Legal · Privacy

Privacy Policy.

A clear, plain-English account of what the Makerly app collects, why, who we share it with, and the choices you have. Built so you can read it, not skim past it.

Last updated: May 8, 2026 · Plain-English summaries in italics. For Google Play’s Data safety form, see the Data Policy.

Plain-English summary

Your stash, your palettes, your projects, and your photos — they’re yours. We don’t sell your data. We don’t run advertising SDKs. The app asks for camera, photo, file, location, and notification access only when you use a feature that needs it, and you can revoke any of those permissions at any time in your device settings.

App identity & contact

App: Makerly (the “App”), an app for quilters, embroiderers, and sewers, published by the Makerly team (“Makerly,” “we,” “us,” “our”).

Privacy contact: contact@getmakerly.com. You can also reach us through the in-app support flow or the contact form on getmakerly.com. We aim to respond within one business day.

Who controls your data

The Makerly team is the data controller for the personal data described in this policy. The App stores account, profile, and project data in Supabase (Postgres database, authentication, storage, and edge functions) on our behalf. Our Supabase project is hosted in the United States; the Supabase URL used by the App is configured at build time via the EXPO_PUBLIC_SUPABASE_URL environment variable. Supabase processes your data under its own Privacy Policy and a Data Processing Addendum with us.

Account & profile

To use most features you create an account using your email address and a password. Authentication is handled by Supabase Auth, and your session is stored on your device using secure key–value storage (AsyncStorage) so you stay signed in between launches.

Your profile in the profiles table can include:

  • Email address — your sign-in identifier and the address we use for service emails.
  • Display name — optional, used in the app and (if you post) in community features.
  • Profile picture URL — optional, points to an image you uploaded to Supabase Storage.
  • Subscription & trial fields — trial start/end dates and current subscription status, used to gate Pro features.
  • Stripe customer linkage — the Stripe customer ID and subscription IDs associated with your account, so we can match billing events back to you.
  • Expo push token — only if you enable push notifications (see “Push & local reminders” below).
  • Admin flag — an internal boolean used by edge functions to grant moderation/admin tooling to staff accounts. Most users have this set to false.

Camera

Permission requested: android.permission.CAMERA on Android, and the NSCameraUsageDescription entitlement on iOS.

The App uses the device camera only when you tap a feature that needs it, for example to:

  • Scan and photograph fabric to add it to your stash.
  • Capture quilt blocks, embroidery hoops, or in-progress projects.
  • Photograph designs or printed patterns to attach to a project, troubleshoot a problem, or send to an AI feature you initiated.

Camera frames are processed locally on your device. They are not streamed to a remote server in real time, and we do not access the camera in the background. A photo only leaves your device if you save it, attach it to a project, send it to an AI feature, or post it to the community. The App does not record audio with the camera unless an explicit audio feature is later added and separately disclosed.

You can revoke camera access at any time in your device settings. Without it, camera-driven features are disabled but the rest of the App continues to work.

Photo library

The App can read from and write to your photo library when you use features that need it:

  • Read: picking fabric photos, project photos, or reference images via expo-image-picker.
  • Write: saving quilt previews, recolored designs, or rendered embroidery layouts back to your photo library via expo-media-library.

We only access photos you explicitly choose. The App does not browse, index, or upload your library in the background.

Files & documents

For features such as importing embroidery files, the App uses the system document picker (expo-document-picker) to let you pick a specific file. Only the file you choose is imported. We don’t scan your file system or other documents.

Photos & files we host

Images and files you choose to attach to a project, post, or stash entry are uploaded to Supabase Storage. Depending on the feature, your upload lands in either:

  • A public bucket with a public URL (for example, profile pictures or community post images), or
  • A private bucket accessed via short-lived signed URLs (for example, embroidery files or stash photos that should not be publicly browsable).

You can delete uploads at any time from inside the App; deleted files are removed from Supabase Storage. Background backups may retain residual copies for up to 30 days — see “Retention & deletion” below.

Device location

The App can request foreground device location (via expo-location) for one purpose only: the “Find local shops” flow on the shops screen. When you tap that flow we use your coordinates to:

  • Build a map or directions URL (Google Maps / Apple Maps).
  • Filter or sort the shop list by distance.

We do not collect location in the background, build a continuous location history, or use location to target advertising. Coordinates used for these flows are processed in memory and not stored long-term on our servers.

Stash “purchase location” text

When you save fabric to your stash you can optionally type where you bought it (a shop name, city, or note). This is plain text you enter, not GPS, and it is stored alongside your stash entry in our database. Leave the field blank if you don’t want to keep that information.

Push & local reminders

If you grant notification permission, the App registers an Expo push token and stores it on your profile so we can send you remote notifications — for example, replies to a community post, project reminders, or service announcements.

The App also schedules local notifications (no server involved) for things like trial expiration reminders. These are surfaced by your operating system at the time we scheduled them.

You can disable notifications system-wide in your device settings, or sign out to unregister the push token from your profile.

Payments & subscriptions

Pro subscriptions and trials are processed through Stripe. The App opens a Stripe Checkout or Customer Portal session served by our edge functions. Card numbers, CVCs, and expiration dates are entered directly into Stripe’s hosted UI — we never see or store your card details. Stripe handles payment data under PCI-DSS and its own privacy policy.

What our database stores is limited to: your Stripe customer ID, subscription IDs, plan, status, current period end, and trial dates. Receipts are emailed by Stripe to the email associated with the purchase.

