This Privacy Policy describes how 3DFS LLC, a North Carolina limited liability company ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects your personal information when you use the PQRA Engine service ("Service") at https://pqra.3dfs.com. This policy applies to all users of the Service worldwide.
We are committed to protecting your privacy and handling your data transparently. Please read this Privacy Policy carefully.
1. DATA CONTROLLER
3DFS LLC A North Carolina Limited Liability Company Email: [email protected] Website: https://pqra.3dfs.com
If you are located in the European Economic Area (EEA) and we are required to appoint an EU Representative under Article 27 of the GDPR, their contact information will be published at https://pqra.3dfs.com/legal/eu-representative.
2. INFORMATION WE COLLECT
2.1 Account Data
When you create an account, we collect: - Name - Email address - Company or organization name (optional) - Industry sector (optional, for report customization)
Legal basis (GDPR): Contract performance.
2.2 Payment Data
When you subscribe to a paid plan, our payment processor Stripe collects: - Billing name and address - Credit card or payment method information
We receive only your billing address and the last four digits of your card number from Stripe. We never store full credit card numbers.
Legal basis (GDPR): Contract performance.
2.3 Uploaded Files
When you use the Service, you upload power quality measurement data files (MF4, COMTRADE, CSV, or similar formats). These files contain electrical measurement data (voltage, current, power waveforms) captured by measurement instruments. These files do not typically contain personal data; they contain measurements of electrical systems.
Legal basis (GDPR): Contract performance.
2.4 Analysis Outputs
The Service generates analysis reports (HTML, JSON, CSV) from your uploaded files. These outputs contain derived power quality metrics, grades, charts, and assessments.
Legal basis (GDPR): Contract performance.
2.5 Usage Data
We automatically collect information about how you use the Service, including: - Analysis job history and timestamps - Features used - File sizes and processing durations - Error logs
Legal basis (GDPR): Legitimate interest (service improvement and performance monitoring).
2.6 Technical Data
We automatically collect technical information, including: - IP address - Browser type and version - Operating system - Session tokens - Referring URLs
Legal basis (GDPR): Legitimate interest (security, fraud prevention, and service delivery).
2.7 Communications
When you contact support or provide feedback, we collect the content of those communications.
Legal basis (GDPR): Legitimate interest (customer support and service improvement).
3. WHAT WE DO NOT COLLECT OR DO
We want to be clear about what we do NOT do with your data:
- We do not sell your personal data to third parties for advertising, marketing, or any other purpose.
- We do not share your data with third parties for their own marketing purposes.
- We do not train AI or machine learning models on your uploaded measurement files or analysis outputs.
- We do not serve targeted advertising. The Service contains no advertising.
- MF4 and measurement files do not contain personal data. They contain electrical measurements from instruments.
4. HOW WE USE YOUR INFORMATION
We use the information we collect to:
| Purpose | Data Used |
|---|---|
| Provide and operate the Service | Account data, uploaded files, analysis outputs |
| Process payments and manage subscriptions | Payment data, account data |
| Send transactional communications (job completion, account alerts) | Email address |
| Provide customer support | Account data, communications, usage data |
| Monitor and improve service performance | Usage data, technical data |
| Detect and prevent fraud and abuse | Technical data, usage data |
| Comply with legal obligations | All categories as required |
5. DATA RETENTION
We retain your data for the following periods:
| Data Type | Basic (Free) | Pro | Max | After Account Deletion |
|---|---|---|---|---|
| Uploaded measurement files | 7 days | 90 days | 1 year | Permanently deleted within 30 days |
| Analysis reports | 7 days | 90 days | 1 year | Permanently deleted within 30 days |
| Account data | Until you delete your account | Until you delete your account | Until you delete your account | Deleted within 30 days |
| Payment records | 7 years | 7 years | 7 years | Retained per financial regulations |
| Usage and audit logs | 90 days | 90 days | 90 days | Aggregated and anonymized |
After the retention period, data is permanently deleted from our systems and our sub-processors' systems.
