Privacy Policy

Zorge 3D Labs (“we”, “us”, “our”) operates zorge3dlabs.com, an online store and 3D printing services platform based in Nairobi, Kenya. When we collect your personal data, we act as the data controller.

We may collect the following categories of personal information:

• Identity & contact data — Full name, email address, phone number (M-Pesa number), and delivery address provided when you register, place an order, or request a quote.
• Transaction data — Details of purchases you have made, including products ordered, quantities, prices, payment method, and order status.
• Payment data— We do not store full payment details. M-Pesa transactions are processed via Safaricom’s Daraja API. We store only a transaction reference and confirmation status.
• Design files — 3D design files (STL, OBJ, 3MF, etc.) you upload for printing or quoting. These are stored securely for order fulfilment.
• Account data — Email address and hashed password used to secure your account, managed via Supabase Auth.
• Usage data — Information about how you interact with our website, including pages visited, time spent, and actions taken. Collected via server-side logging.
• Communications — Emails, messages, or quotes submitted through our contact or quote forms.

We use your personal data for the following purposes:

• To process and fulfil your orders, including custom print jobs and delivery coordination.
• To communicate order status updates, quotes, and receipts via email.
• To manage your account and provide access to your order history and saved details.
• To send you transactional emails such as order confirmations and quote notifications.
• To send you our newsletter or promotional updates, only if you have opted in. You can unsubscribe at any time.
• To improve our website, pricing models, and service quality through aggregated usage analytics.
• To comply with applicable legal and regulatory obligations in Kenya.

We process your data on the following legal bases:

• Contract performance — Processing necessary to fulfil your order or service request.
• Legitimate interests — Fraud prevention, website security, and service improvement.
• Consent — For marketing emails and newsletter subscriptions, where you have opted in.
• Legal obligation — Where we are required by law to retain certain records.

We use trusted third-party services to operate our platform. Each has its own privacy practices:

• Supabase — Authentication and database hosting. Your account credentials and customer data are stored on Supabase infrastructure.
• Neon (PostgreSQL) — Our primary database provider for order and product data.
• Cloudinary — Cloud storage for uploaded design files and product images.
• Resend — Transactional email delivery (order confirmations, quotes, etc.).
• Safaricom M-Pesa (Daraja API) — Payment processing. We share your M-Pesa phone number with Safaricom to initiate payment requests.
• Vercel — Our website hosting provider. Server-side request logs may be retained by Vercel.

We do not sell, rent, or share your personal data with any other third parties for their own marketing purposes.

We retain your personal data only as long as necessary for the purposes described in this policy, or as required by law:

• Order records — Retained for at least 7 years for accounting and legal purposes.
• Account data — Retained while your account is active. You may request account deletion at any time.
• Design files — Retained for 90 days after order completion unless you request earlier deletion.
• Marketing opt-ins — Retained until you unsubscribe or request removal.

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Rectification — Ask us to correct inaccurate or incomplete data.
• Erasure — Request deletion of your personal data, subject to legal retention obligations.
• Opt out — Unsubscribe from marketing communications at any time using the link in any email we send.
• Portability — Request your data in a structured, machine-readable format.

To exercise any of these rights, email us at info@zorge3dlabs.com. We will respond within 14 business days.

We use only essential session cookies required for authentication and cart persistence. We do not currently use advertising or analytics tracking cookies from third parties.

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. These include encrypted data transmission (HTTPS), hashed passwords, and access controls on our database.

No system is completely secure. If you suspect a security incident involving your account, contact us immediately.

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically.

For any privacy-related questions or requests, please contact us: