← Back to home

Privacy Policy

Last updated: 21 March 2026

1. Who we are

STL Shield is operated by HallyAus (“we”, “us”, “our”). We are an Australian-based company providing digital rights management (DRM) services for 3D print files. Our website is stlshield.com.au.

2. Information we collect

We collect the following personal information:

  • Account information: Your name and email address when you register.
  • Usage data: IP address, device fingerprint (SHA-256 hash), geolocation (country level), and timestamps when you activate a license token.
  • File metadata: File names, sizes, and encryption metadata for files you upload. We never access or store the unencrypted content of your 3D files.
  • Log data: Server logs including IP addresses, user agent strings, and request timestamps for security and audit purposes.

3. How we use your information

  • To provide and maintain the STL Shield service, including license validation and file encryption.
  • To send you magic link authentication emails.
  • To enforce license terms (activation limits, machine binding).
  • To detect and prevent piracy through our Watchdog service.
  • To generate forensic evidence reports when you request them.
  • To maintain audit logs for security compliance.

4. Data storage and security

Your data is stored in a PostgreSQL database hosted on secure infrastructure. All data is encrypted in transit using TLS 1.3. Sensitive tokens are hashed using bcrypt (cost factor 12). Hardware fingerprints are stored as SHA-256 hashes, not raw hardware identifiers. We follow the principle of least privilege and maintain immutable audit logs.

5. Data sharing

We do not sell your personal information. We may share data with:

  • Cloudflare R2: For encrypted file storage.
  • Resend: For transactional emails (magic links).
  • Law enforcement: When required by Australian law or valid legal process.

6. Your rights

Under the Australian Privacy Act 1988, you have the right to access, correct, and request deletion of your personal information. You can delete your account at any time from the Settings page in your dashboard. To make a privacy request, contact us at the email below.

7. Cookies

We use a single session cookie for authentication. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

8. Changes to this policy

We may update this privacy policy from time to time. We will notify registered users of material changes via email. The “Last updated” date at the top of this page indicates when the policy was last revised.

9. Contact

For privacy-related questions or requests, please open an issue on our GitHub repository or reach out via our support channels.