6. THIRD-PARTY SUB-PROCESSORS
We use the following third-party service providers to operate the Service. Each processes data only as necessary for the specific function described:
| Sub-Processor | Function | Data Processed | Location | Privacy Policy |
|---|---|---|---|---|
| Supabase, Inc. | Database, authentication, file storage | Account data, uploaded files, analysis results | United States | https://supabase.com/privacy |
| Modal Labs, Inc. | Compute processing | Uploaded files (during analysis only; deleted from compute after processing) | United States | https://modal.com/privacy |
| Vercel, Inc. | Web hosting and CDN | Web traffic data, IP addresses | United States (global CDN) | https://vercel.com/legal/privacy-policy |
| Stripe, Inc. | Payment processing | Billing information, transaction data | United States | https://stripe.com/privacy |
| Resend | Transactional email | Email addresses, job completion notifications | United States | https://resend.com/legal/privacy-policy |
We will notify existing customers at least 30 days in advance of any material changes to our sub-processor list. The current sub-processor list is maintained at https://pqra.3dfs.com/legal/subprocessors.
7. INTERNATIONAL DATA TRANSFERS
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your data may be transferred to and processed in the United States, where our sub-processors are located.
We ensure adequate protection for these transfers through: - Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into our agreements with sub-processors. - Supabase EU region hosting is available and may be selected by EU customers to minimize data transfers.
8. DATA SECURITY
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption at rest (AES-256 via Supabase/cloud storage)
- Encryption in transit (TLS 1.3)
- Authentication and access controls
- Regular security monitoring
- Isolated compute environments for file processing (Modal containers destroyed after each job)
- Audit logging
While we take reasonable steps to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
9. YOUR RIGHTS
Depending on your location, you may have the following rights regarding your personal data:
9.1 Rights Under GDPR (EEA, UK, Switzerland)
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Restriction: Request that we limit the processing of your data.
- Portability: Receive your data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Withdraw consent: Where processing is based on consent, withdraw it at any time.
To exercise these rights, email [email protected]. We will respond within 30 days (or one month as required by GDPR).
You also have the right to lodge a complaint with your local data protection supervisory authority.
9.2 Rights Under U.S. State Privacy Laws
California (CCPA/CPRA): California residents have the right to know what personal information is collected, request deletion, opt out of sale (we do not sell data), and not be discriminated against for exercising these rights.
Other U.S. States: Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out of certain processing. To exercise these rights, email [email protected].
9.3 No Automated Decision-Making
The PQRA Engine performs automated analysis of electrical measurement data. This analysis is advisory and informational only. It does not produce legal effects on individuals or similarly significantly affect any person. No automated decision-making as defined by GDPR Article 22 is performed.
10. CHILDREN'S PRIVACY
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected data from a child under 18, we will promptly delete it. If you believe a child has provided us with personal data, please contact [email protected].
11. COOKIES AND TRACKING TECHNOLOGIES
For detailed information about cookies and tracking technologies used on the Service, please see our Cookie Policy at https://pqra.3dfs.com/legal/cookies.
In summary: - Essential cookies (authentication session, CSRF protection) are used without consent as they are strictly necessary. - Functional storage (theme preferences via localStorage) does not involve tracking. - Analytics (if enabled) require opt-in consent for EU users. - We do not use marketing or advertising cookies.
12. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time. Material changes will be communicated via email or prominent notice on the Service at least 30 days before they take effect. The "Last Updated" date at the top of this page reflects the most recent revision.
13. CONTACT US
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
3DFS LLC A North Carolina Limited Liability Company Email: [email protected] General Support: [email protected] Website: https://pqra.3dfs.com
For GDPR-specific inquiries or data subject access requests, email [email protected] with the subject line "GDPR Request."
This Privacy Policy was last updated on February 28, 2026.