store in order to provide, protect, and improve Shopify-powered services.

Information you submit through the store may be transmitted to and shared with Shopify and third parties that may be located in countries other than where you reside, in order to provide and improve the Services.

In addition, to help protect, grow, and improve our business, we may use Shopify features that incorporate data and information obtained from your interactions with our store, along with other merchants and with Shopify. To provide these features, Shopify may make use of personal information collected about your interactions with our store, with other merchants, and with Shopify.

In these circumstances, Shopify may be responsible for certain processing of your personal information, including responding to requests to exercise rights over Shopify-controlled processing.

To learn more about how Shopify processes personal information, please review Shopify’s Consumer Privacy Policy and Shopify Privacy Portal.

19. App Data and Local Storage

The 3D CertHub app is designed so that core technical file and compliance working data stays on your machine during normal use.

This means that information such as:

manufacturer profiles;
technical files;
product definitions;
risk assessments;
test records;
uploaded certificates;
photos;
print files;
labels;
material, spool, and batch data;
locally saved compliance evidence;

is stored locally on your machine and is not routinely collected by our servers.

The app sends only limited licensing and entitlement information needed to manage trial access, activation, subscription validation, licence enforcement, and any bug report or feature request details you choose to submit.

20. Cookies and Similar Technologies

Our website may use cookies and similar technologies to support website functionality, remember preferences, operate checkout, analyse store performance, prevent fraud, and support Shopify-powered services.

Where required, the website may provide cookie or privacy choices using Shopify customer privacy tools or other cookie-management settings.

The app may also use local device storage where necessary for core functionality, settings, licence state, and local data storage. This local storage is part of the software’s operation and is not used for analytics, behavioural tracking, or advertising.

21. Third-Party Websites and Links

The Services may provide links to websites or other online platforms operated by third parties.

If you follow links to sites not affiliated with or controlled by us, you should review their privacy policies, security policies, and terms. We are not responsible for the privacy, security, accuracy, completeness, or reliability of third-party websites or platforms.

Information you provide on public or semi-public venues, including third-party social media platforms, may also be viewable by other users of those platforms and may be used by those platforms or others according to their own terms and privacy policies.

Our inclusion of links does not, by itself, imply endorsement of the linked website, platform, content, owner, or operator.

22. Children’s Data

The Services are not intended to be used by children, and we do not knowingly collect personal information from children under the age of majority in your jurisdiction.

If you are the parent or guardian of a child who has provided us with personal information, you may contact us using the contact details below to request that it is deleted.

As of the effective date of this Privacy Policy, we do not have actual knowledge that we “share” or “sell” personal information of individuals under 16 years of age, as those terms are defined in applicable law.

23. Security and Retention of Your Information

Please be aware that no method of transmission or storage is completely secure, and we cannot guarantee perfect security.

We retain personal information for as long as reasonably necessary for the purposes set out in this Privacy Policy, including to:

provide the Services;
maintain account, order, subscription, and licensing records;
review and respond to bug reports, feature requests, and support enquiries;
comply with legal, accounting, tax, and consumer law obligations;
resolve disputes;
prevent fraud or abuse;
enforce our agreements and policies.

Our typical retention approach is as follows:

Data type	Typical retention approach
Order and transaction records	Kept as needed for accounting, tax, legal, consumer support, and business record purposes
Licence and subscription records	Kept while the licence or subscription is active and for a reasonable period afterwards for support, dispute handling, fraud prevention, and accounting
Trial records	Kept as needed to operate trials, prevent trial abuse, and manage access
Bug reports and feature requests	Kept for as long as needed to investigate issues, improve the app, respond to users, and maintain support history
Marketing preferences	Kept until you unsubscribe or ask us to remove them, subject to suppression-list requirements
Local app technical file data	Stored on your machine and controlled by you

Locally stored app content remains under your control on your own machine unless you choose to delete, export, move, back up, send, or otherwise manage it yourself.

24. Your Rights and Choices

Depending on where you live, you may have some or all of the following rights in relation to your personal information, subject to applicable law:

the right to request access to personal information we hold about you;
the right to request correction of inaccurate personal information;
the right to request deletion of personal information;
the right to request restriction of processing in certain circumstances;
the right to object to certain processing;
the right to withdraw consent where processing is based on consent;
the right to request portability of certain personal information;
the right to opt out of marketing emails.

These rights are not absolute and may apply only in certain circumstances. We may need to verify your identity before responding to a request.

You may exercise your rights by contacting us using the details below.

You may also opt out of marketing emails at any time by using the unsubscribe link in those emails. If you opt out, we may still send non-marketing emails, such as order confirmations, licence messages, access emails, subscription notices, security messages, or support replies.

25. Complaints

If you have concerns about how we process your personal information, please contact us first so that we can try to resolve the issue.

If you are in the UK, you also have the right to lodge a complaint with the Information Commissioner’s Office.

Information Commissioner’s Office
Website: https://ico.org.uk
Telephone: 0303 123 1113

If you are outside the UK, you may have the right to complain to your local data protection authority.

26. International Transfers

We or our service providers may transfer, store, or process personal information outside the country in which you live.

Where required by applicable law, we will rely on recognised legal mechanisms for international transfers of personal information, such as adequacy decisions, standard contractual clauses, UK international data transfer agreements, or other appropriate safeguards.

27. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, including to reflect changes to our Services, our practices, our suppliers, our app functionality, or legal and regulatory requirements.

We will post the revised Privacy Policy on our website, update the “Last updated” date, and provide notice where required by applicable law.

28. Contact

If you have any questions about this Privacy Policy, our privacy practices, or if you would like to exercise any rights available to you, please contact us at: