Data Policy.
A direct, structured breakdown of the data the Makerly app handles — what we collect, what we share, who we share it with, and how Android permissions map to specific features. This page mirrors the Google Play “Data safety” form.
At a glance
- We collect account info, profile fields, content you create, photos/files you choose to upload, push tokens, and (only when you use the “Find local shops” flow) approximate or precise device location.
- We share with processors that run the App on our behalf: Supabase (database/auth/storage), Stripe (payments), Expo (push & OTA updates), Google (Gemini AI & ML Kit), and Replicate (only for advanced server-side image segmentation, where shipped). We do not share data with advertisers or data brokers.
- We do not sell your personal information, run third-party advertising SDKs, or build a continuous location history.
- You can request deletion from inside the App (Settings → Account) or by emailing contact@getmakerly.com.
App & controller
App: Makerly. Controller: the Makerly team. Privacy contact: contact@getmakerly.com. Hosting: Supabase, Stripe, Expo, and Google services located primarily in the United States.
Personal identifiers
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| Email address | Collected | Required | Stored | Account creation, sign-in, password reset, transactional email. |
User ID (Supabase user.id) |
Collected | Required | Stored | App functionality (links your data to your account); account management. |
| Display name | Collected | Optional | Stored | App functionality and personalization. Visible in community features only if you opt in. |
| Profile photo | Collected | Optional | Stored | App functionality and personalization. Hosted in Supabase Storage. |
Financial info
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| Subscription & trial state | Collected | Required (for Pro) | Stored | App functionality & account management. Stored as fields on the user’s profile. |
| Stripe customer & subscription IDs | Collected | Required (for Pro) | Stored | Match Stripe billing events back to the right account. |
| Purchase history | Collected | Optional | Stored at Stripe | Billing, refunds, receipts. Held by Stripe under their privacy policy. |
| Payment card details (PAN/CVC/exp.) | Not collected by Makerly | — | — | Entered directly into Stripe Checkout. Makerly never sees or stores card data. |
Messages & other user content
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| AI prompts & attachments (Gemini-backed features) | Collected · Shared | Optional (only when used) | Mostly ephemeral | Run the AI feature you invoked; enforce per-account fair-use limits via short usage records. |
| Troubleshooting / craft AI submissions | Collected · Shared | Optional | Mostly ephemeral | Same as above; processed by Google Gemini under their terms. |
| Community posts, comments, hearts (My Shop / feed) | Collected | Optional | Stored | App functionality — show your post to other users you’ve chosen to share with. |
Photos & videos
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| Camera capture (fabric scans, project photos, design captures) | Collected | Optional (per use) | Stored only if you save / upload | App functionality — the feature you initiated (stash, project, troubleshoot, AI). |
| Photo-library picks | Collected | Optional | Stored only if you save / upload | Attach to a stash entry, project, AI prompt, or community post. |
| Uploaded images (Supabase Storage) | Collected · Shared with Supabase | Optional | Stored | Persist your fabric/project/profile/community/embroidery files across devices. |
| Embroidery / design files | Collected · Shared with Supabase | Optional | Stored (private bucket) | App functionality — stored in a private bucket and accessed via short-lived signed URLs. |
Audio
The App does not collect, record, or upload audio as part of any current feature. The Android READ_MEDIA_AUDIO permission, if listed in the manifest, is included only because of the media-picker library and is not used to read your audio files. If a future feature requires audio, this policy and the Data safety form will be updated before that feature ships.
Location
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| Approximate location | Collected (only when used) | Optional | Ephemeral | App functionality — only inside the “Find local shops” flow, foreground only. |
| Precise location | Collected (only when used) | Optional | Ephemeral | Build accurate map / directions URLs and sort nearby shops by distance. |
| User-entered “purchase location” text on stash | Collected | Optional | Stored | App functionality — declared as “other personal info / app activity” rather than device location: it is plain text you type, not GPS. |
App activity
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| In-app actions tied to your account (saves, project edits, stash changes) | Collected | Required | Stored | App functionality — persist and sync your data. |
| AI usage counters | Collected | Optional (only if you use AI) | Stored | Enforce trial / paid quotas and rate limits. |
App info & performance
We do not currently bundle a third-party crash-reporting SDK in shipped builds (Sentry is wired but commented out). If we enable crash reporting in a future release, it will be limited to anonymous diagnostic data (stack traces, OS / app version, device model) and we will update this section.