AI features

Several features — craft advice, fabric rating, troubleshooting, design suggestions — are powered by Google’s Gemini models. When you use one of these features, your signed-in app sends the relevant prompt and any images/files you attached to our Supabase Edge Function (for example, ai-gemini), which forwards them to Google’s Gemini API for processing.

This means:

  • Your prompt and attached content are processed by our backend and by Google under Google’s Generative AI terms.
  • We may store a short usage record (for example, in an ai_usage table) tied to your account so we can enforce fair-use limits and trial/paid quotas.
  • We do not use your AI prompts to train Gemini.

On-device & server ML

Some craft features run machine-learning models on your device — for example, ML Kit-based vision tasks, background removal, and ONNX/SAM-style image segmentation used in quilting and embroidery flows. The image data for these on-device models stays on your device.

A small number of advanced features (where shipped to you) call our segment-shape edge function, which uses Replicate to run heavier segmentation models server-side. In that case, the image you submit is sent to Replicate for the duration of the request. Replicate processes data under its own privacy policy.

Community / My Shop

If you opt in to community features (for example, “My Shop” profiles, the public feed, comments, hearts, or shop follows), the content you post — text, images, profile information — is stored in Supabase and shown to other users. Posting is always your choice, and you can edit or delete your posts at any time. We may also remove content that violates our community guidelines, and we keep limited records of moderation actions and reports.

Shopping list

Your shopping list is stored locally on the device using AsyncStorage, keyed by your user ID after sign-in. It is not synced to our servers. Signing out or uninstalling the App clears the list from the device.

Quilt & design data

Projects, quilt designs, blocks, palettes, fabric stash entries, and similar craft data you save in the App are stored in Supabase tables (for example, quilts, fabrics, and related tables) so they sync across your devices. You remain the owner of this content. You can edit, export, or delete it from inside the App, or request full deletion (see “Retention & deletion”).

Email from the app

The App sends a small number of transactional emails through Supabase Auth: account-confirmation links on signup, password-reset links, and email-change confirmations. These emails route the user back to the App via a getmakerly.com redirect URL. We do not subscribe you to marketing emails by default; any newsletter is opt-in.

Links to third parties

The App can open external apps and websites — for example, Google Maps or Apple Maps for directions to a shop. When you follow such a link, the destination service receives a normal browser/app request (URL, IP address, user agent). We don’t share your Makerly account data with them, and they handle that visit under their own privacy policies.

Children

Makerly is a general-audience craft app and is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has created an account, email contact@getmakerly.com and we will delete the account and associated data.

Retention & deletion

You can request deletion of your account and associated personal data at any time from Settings → Account in the App, by visiting your account page on getmakerly.com, or by emailing contact@getmakerly.com. We delete account data, profile fields, projects, and your uploads from production systems within 30 days of a verified request.

Limited records may be retained longer where required — for example, billing/tax records held by Stripe, abuse-prevention logs, or encrypted backups. Encrypted database backups roll off on a 30-day cycle. Anonymized aggregates (such as feature-usage counts that no longer identify you) may be kept indefinitely.

International users

The App is operated from the United States. Supabase, Stripe, Expo, Google, and (where applicable) Replicate process your data on servers primarily located in the United States. If you use the App from outside the US, you understand that your data will be transferred to and processed in the US under this policy. Where required, our processors offer appropriate transfer mechanisms (for example, Standard Contractual Clauses).

App updates

The App uses Expo’s OTA update service (expo-updates) to deliver bug fixes and small improvements between full app-store releases. When the App checks for an update, Expo sees a normal request from your device. Expo processes that request under its own privacy policy.

No advertising SDKs

We do not include third-party advertising SDKs in the App, do not show third-party ads, and do not sell your personal information. If we ever change that, we will update this policy and notify users in advance.

Security

All traffic between the App and our servers, Stripe, Expo, Supabase, and Google is encrypted in transit (HTTPS/TLS). Database access is gated by Supabase row-level security so signed-in users can only read and write their own rows except where features (such as the public feed) explicitly allow shared access. Passwords are never stored in plain text. No internet service can be guaranteed 100% secure, but we work to keep your data safe and we will notify affected users in line with applicable law if a security incident occurs.

Terms of service

Use Makerly for your craft. Don’t abuse the community. Don’t scrape our libraries. We’ll keep the lights on.

By using Makerly you agree not to use the service for illegal activity, to attempt to breach our security, or to scrape our block, shop, or community databases. We may suspend or terminate accounts that violate these terms.

Subscriptions

Maker Pro subscriptions and trials are billed through Stripe. Trials end silently — we never auto-enroll you into a paid plan unless you explicitly start a paid subscription. You can cancel any time from Settings → Subscription (which opens the Stripe Customer Portal) and keep your Pro features until the end of your paid period. Stripe stores your payment details under PCI-DSS standards; we never see or store your full card number.

Your content

You own what you make in Makerly. We get a limited license to store, sync, and display your content back to you (and, for content you choose to post publicly, to other users who can see it). That’s it.

Changes to this policy

If we materially change this policy we will email signed-in users and post a notice in the App at least 30 days before it takes effect. Minor wording changes (typos, clarifications) are made in place with a new “Last updated” date.

Contact

Questions, requests, or concerns about this policy? Email contact@getmakerly.com or use the contact form. We’re happy to help.

For the Google Play “Data safety” breakdown of what is collected, shared, and why — see the Data Policy.