Pruning Practice – Privacy Policy

1. Who we are / Contact

The Platform is operated by 3D2cut (a Swiss company).

For any privacy questions, data access, or deletion requests, you can contact:

• Email: support@3d2cut.com
• Phone: +41 27 552 13 41
• Postal address: 3D2cut SA, 29 Route de Sion CP 140, 3960 Sierre

If you are in the EU/EEA or UK, you may also have the right to contact your local data protection authority.

2. What data we collect

We collect data in five main categories:

2.1 Account and Identity Data

• Name (if provided)
• Email address
• Login method (Apple, Google, or other SSO)
• Organization / vineyard name, if you are part of a company group
• Role (for example: Admin/Manager vs Worker/Learner)

Why we need it:
We use this to create and maintain your account, verify that you are a unique named Seat, assign Seats to individuals, and allow managers to oversee their assigned team.

We do not store your Apple/Google password. Authentication is handled by the provider.

2.2 Course Access and Progress Data

• Which course(s) you have access to (e.g. “Guyot Simple”)
• Which lessons you watched and when
• Which exercises you attempted, how many times, and your results
• Completion status, quiz scores, performance analytics, timestamps
• Training “unlocked” state (e.g. exercise unlocked after lesson viewed)

Why we need it:
We use this to operate the core service: unlock exercises after lessons, give you feedback, and generate training analytics.

If you are in an Organization (for example, a vineyard that bought Seats for employees), we also make parts of this data visible to the Organization’s Admin so they can track their workers’ training. See Section 5.

2.3 Device and Technical Data

• Device type (phone model, OS version)
• App version
• IP address and general region (not precise GPS location)
• Crash logs and performance metrics
• Security / integrity signals (for example: unusual concurrent logins from multiple devices, abnormal usage patterns suggesting account sharing)

Why we need it:
We use this to improve app stability, detect bugs, and enforce the “one Seat = one human” licensing model. We also use this to investigate fraud, abuse, and attempts to bypass per-seat limits (for example, one account being used by several different workers).

2.4 Payment and Billing Data

• Number of Seats purchased
• Billing contact and billing address
• Tax / VAT ID (if applicable)
• Purchase confirmation details and invoice references

Important:

• We do not directly store your full payment card details if payment is processed by a third-party processor (e.g. App Store, Stripe). The processor handles card/bank data. We receive transaction metadata so we can confirm payment and issue access.

2.5 Support / Communication Data

• Messages you send us (email, chat, support requests)
• Any attachments you provide (for example, photos of cuts, screenshots, error reports)
• Call notes from phone support

Why we need it:
We use this to answer your questions, solve account issues, and improve training quality.

3. How we use your data. Eligibility & Accounts

We use personal data for the following purposes:

3.1 To provide the service

• Create and maintain your account
• Assign Seats and let Admins manage teams
• Unlock lessons, exercises, and training features
• Track your learning progress and display analytics to you

Legal basis under GDPR-style frameworks: performance of a contract (providing the training service you purchased or were assigned).

3.2 To show progress to your Organization (if applicable)

If your account is part of an Organization (e.g. vineyard, contractor, coop) and that Organization paid for your Seat, we provide the Admin/Manager with visibility into:

• whether you actually started / used the Seat assigned to you
• your completion status
• scores / pass/fail indicators
• timestamps that show training activity

This is necessary for the Organization to confirm that (a) workers are actually being trained, and (b) they are compliant internally. It also prevents one Seat being silently “reused” by multiple rotating workers.

Legal basis: legitimate interests of the Organization and of 3D2cut in confirming who is trained and enforcing correct Seat usage; and performance of contract where training is part of the commercial agreement.

3.3 To enforce licensing and prevent abuse

We analyze usage to detect:

• account sharing (multiple people using the same Seat),
• broadcasting / projecting content to train an unlicensed group,
• automated scraping / copying,
• unusual repeated exercise submissions that suggest multiple humans behind one login.

