FabricLabFabricLabBack to Home

Privacy Policy

Last updated: February 20, 2026

Sonata Unified (“we”, “us”, or “our”) operates FabricLab (https://fabriclab.ai), a professional drapery calculation, job management, and AI fabric visualization platform. This Privacy Policy explains how we collect, use, store, disclose, and safeguard your information — including data obtained from Google APIs — when you use our service.

1. Information We Collect

1.1 Google Account Information

When you sign in with Google, we request access to the following Google user data through OAuth 2.0:

  • Basic profile information (via openid, email, profile scopes): your name, email address, and profile picture. Used solely to create and manage your FabricLab account.
  • Google Drive file access (via drive.file scope): allows FabricLab to save work orders and PDF documents to your Google Drive when you explicitly choose to export them. This scope only grants access to files created by FabricLab — we cannot read, modify, or delete any other files in your Google Drive.

1.2 Apple Account Information

When you sign in with Apple, we receive your name and email address (or an Apple relay email). Used solely to create and manage your FabricLab account.

1.3 Email/Password Account Information

When you register with email and password, we collect your name, email address, and a securely hashed password. We never store passwords in plain text.

1.4 Project and Calculation Data

We store the drapery projects, calculations, work orders, and related business data you create within FabricLab. This data is associated with your account and, if applicable, your organization.

1.5 Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card numbers or banking details. We retain Stripe customer IDs and subscription status to manage your account tier.

1.6 AI Visualization Images

When you use the AI Fabric Visualizer feature, uploaded room images and generated visualization images are stored temporarily in Google Cloud Storage. These images are associated with your account and subject to your plan's retention period (30 days).

1.7 Usage Data

We may collect anonymous usage analytics such as page views, feature usage patterns, and error logs to improve our service. This data does not personally identify you.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and maintain the FabricLab service
  • To authenticate your identity and manage your account
  • To manage subscriptions and organization membership
  • To generate drapery calculations, work orders, and PDF documents
  • To generate AI fabric visualizations using Google Generative AI
  • To save exported documents to your Google Drive (only when you explicitly request it)
  • To send transactional emails (invitations, billing notifications, password resets)
  • To process payments through Stripe
  • To improve our service and fix issues

We do not use your information, including Google user data, for advertising, marketing to third parties, or any purpose unrelated to providing and improving FabricLab's functionality.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or Google user data to any third party. We do not transfer or disclose Google user data to third parties except as described below:

  • Google Cloud Platform: Our application, database, and file storage are hosted on Google Cloud Platform. Google processes data on our behalf as a data processor under their Data Processing Addendum.
  • Stripe: For payment processing only. Subject to Stripe's Privacy Policy. Stripe does not receive any Google user data.
  • Google Generative AI: When you use the AI Fabric Visualizer, your uploaded room images are sent to Google's Generative AI API to produce fabric visualization results. No other personal data is shared with this service.
  • Your Organization: If you belong to an organization on FabricLab, administrators in your organization can see your name, email, role, and project data.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or enforceable governmental request, or to protect our rights, privacy, safety, or property.

4. Google User Data — Specific Disclosures

This section specifically addresses our handling of data obtained through Google APIs, in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

4.1 What Google User Data We Collect

  • Name, email address, and profile picture from your Google account (used for account creation and display)
  • OAuth refresh token (stored securely to maintain your authenticated session)
  • Google Drive file access token (used only when you choose to export documents to your Drive)

4.2 How We Use Google User Data

  • To authenticate you and create your FabricLab account
  • To display your name and profile picture within the application
  • To save work order PDFs to your Google Drive when you explicitly initiate an export

We do not use Google user data for serving advertisements, for sale to third parties, or for any purpose other than providing and improving FabricLab's user-facing features.

4.3 Google User Data Sharing

We do not share, transfer, or disclose Google user data to any third parties except:

  • To Google Cloud Platform, which hosts our application (acting as a data processor on our behalf)
  • If necessary to comply with applicable law, regulation, or legal process
  • As part of a merger, acquisition, or sale of assets, with notice to users

We do not sell Google user data. We do not use Google user data for advertising. We do not permit human review of Google user data except as required for security purposes, to comply with law, or with user consent.

4.4 Google User Data Retention and Deletion

Google user data (name, email, profile picture, OAuth tokens) is retained for as long as your FabricLab account is active. When you delete your account or revoke FabricLab's access through your Google Account permissions:

  • All Google user data, including OAuth tokens, is deleted from our systems within 30 days
  • Files created in your Google Drive by FabricLab remain in your Drive under your control
  • You may also request immediate deletion by contacting us at support@fabriclab.ai

4.5 Data Protection for Google User Data

We protect Google user data with the following security measures:

  • All data is transmitted over HTTPS/TLS encryption
  • OAuth tokens are stored in encrypted database fields on Google Cloud SQL
  • Access to production databases is restricted to authorized personnel only
  • We use JWT-based session tokens with automatic expiration
  • OWASP-compliant security headers are applied to all responses
  • Rate limiting and input sanitization protect against abuse

4.6 Limited Use Disclosure

FabricLab's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Storage and Security

Your data is stored on secure servers provided by Google Cloud Platform (GCP), including Google Cloud Run (application hosting), Google Cloud SQL (PostgreSQL database), and Google Cloud Storage (file storage). We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • Encrypted database connections via SSL
  • OWASP-compliant security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options)
  • Rate limiting and input sanitization to prevent abuse
  • Role-based access control at both application and organization levels
  • Password hashing using bcrypt with a cost factor of 12
  • Secure session management with JWT tokens and automatic expiration

6. Data Retention and Deletion

We retain your account data and associated project data for as long as your account is active. Specific retention policies:

  • Account data (name, email, profile): retained while your account is active; deleted within 30 days of account deletion
  • Project and calculation data: retained while your account is active; deleted with your account
  • AI visualization images: retained for 30 days from creation, then automatically deleted
  • OAuth tokens: deleted immediately when you revoke access or delete your account
  • Payment records: retained as required by financial regulations (typically 7 years for transaction records)
  • Password reset tokens: expire after 1 hour and are deleted after use

To request deletion of your account and all associated data, contact us at support@fabriclab.ai.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your project data
  • Revoke FabricLab's access to your Google account at any time through your Google Account permissions
  • Withdraw consent for optional data processing

8. Cookies

FabricLab uses essential cookies for authentication session management (session tokens). We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

9. Children's Privacy

FabricLab is a business-to-business tool not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email or in-app notification. The “Last updated” date at the top of this page indicates when the policy was most recently revised. Continued use of FabricLab after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, your data, or wish to exercise any of your rights, contact us at:

Sonata Unified
Email: support@fabriclab.ai
Website: https://fabriclab.ai