Privacy Policy

Last updated: June 22, 2026

This Privacy Policy describes how 3Dash ("3Dash", "we", "us", "our") collects, uses, stores, shares, and protects your personal data when you use 3dash.in and related services (the "Platform"). This Privacy Policy constitutes the statutory Notice required under Section 5 of the Digital Personal Data Protection Act, 2023 ("DPDP Act") and is published in accordance with Rule 3(1) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Consumer Protection (E-Commerce) Rules, 2020.

Your consent to the collection and processing of your personal data is obtained through an affirmative, specific, informed, and unambiguous action — by ticking the mandatory consent checkbox and clicking "Continue with Google" or "Register & Join" / "Sign In" on our login interface. If you do not agree to the practices described in this Policy, please do not use the Platform.

1. Who We Are & Our Role

3Dash is the Data Fiduciary (under the DPDP Act) for personal data you submit through the Platform. We operate the marketplace from Bengaluru, Karnataka, India. We process your personal data only for the purposes described in this Policy.

2. Information We Collect

a. Account & Profile Information

• Full name (or display name), email address, profile photo (if signed in via Google).
• Verified phone number (via OTP) — mandatory for Sellers and shipping addresses.
• Account-creation timestamp and authentication provider (Google / email-password).

b. Order & Delivery Information

• Shipping addresses (street, city, state, pincode, recipient phone).
• Order history including items, materials, infill, quantities, prices, statuses, and dispatch / delivery timestamps.
• Ratings and reviews you submit; dispute records (reason, description, evidence photographs).

c. 3D Files & Print Specifications

• STL, OBJ, or other 3D model files you upload for quoting and printing.
• Computed metadata: volume, weight, estimated print time, dimensions.

These files are stored only as long as needed to fulfil your Order. They are scheduled for automatic deletion shortly after Order completion or cancellation. No Seller can access or download your files outside the strict context of completing your specific Order.

Photo-based tools (e.g., the Lithophane generator): When you use a feature that converts a photo into a 3D model, the photo is processed entirely within your own browser to build the model — the original photo is never uploaded to or stored on our servers. Only the resulting 3D model file is uploaded, and only if you choose to order it, after which it is handled like any other 3D file above (stored briefly, then deleted after your Order). Because such a model visibly reproduces your image, the Seller who prints it will see it as part of the model file they receive.

d. Payment Information

We do not store your full card number, CVV, UPI PIN, or net-banking credentials. All payment data is collected directly by our Payment Partner, Razorpay, and is handled in accordance with Razorpay's Privacy Policy and PCI-DSS compliance. We do receive and retain:

• The payment method used (UPI / Card / Net Banking / Wallet) — for receipts.
• Razorpay's payment and order identifiers — for refund and reconciliation purposes.
• Transaction amounts and ledger entries.

e. Seller-Specific Data

• Public: store name, location pin (approximate), printer specifications, materials offered, and aggregated ratings.
• Private (admin-only): verified phone, full pickup address, KYC and payout details. Customers never see this data — only our Logistics Partner sees the pickup address, strictly for pickup.

f. Technical & Usage Data

• IP address, browser type, operating system, device identifiers, screen size.
• Page views, clicks, and event-level interaction with the Platform (via Google Analytics 4 / Firebase Analytics).
• Error reports and stack traces (via Sentry) — used to fix bugs. We have configured Sentry to omit local variables from stack frames to reduce the risk of leaking secrets.

3. How We Use Your Information

• To create and authenticate your account and verify Sellers.
• To compute pricing, accept Orders, dispatch to a Logistics Partner, and deliver to you.
• To process payments, issue refunds, maintain the financial ledger, and run daily reconciliation.
• To send transactional emails (order confirmations, dispatch notices, dispute updates) — these are not marketing and cannot be unsubscribed from without closing your account.
• To detect and prevent fraud, abuse, and unauthorised activity.
• To monitor and improve the Platform's reliability, performance, and security.
• To comply with applicable legal obligations and respond to lawful government requests.

