PanelOrca Download Free

← Back to PanelOrca

Privacy Policy

Effective 12 May 2026

PanelOrca is a SketchUp extension and companion cloud service. This page explains what data we collect, what we do with it, and what choices you have.

Who runs PanelOrca

PanelOrca ("we", "us") is an independent, remote-first project. We are in the process of formalising the operating entity; this page will be updated when that happens.

For privacy questions, contact hello@panelorca.com.

What data we collect

Account data

  • Email address (required to create an account)
  • Full name (optional, displayed in your organization)
  • Password (stored as a bcrypt hash — we never see the plaintext)
  • Profile photo (optional, uploaded by you)
  • Preferred language
  • System role (admin / user — defaults to user)

If you sign in with Google

  • Your Google account email and full name
  • Your Google profile photo URL
  • A Google-issued user identifier ("sub") to recognise you on return

We do not receive or store any other Google data (contacts, calendar, drive, etc.).

Project data

  • Project files you choose to sync — names, descriptions, model JSON, BOM data, machining instructions, label designs, custom materials and connectors you create
  • Thumbnails generated from your projects
  • Membership in organizations and which projects you have access to

Technical data

  • IP address and request metadata (URL, user agent, response time, error code) — kept in server logs for up to 30 days for diagnostics and abuse prevention
  • Authentication tokens issued to your device

What we do not collect

  • Payment information — there is no paid tier yet, so we collect no card data
  • Behavioural telemetry — the SketchUp extension does not phone home with usage events at this time. If we later add opt-in analytics, this page will be updated and consent will be requested in-app
  • Third-party tracking — the landing site does not embed advertising trackers

Why we use it

  • To create and authenticate your account
  • To sync your projects between SketchUp and the cloud, and between your devices
  • To deliver transactional email (account verification, password reset, organization invitations)
  • To enforce free-tier limits (e.g. number of projects per organization)
  • To diagnose errors and prevent abuse
  • To improve the product, in aggregate

We do not sell your data, share it with advertisers, or use it to train external AI models.

How long we keep it

  • Account data — for as long as your account is active
  • Project data — until you delete the project or the account
  • Server logs — up to 30 days
  • Transactional email metadata at Resend — per Resend's retention policy
  • Deleted accounts and projects — soft-deleted for up to 30 days, then permanently removed from primary storage. Backups containing soft-deleted rows roll off within 90 days

Where it's stored

  • Primary database: PostgreSQL on a DigitalOcean Droplet in Singapore (Asia-Pacific)
  • Files (thumbnails, avatars, project assets): same Droplet's disk
  • Transactional email: Resend — see their privacy policy
  • Inbound email forwarding: Cloudflare Email Routing — see their privacy policy
  • DNS & edge: Cloudflare

Your rights

You can:

  • Access your data — visit Settings to view your account fields, or export projects you own
  • Correct your data — edit your profile or organization in-app
  • Delete your account and projects — write to hello@panelorca.com and we will delete within 30 days. You may also delete individual projects yourself
  • Object to specific uses — write to us and we will respond
  • Withdraw consent — if a feature is consent-based (e.g. future analytics), you can withdraw at any time without losing access to the product

If you are in the EU/EEA, UK, or another jurisdiction with similar laws, you also have the right to lodge a complaint with your local data protection authority. We will cooperate with reasonable requests from such authorities.

Children

PanelOrca is not directed at children under 16. If you believe a child has created an account, contact hello@panelorca.com and we will delete it.

Security

We use industry-standard practices — TLS everywhere, bcrypt for passwords, short-lived access tokens with refresh-token rotation, server-side authorization on every protected endpoint, and per-organization access scoping. See Security Overview for more detail.

No system is perfectly secure. If you discover a vulnerability, please email hello@panelorca.com rather than disclose it publicly, so we can fix it before it is exploited.

Changes to this policy

We will update this page when our data practices change. The effective date at the top shows when the current version was published. For material changes, we will additionally notify active users by email.

Plain-language summary: we collect what we need to run the product — your account, your projects, basic technical data. We don't sell it, we don't track you across the web, and we'll delete your data on request.