Privacy policy

Common Parts Access

1. Introduction

Common Parts Access (accessible at access.commonparts.org) is an open platform for publishing and accessing digital spare parts. It is an official interface of the Common Parts Infrastructure.

This Privacy Policy explains what personal data is collected when you use Common Parts Access, how it is used, and what rights you have regarding your data.

Common Parts acts as the data controller for all personal data processed through Common Parts Access. You may contact us at any time at contact@commonparts.org.

2. Data Controller

Common Parts

contact@commonparts.org

access.commonparts.org

As Common Parts is currently operating as an unincorporated project, the natural person responsible for data processing may be identified upon request via the contact address above.

3. Data We Collect

3.1 Account data

When you create an account on Common Parts Access, we collect:

Email address
Username and display name (as provided by you)
Password (stored in hashed form - we never store your password in plain text)
Profile information you choose to add (bio, avatar)

3.2 Content data

When you publish spare parts or other content to the platform, we collect:

3D model files and associated metadata (title, description, material, print settings)
Tags, categories, and other classification data you provide

3.3 Usage data

When you use Common Parts Access, we automatically record:

Downloads and views associated with your account
Collections and likes you create
Date and time of actions performed on the platform

3.4 Technical data

For technical operation of the service, we process:

Session data stored in cookies (see Section 5)
IP address (processed transiently by our infrastructure - not stored in application logs)

4. Legal Basis and Purpose

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

Performance of a contract (Art. 6(1)(b) GDPR): account creation, authentication, and delivery of the services you request.
Legitimate interests (Art. 6(1)(f) GDPR): maintaining security and integrity of the platform, preventing abuse.
Consent (Art. 6(1)(a) GDPR): where we ask for your explicit agreement, such as for optional profile information.

5. Cookies

Common Parts Access uses cookies strictly for authentication and session management. No advertising, tracking, or analytics cookies are used.

Cookie name: Supabase authentication token cookie (sb-*-auth-token pattern)
Purpose: Stores your authenticated session to keep you logged in.
Type: Strictly necessary. This cookie is essential for the service to function and does not require your consent.
Provider: Supabase, Inc. (our authentication infrastructure provider).
Duration: Session and short-term persistence (expires upon logout or session timeout).

You may delete cookies at any time through your browser settings. Doing so will log you out of your account.

6. Third-Party Processors

We use the following sub-processors to operate Common Parts Access.

Supabase, Inc. - Database, authentication, and file storage infrastructure. Supabase is SOC 2 Type II certified.

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.

7. Data Retention

We retain your personal data for as long as your account remains active. If you delete your account, your personal data will be deleted immediately, except where retention is required by law or necessary to resolve disputes.

Content you have published to the platform (spare part models and associated metadata) will be anonymized and remain available after account deletion, unless you request full removal.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access: obtain a copy of the personal data we hold about you.
Right to rectification: correct inaccurate or incomplete data.
Right to erasure: request deletion of your personal data (subject to legal retention obligations).
Right to restriction: request that we limit processing of your data.
Right to data portability: receive your data in a structured, machine-readable format.
Right to object: object to processing based on legitimate interests.
Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at contact@commonparts.org. We will respond within 30 days. If you believe your rights have not been respected, you have the right to lodge a complaint with your national data protection authority.

9. Security

Common Parts Access implements industry-standard security measures, including encrypted data transmission (TLS), hashed password storage, and session-based authentication managed by Supabase. No system is fully secure; we encourage you to use a strong, unique password for your account.

10. Contact

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data:

Common Parts

contact@commonparts.org

access.commonparts.org

Privacy policy

Common Parts Access

1. Introduction

Common Parts Access (accessible at access.commonparts.org) is an open platform for publishing and accessing digital spare parts. It is an official interface of the Common Parts Infrastructure.

This Privacy Policy explains what personal data is collected when you use Common Parts Access, how it is used, and what rights you have regarding your data.

Common Parts acts as the data controller for all personal data processed through Common Parts Access. You may contact us at any time at contact@commonparts.org.

2. Data Controller

Common Parts

contact@commonparts.org

access.commonparts.org

As Common Parts is currently operating as an unincorporated project, the natural person responsible for data processing may be identified upon request via the contact address above.

3. Data We Collect

3.1 Account data

When you create an account on Common Parts Access, we collect:

Email address
Username and display name (as provided by you)
Password (stored in hashed form - we never store your password in plain text)
Profile information you choose to add (bio, avatar)

3.2 Content data

When you publish spare parts or other content to the platform, we collect:

3D model files and associated metadata (title, description, material, print settings)
Tags, categories, and other classification data you provide

3.3 Usage data

When you use Common Parts Access, we automatically record:

Downloads and views associated with your account
Collections and likes you create
Date and time of actions performed on the platform

3.4 Technical data

For technical operation of the service, we process:

Session data stored in cookies (see Section 5)
IP address (processed transiently by our infrastructure - not stored in application logs)

4. Legal Basis and Purpose

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

Performance of a contract (Art. 6(1)(b) GDPR): account creation, authentication, and delivery of the services you request.
Legitimate interests (Art. 6(1)(f) GDPR): maintaining security and integrity of the platform, preventing abuse.
Consent (Art. 6(1)(a) GDPR): where we ask for your explicit agreement, such as for optional profile information.

5. Cookies

Common Parts Access uses cookies strictly for authentication and session management. No advertising, tracking, or analytics cookies are used.

Cookie name: Supabase authentication token cookie (sb-*-auth-token pattern)
Purpose: Stores your authenticated session to keep you logged in.
Type: Strictly necessary. This cookie is essential for the service to function and does not require your consent.
Provider: Supabase, Inc. (our authentication infrastructure provider).
Duration: Session and short-term persistence (expires upon logout or session timeout).

You may delete cookies at any time through your browser settings. Doing so will log you out of your account.

6. Third-Party Processors

We use the following sub-processors to operate Common Parts Access.

Supabase, Inc. - Database, authentication, and file storage infrastructure. Supabase is SOC 2 Type II certified.

We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.

7. Data Retention

Content you have published to the platform (spare part models and associated metadata) will be anonymized and remain available after account deletion, unless you request full removal.

8. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access: obtain a copy of the personal data we hold about you.
Right to rectification: correct inaccurate or incomplete data.
Right to erasure: request deletion of your personal data (subject to legal retention obligations).
Right to restriction: request that we limit processing of your data.
Right to data portability: receive your data in a structured, machine-readable format.
Right to object: object to processing based on legitimate interests.
Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

9. Security

10. Contact

For any questions, requests, or concerns regarding this Privacy Policy or the processing of your personal data:

Common Parts

contact@commonparts.org

access.commonparts.org