Privacy Policy

Effective: 9 May 2026

Mantis Crochet ("we", "us", "our") runs the Mantis Crochet Notebook web application at app.mantiscn.com. This policy explains what personal data we collect, how we use it, who we share it with, and the choices you have. Plain language is the goal — if anything below isn't clear, email us at support@mantiscn.com.

1. What we collect

When you create an account and use the product, we collect:

  • Account data — email address, hashed password, display name (if you set one), tier, subscription status, trial expiration.
  • Pattern and project data — patterns you create, import, or save; swatch measurements; stash inventory entries; cooking sessions; user preferences (yarn weight, hook size, gauge, handedness, pedal mappings).
  • Uploaded images — yarn label photos, swatch photos, stash photos. Stored privately, scoped to your account, EXIF metadata stripped on upload.
  • Imported pattern source data — PDFs and URLs you submit are processed once to extract the pattern; the original bytes are not retained beyond the processing window.
  • Usage events — feature use counts, AI orchestrator request counts and estimated cost, used for tier-cap enforcement and anomaly detection.
  • Diagnostic data — error reports (Sentry), product analytics (PostHog) when you have consented to analytics cookies, optional bug reports you submit.
  • Billing data — Stripe Customer ID, subscription ID, status, period dates. We do not store full payment card numbers; Stripe does.

2. How we use it

  • To run the product — save your work, sync between your devices, render the editor and cooking-mode UIs.
  • To process payments and manage your subscription.
  • To send transactional email — verification, password reset, billing receipts, replies to bug reports.
  • To run the AI orchestrator features you trigger (pattern import, chart generation), with per-tier caps enforced server-side.
  • To monitor errors and improve reliability.
  • To detect abuse — rate limits, anomaly detection, and per-tier feature gating.

We do not sell your personal data, share it with advertisers, or use your patterns or photos to train generative AI models without your explicit, opt-in consent.

3. Sub-processors

The following vendors process data on our behalf:

  • Supabase (US) — primary database, authentication, file storage. Hosts your account, patterns, swatches, stash, photos.
  • Vercel (US) — application hosting and edge runtime.
  • Stripe (US) — payment processing, billing portal, subscription management.
  • Resend (US) — transactional email delivery.
  • Sentry (US) — error monitoring (includes the user identifier and tier when you trigger an error while signed in).
  • PostHog (US) — product analytics, only loaded after you consent via the cookie banner.
  • OpenAI / Anthropic (US) — LLM providers used by the import / chart-generation orchestrator. Pattern text you import is sent to one of these providers to extract structured chart data. We don't send your stash photos, swatch photos, or other private uploads to LLM providers.
  • Cloudflare (US) — DNS and DDoS protection in front of the application.
  • Better Stack (EU) — uptime monitoring (no user data; pings public health endpoints).

4. Cookies

We use two categories of cookies and similar storage:

  • Essential — Supabase auth cookies (your signed-in session) and a small consent record (mcn.cookie.consent) in localStorage. You cannot opt out of essentials and use the product.
  • Analytics — PostHog cookies, loaded only after you click "Accept" on the cookie banner. You can change your mind any time on the account page.

We do not use advertising cookies.

5. Retention

Account data and pattern/project data persist while your account is active. When you delete your account on the account page, we immediately delete your patterns, projects, swatches, stash items, cooking sessions, preferences, photos, usage events, and bug reports, and cancel your Stripe subscription. Backups are retained for up to 30 days, after which they are overwritten. Imported pattern PDFs and URLs are not retained beyond the single processing pass that extracts your chart data.

6. Your rights

You can:

  • Export a JSON archive of your account data on the account page.
  • Delete your account and all associated data on the same page.
  • Withdraw analytics consent at any time on the same page; PostHog will stop loading on your next page view.
  • Email us at support@mantiscn.com for any GDPR / CCPA / UK-GDPR request we don't already cover with the export and delete buttons.

7. Security

Your data is encrypted in transit (HTTPS) and at rest (Supabase and Vercel managed encryption). Access to production data is restricted to the operator (Shawn Terry); we don't have a support team that reads your data on demand. Bug reports you file include the page URL, your description, and the user agent string — please do not paste sensitive data into the description field.

8. International transfers

Our infrastructure is hosted in the United States. If you access the product from the EU, UK, or elsewhere, your data is processed in the US under appropriate safeguards (Standard Contractual Clauses where applicable through our sub-processors).

9. Children

Mantis Crochet is not directed to children under 13 (or 16 in the EU). If you believe a child has created an account, email support@mantiscn.com and we will delete it.

10. Changes

Material changes to this policy will be announced by email to the address on your account at least 7 days before they take effect. The effective date at the top of this page reflects the most recent version.

11. Contact

Questions or requests: support@mantiscn.com.

See also our Terms of Service.