Device or other IDs
| Data type | Status | Required / optional | Storage | Purpose |
|---|---|---|---|---|
| Expo push token | Collected | Optional (only if you allow notifications) | Stored on your profile | Send remote push notifications via Expo’s push service. |
| Advertising ID / device ID | Not collected | — | — | The App contains no advertising SDK and does not read the Android Advertising ID. |
Third parties & data sharing
We share specific data with the processors below so they can run the corresponding part of the App on our behalf. Each runs under its own privacy policy and a data-processing agreement with us.
Supabase
Auth, Postgres database, Storage (public & private buckets), and Edge Functions. Hosts your account, profile, projects, stash, community posts, and uploads.
Stripe
Subscription billing, checkout, customer portal, invoices. Receives card and billing data directly from your device; we receive only Stripe’s account/subscription metadata.
Expo
Push notification delivery (when you opt in) and optional OTA update bundles for the App. Receives your device push token and update-check requests.
Gemini API (for AI features you initiate), ML Kit (on-device vision tasks), and Firebase / Google Play Services config used by Expo for FCM push on Android.
Replicate
Where shipped, the segment-shape edge function uploads the image you submit to Replicate to run heavier segmentation models. Used only for that flow.
Google Maps / Apple Maps
The App deep-links to maps apps for shop directions. Following such a link is a normal request to that map service under its own privacy policy.
Security practices
- Encryption in transit: all traffic to Supabase, Stripe, Expo, Google, and Replicate runs over HTTPS / TLS.
- Authenticated access: sensitive endpoints require a signed-in Supabase session.
- Row-level security: Supabase RLS policies restrict each user to their own rows except where features explicitly allow shared access (for example, the public community feed).
- Hashed passwords: passwords are stored as Supabase Auth hashes; we never see your plaintext password.
- Deletion on request: you can ask us to delete your account and personal data, in-app or by email.
Android permissions → features
| Permission | When requested | Used for |
|---|---|---|
android.permission.CAMERA |
The first time you tap a camera-driven feature. | Scanning fabric, photographing quilt blocks/embroidery hoops/projects, capturing designs to send to AI features. Camera frames are processed locally and only leave the device if you save or upload them. |
Photo / media read & write (READ_MEDIA_IMAGES, WRITE_EXTERNAL_STORAGE on older Android) |
When you pick an image, or save a generated image (recolored quilt, palette card, etc.) to your library. | Importing reference images, exporting renderings, saving previews you create in the App. |
| Files & documents | When you import an embroidery file or other document. | Reading the single file you pick from the system document picker. |
ACCESS_COARSE_LOCATION / ACCESS_FINE_LOCATION |
Only inside the “Find local shops” flow, in the foreground. | Building map / search URLs and sorting nearby shops by distance. No background location. |
POST_NOTIFICATIONS |
When you enable notifications. | Remote push (community replies, project reminders) and local trial-reminder notifications. |
| Internet / network | Always (the App is online-first). | Sync with Supabase, payments via Stripe, AI calls via our edge functions, push delivery via Expo. |
Your choices
- Revoke a permission — in your Android settings under Apps → Makerly → Permissions. The corresponding feature will stop working, but the rest of the App continues.
- Disable notifications — system notification settings, or sign out to unregister your push token.
- Cancel your subscription — Settings → Subscription opens the Stripe Customer Portal.
- Delete an upload, post, or stash entry — from inside the App; the file is removed from Supabase Storage.
- Delete your account — Settings → Account, or email contact@getmakerly.com. We process verified deletion requests within 30 days.
Contact
Questions about anything on this page? Email contact@getmakerly.com or use the contact form.
For the full narrative version, see the Privacy Policy.