Privacy Policy

Last updated: March 31, 2026

1. Introduction

Welcome to 3dimli.com ("we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit or make a purchase from our website. Please read this policy carefully. By using the Site, you agree to the collection and use of information in accordance with this Privacy Policy.

This policy also applies when you access 3DIMLI through the desktop app, Android app, or third-party AI clients connected via the MCP server.

If you do not agree with the terms of this Privacy Policy, please do not access the Site. We may update this policy from time to time, so check back periodically to stay informed of any changes.

2. Information We Collect

The information we collect depends on how you interact with our Site. This may include:

Personal Information: Name, email address, phone number, and billing/shipping addresses.
Account Information: Username, password, and preferences you provide when creating an account.
Payment Information: Payment method details (e.g., card type, last four digits), processed through secure third-party services.
Usage Information: IP address, browser type, device details, pages viewed, and time spent.
Push Notification Tokens: Firebase Cloud Messaging tokens when you enable push notifications.
OAuth and API Tokens: Hashed access tokens, refresh tokens, and consent grants when you connect third-party AI clients through the MCP server.
Desktop and Mobile App Data: Session tokens and locally stored draft product data when you use the 3DIMLI desktop or Android app.

3. How We Use Your Information

We may use the collected information for various purposes, including to:

Provide, maintain, and improve our Site and services.
Process transactions and send you related information, such as confirmations and invoices.
Communicate with you about new products, services, or promotional offers.
Monitor and analyze usage, trends, and activities to enhance your experience.
Detect, prevent, and address technical or security issues.

4. Sharing of Information

We may share your information in the following situations:

Service Providers: We share information with vendors who perform services on our behalf (e.g., payment processing, data analysis).
Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another entity.
Legal Obligations: If required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).
With Your Consent: We may disclose your personal information for any other purpose with your explicit permission.
Third-Party AI Clients: When you authorize an MCP connection, the connected AI client receives account data covered by the scopes you approved. See Section 8 for details.

5. Data Retention and Security

We will retain your personal information only for as long as is necessary for the purposes set out in this policy or to comply with legal obligations. We implement reasonable security measures (including encryption, access controls, and secure servers) to protect against unauthorized access, alteration, disclosure, or destruction of your personal information.

Product files and media are stored on Cloudflare R2 and delivered through a global content delivery network. Push notification services are provided by Firebase Cloud Messaging.

However, no electronic transmission or storage of information can be entirely secure. We cannot guarantee absolute security of your data, and any transmission of information to us is at your own risk.

6. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal information, such as the right to access, correct, or delete your data. You can also opt out of receiving promotional messages by following the unsubscribe instructions in those emails.

Account Deactivation

You can deactivate your account from your dashboard, subject to outstanding obligations such as unpaid orders, pending refund requests, or recent sales still within the refund window. Once those are resolved, deactivation logs you out of all sessions, unpublishes all your seller products, and blocks access to MCP and API integrations. Your account data is preserved. You can reactivate your account at any time by signing in again.

Account Deletion

You can request permanent account deletion from your dashboard, subject to the same outstanding-obligation checks as deactivation. When you submit a deletion request, your account enters a grace period. After the grace period expires, your account and all associated data are permanently deleted, including all products, store data, orders, OAuth tokens, MCP consent grants, and uploaded files. Deletion is irreversible. Orders and purchase records are archived for legal and financial compliance before the account is removed.

For more information about your rights or to exercise them, pleasecontact us.

7. Children's Privacy

3DIMLI is not intended for users under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete that information. If you believe a child under 16 has provided us with personal data, please contact us at connect@3dimli.com.

8. MCP Server and Third-Party AI Integrations

3DIMLI provides a remote MCP (Model Context Protocol) server that allows you to connect your account to third-party AI assistants such as Claude, Cursor, and other MCP-compatible clients. This section describes how your data is handled when you use these integrations.

8.1 What Data MCP Clients Can Access

When you authorize an MCP connection, you choose which scopes to grant. Depending on the scopes you approve, the connected AI client may access your profile information, billing address, purchase history, download metadata, seller product data, store settings, order details, and audit threads. The client can only access data covered by the scopes you explicitly approved.

8.2 How the MCP Server Handles Your Data

The MCP server acts as a secure proxy between your account and the connected AI client. It does not store, cache, or retain any of your content, product data, or personal information. All requests pass through to the 3DIMLI API with your existing permissions enforced. Once the response is delivered to the client, no copy is kept on the MCP server.

8.3 OAuth Tokens and Consent

MCP connections are authorized through OAuth 2.0 with PKCE. When you approve a connection, 3DIMLI issues access and refresh tokens. All tokens are stored as SHA-256 hashes. Access tokens expire after one hour and refresh tokens rotate on every use. You can revoke access at any time from your dashboard, which immediately invalidates all associated tokens. Deleting your 3DIMLI account automatically revokes all MCP tokens and consent grants.

8.4 Third-Party AI Client Responsibility

3DIMLI does not control how third-party AI clients process, store, or use the data they receive through the MCP connection. Before authorizing a connection, review the privacy policy and terms of service of the AI client you are connecting to. 3DIMLI is not responsible for the data practices of third-party AI clients.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we do, we will revise the "Last Updated" date at the top of the policy. Your continued use of the Site after any modifications indicates your acceptance of the updated policy.

10. Contact Us

If you have questions or comments about this Privacy Policy or our data practices, please email us atconnect@3dimli.com.

By using our Site, you acknowledge that you have read and understood this Privacy Policy.