Log in Sign up
Privacy policy
Last updated: May 16, 2026.

This is a plain-language summary of what we collect and how we use it. It is provided in good faith but does not replace a lawyer-reviewed policy. Contact us at hello@filament-tracker.example for legal questions.

What we collect

  • Account data: email, name, username, optional bio and avatar. Required to log in and identify you.
  • Inventory data: spools you track, prints you log, palettes, reviews, comments. This is the point of the service.
  • Bambu Lab tokens (optional): if you connect your Bambu cloud account, we store an encrypted refresh token so we can subscribe to your print telemetry. We never store your Bambu password. You can disconnect at any time.
  • Photos you upload: print photos, avatars, spool storage zone photos. We strip EXIF/GPS metadata on upload.
  • Auth logs: login timestamps, IP, user-agent, and geo-IP country for security alerts. Retained 90 days.
  • Affiliate clicks: when you click a "Buy" button, we log the click for revenue accounting (referrer, IP, user-agent, timestamp). No purchase data flows back to us.

What we don't collect

  • We do not use Google Analytics, Facebook Pixel, or any cross-site tracker.
  • We do not sell your data to anyone, ever.
  • We do not store credit card numbers (we have no payment system yet).

What we share

  • Public profile data: your username, avatar, bio, and any spools/prints/palettes/reviews you mark as public. Default is private.
  • Affiliate networks (Awin): when you click "Buy", you're redirected through Awin so they can attribute the sale. They set their own cookies on the merchant site; this is out of our hands.
  • Hosting providers: Hetzner (Postgres, Redis, app server), Cloudflare R2 (photos), Postmark (transactional email).
  • Error monitoring (Sentry): server-side exceptions are scrubbed of email and IP before being sent.

Your rights

  • Export: download a ZIP of all your data from settings › Data export.
  • Delete: request account deletion in settings. We soft-delete for 30 days (so you can recover), then hard-delete from the database and R2. Comments and reviews are anonymized to "[deleted user]" rather than removed, to preserve thread integrity.
  • Access & correction: all your data is editable inside the app. If you can't reach something, email us.

Children

Filament is not directed at children. We require users to be at least 16 years old in the EU/UK, and 13 elsewhere, in line with COPPA / UK age-appropriate-design code. We do not knowingly collect data from users under that age.

Cookies

We set one cookie: your session cookie, used to keep you logged in. It is encrypted, HttpOnly, and same-site Lax. We do not set any tracking cookies. Awin's redirect sets a third-party cookie on the merchant's site to attribute the click; this is controlled by the merchant, not by us.

Changes

If we make material changes to this policy, we will email registered users at least 14 days in advance and post a notice on the homepage.