Last updated: June 28, 2026
We collect information you provide directly: your email address and display name when you register; photos you upload to the AI stitch scanner; patterns and projects you create; yarn stash entries; and communications you send us. We also collect usage data automatically: pages visited, features used, device type, and IP address for security purposes.
We use Supabase for authentication. Your password is never stored by YarnCro — it is managed entirely by Supabase's secure infrastructure. We store only a reference identifier linking your Supabase account to your YarnCro profile.
All payment processing is handled by PayPal. YarnCro never sees or stores your credit card, bank account, or PayPal login credentials. We store only your PayPal subscription ID to manage your subscription status.
Images you upload to the AI stitch scanner are sent to our AI provider (Google Gemini via OpenRouter) for processing and are not retained after the response is returned. Pattern requests and chat messages are processed in real time and not stored for AI training purposes.
We use your data to: provide and improve the Service; manage your account and subscription; send transactional communications (receipts, subscription alerts); respond to support requests; detect and prevent fraud and abuse; and analyze usage patterns to improve the product. We do not sell your personal data to third parties.
We share your data only with: (a) Supabase — for authentication services; (b) PayPal — for payment processing; (c) OpenRouter/Google — for AI model inference (query text and images only, no personal identifiers); (d) our hosting provider (Replit) — for infrastructure. All processors operate under data processing agreements and applicable privacy laws.
We use session cookies necessary for authentication. We do not use advertising trackers, third-party analytics pixels, or cross-site tracking cookies. You can disable cookies in your browser, but this will prevent you from logging in.
We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Subscription records may be retained for up to 7 years for accounting and tax compliance.
Depending on your location, you may have rights to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; export your data in a portable format; object to or restrict processing of your data. To exercise any of these rights, contact us at privacy@yarncro.com. We will respond within 30 days.
YarnCro is not directed at children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.
We implement industry-standard security measures including HTTPS encryption in transit, JWT-based authentication with JWKS verification, and access controls. No system is 100% secure — if you discover a vulnerability, please report it responsibly to security@yarncro.com.
We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notification at least 14 days before the changes take effect.
For privacy questions or data requests: privacy@yarncro.com For security concerns: security@yarncro.com