4. Grounds for Processing (DPDP Act)

In compliance with Section 6 of the DPDP Act, 2023, we process your personal data solely on the ground of Consent, which you provide freely, specifically, informedly, and via a clear affirmative action when registering an account or executing a transaction on the Platform. Processing your data for order fulfilment, logistics allocation, payment reconciliation, and customer support is necessary to satisfy the specific purposes for which you have provided such consent.

You may withdraw your consent at any time, as described in Section 9(d) below. Where we are required to retain certain records to comply with statutory obligations (such as tax laws or consumer-protection record-keeping requirements), such retention is also disclosed transparently in Section 8.

5. Who We Share Your Data With

We do not sell or rent your personal data for marketing purposes. We share specific data with trusted third-party service providers (each acting as a "Data Processor" under the DPDP Act) operating under strict contractual obligations to keep your data secure. We share by category and purpose:

• The Accepted Seller — receives only the print specifications and the 3D model file (STL) of your Order. Your name, email, phone, and address are never visible to Sellers via the dashboard.
• Logistics & Courier Partners — receive the Seller's pickup address and phone, plus your full name, delivery address, and phone for the sole purpose of last-mile delivery.
• Payment Gateway Partners (currently Razorpay) — process payments and refunds. We do not store your raw card or banking credentials. Subject to Razorpay's Privacy Policy.
• Cloud Infrastructure & Database Providers — store your account, order, and ledger data, host authentication, and serve the Platform.
• Communications & Verification Providers — deliver transactional emails (order confirmations, dispute updates, receipts) and OTP messages for phone verification.
• Error Tracking & Monitoring Providers — receive automated crash reports and stack traces (with locals omitted) used solely to fix bugs and maintain platform reliability.
• Analytics Providers — receive aggregated, anonymised usage patterns to help us understand how the Platform is used.
• Law-enforcement & regulatory authorities — when lawfully required by a court order, warrant, or statutory provision in India.
• Successor entities — in the event of a merger, acquisition, or sale of substantially all of 3Dash's assets, subject to the same protections in this Policy.

Pursuant to Section 11 of the DPDP Act, 2023, you may at any time request the specific named entities with whom your personal data has been shared by writing to our Grievance Officer (Section 13).

6. Cookies & Similar Technologies

The Platform uses cookies and similar technologies (localStorage, sessionStorage, IndexedDB) for:

• Strictly necessary — keeping you logged in, remembering your cart, storing CSRF tokens.
• Analytics — Google Analytics 4 to understand aggregate usage patterns (anonymised at the IP level).
• Security — Google reCAPTCHA and Firebase App Check to protect against bots and abuse.

You can disable cookies in your browser settings, but parts of the Platform may stop working as a result.

7. Data Security

We implement and maintain technical, infrastructural, and organisational safeguards to protect your personal data and prevent data breaches, in full compliance with Section 8 of the DPDP Act, 2023 (Obligations of a Data Fiduciary). These measures include:

• TLS/HTTPS encryption in transit for every Platform request.
• Encryption at rest for cloud database and storage layers (managed by Firebase / Google Cloud).
• Role-based access control — Sellers, Customers, and Admins see only the data they're entitled to. Sensitive fields (Seller phone, address, KYC) sit in admin-restricted private sub-collections.
• Firebase App Check on all financial endpoints to block tokenless bot traffic.
• Razorpay HMAC-SHA256 signature verification on every payment before any order is confirmed.
• Per-user rate limiting on order creation to prevent abuse.
• Independent error tracking and daily reconciliation to detect anomalies.

While we take reasonable measures, no system is completely secure. If you suspect any breach affecting your account, contact us immediately at legal@3dash.in.

8. Data Retention

• Account data — retained while your account is active. On a verified deletion request (see Section 9(c)), profile data is purged manually. Transactional records linked to your account are retained per the items below for legal compliance.
• Order records, payment receipts, ledger entries — retained for at least eight (8) years to comply with statutory record-keeping requirements under Indian tax and consumer-protection laws.
• 3D model files — deleted shortly after Order completion or cancellation (typically within 7 days).
• Dispute evidence (photos, descriptions) — retained for at least 2 years after resolution.
• OTP codes — short-lived, hashed, and purged after verification.

9. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 ("DPDP Act"), you (the "Data Principal") have the following rights with respect to your personal data processed by 3Dash (the "Data Fiduciary"). All requests should be made from the email address registered on your account so we can verify your identity.

a. Right to Access & Summary of Processing

You may request a summary of (i) the personal data we hold about you, (ii) the processing activities undertaken on that data, and (iii) the identities of the third parties with whom your data has been shared, along with the categories of data shared. We will respond within thirty (30) days. Where feasible, data will be provided in a structured, machine-readable format.

b. Right to Correction & Updating

You may ask us to correct any inaccurate, incomplete, or out-of-date personal data we hold about you. Most fields (display name, email, phone, addresses, photo) can be updated by you directly via your profile page. For fields that cannot be self-edited (e.g., audit-trail timestamps, verified phone for sellers), write to us.

c. Right to Erasure

Account deletion is handled manually by our team. To delete your account, send an email to support@3dash.in from the email address registered on your account, with the subject line "Account Deletion Request". Upon verifying your identity:

• We will close your account and delete your profile data, uploaded 3D files, addresses, ratings, and preferences, typically within thirty (30) days of verification.
• We will retain data we are legally required to keep, including order records, tax-relevant payment receipts, ledger entries, and dispute evidence — for the periods set out in Section 8. Such retained data is access-restricted and used only for compliance, not for any active processing.
• Erasure is irreversible. Once your account is deleted, your remaining wallet points, ratings, and order history are not recoverable.

d. Right to Withdraw Consent

Where our processing is based on your consent, you may withdraw that consent at any time by emailing support@3dash.in. Withdrawal does not affect the lawfulness of processing performed before withdrawal. Once you withdraw consent:

• You will no longer be able to place new Orders or use Platform features that depend on the withdrawn data.
• Ongoing Orders will be completed; we will continue processing the minimum data necessary to fulfil contractual obligations and meet legal retention requirements.
• If you also want your existing data deleted, please send a separate Account Deletion Request as described in Section 9(c).

e. Right to Nominate

Under Section 14 of the DPDP Act, you may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity. To register a nominee, write to our Grievance Officer with the nominee's full name, relationship, and contact details, along with a copy of a government-issued ID.

f. Right to Grievance Redressal

If you are dissatisfied with how we handle your personal data or any of the above rights, you may escalate to our Grievance Officer (Section 13). We acknowledge every grievance within 48 hours and aim to resolve it within fifteen (15) days, as prescribed under the Information Technology Rules.

g. Right to Complain to the Data Protection Board

If we have not resolved your grievance to your satisfaction, you have a further right to lodge a complaint with the Data Protection Board of India established under the DPDP Act.

How to Exercise These Rights

To exercise any right above, write to legal@3dash.in from the email registered on your account, stating clearly which right you are exercising and any relevant details. We may ask for additional information solely to verify your identity before acting on the request. There is no fee for exercising any right under this Policy.

10. Children's Privacy

The Platform is not intended for users below the age of eighteen (18). We do not knowingly collect personal data from minors. If we discover that we have inadvertently collected data from a minor, we will delete it promptly. Parents or guardians who believe their child has provided us data may contact legal@3dash.in.

In accordance with Section 9 of the DPDP Act, 2023, we do not undertake behavioural tracking, monitoring, or targeted advertising directed at minors. Our analytics tools are operated solely for aggregate platform-usage measurement and are configured to honour age-gated controls; any account that we have reason to believe belongs to a minor will be immediately disabled and excluded from all event-level analytics processing pending verification.

11. International Data Transfer

Our cloud infrastructure (Firebase / Google Cloud) and certain other service providers may store or process data on servers located outside India, including in the United States and the European Union. Where data is transferred internationally, we ensure that the receiving party offers a comparable standard of protection, either through contractual safeguards or by relying on providers that comply with recognised data-protection frameworks.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. It is your responsibility to review this Policy periodically; continued use of the Platform after a change constitutes acceptance of the updated Policy.

13. Grievance Redressal Mechanism

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Consumer Protection (E-Commerce) Rules, 2020, you may direct grievances, data-rights requests, or complaints regarding any content, data, transaction, or operation of the Platform to our designated Grievance Officer:

14. Contact

For privacy-related questions, write to legal@3dash.in. For other support, write to support@3dash.in.