If we detect clear abuse, we may investigate, suspend, or terminate access without refund, consistent with our Terms of Service.

Legal basis: legitimate interests in protecting our intellectual property, enforcing per-seat licensing, and preventing fraud.

3.4 To improve and secure the Platform

We use aggregated and anonymized trends (for example, “Lesson 4 has a high failure rate” or “Crash rate on iOS 18.2 devices”) to:

• improve lesson clarity,
• fix bugs,
• enhance scoring logic,
• optimize the user interface,
• plan future pruning courses and languages.

Where possible we do this with data that is de-identified and no longer tied to your name or email.

Legal basis: legitimate interests in product improvement and service reliability.

3.5 To communicate with you

We may contact you:

• to send important service notices (e.g. security issues, major changes to a course, changes to Terms/Privacy),
• to respond to support requests,
• to send onboarding or usage guidance (for example: “You unlocked the next exercise”).

For purely promotional marketing (for example “New course available”), we will only send it where allowed by law and you can opt out at any time.

Legal basis: performance of contract (service notices), legal obligations, and/or legitimate interests. For marketing, consent or legitimate interests as required by local law.

3.6 To comply with legal obligations

We may process and retain certain information if required by tax law, accounting rules, audit obligations, safety regulations, dispute handling, or court / regulator requests.

Legal basis: compliance with legal obligations.

4. How we share your data

We do not sell or rent your personal data.

We share data only in these limited cases:

If your Seat was purchased by an Organization, some of your training activity and progress (Section 3.2) is visible to that Organization’s Admin. This may include completion status, scores, and timestamps.

If you purchased privately for yourself, we do not share your progress with any employer or vineyard by default.

4.2 Service providers (processors)

We use trusted third parties to help us run the Platform, for example:

• Cloud hosting and storage
• Authentication (Apple, Google)
• Payment processing and invoicing
• Error/crash analytics
• Customer support tools / ticketing

These providers only get the data they need to perform their service on our behalf. They must keep it confidential and secure, and they cannot use it for their own independent purposes.

4.3 Fraud / abuse investigation

If we investigate suspected abuse, we may internally share relevant logs and usage signals with limited personnel and, where strictly necessary, external advisors (for example, legal counsel).

4.4 Legal and safety

We may disclose data if we believe in good faith that it is reasonably necessary to:

• comply with the law, regulation, legal process, or valid government request,
• protect the safety of any person,
• detect, prevent, or address fraud, security, or technical issues,
• enforce our Terms of Service and defend our rights.

4.5 Business transfers

If we undergo a merger, acquisition, restructuring, asset sale, or similar event, your data may be transferred to the successor entity. That entity will assume the same obligations described in this Policy.

5. Visibility for Admins / Managers

This section is important if you are a seasonal worker or employee using the Platform under a vineyard or contractor account.

• The person or company that bought your Seat (“Admin”) can see if you actually used it.
• The Admin can typically see your learning status, completion, and similar performance indicators.
• The Admin cannot automatically see your password or log in “as you.”
• We do not give the Admin raw internal security signals (for example, “unusual IP address activity”) unless required for a fraud investigation involving that Admin’s account.

If you are a private buyer (you bought the Seat for yourself, not via an employer), there is no Admin. No one else gets access to your training performance by default.

6. International data transfers

We are based in Switzerland and may use service providers and infrastructure in other countries.

When we transfer personal data internationally, we take steps required by applicable law to protect that data. Depending on your location, this may include:

• using service providers in jurisdictions recognized as having adequate data protection,
• applying standard contractual clauses or similar safeguards,
• limiting which data is transferred.

7. Data retention

We keep personal data only as long as needed for the purposes described in this Policy:

• Account & identity data: kept while your account is active.
• Course access & progress data: kept while your Seat is active and for a reasonable period after, so you (or your Organization) can prove completion and we can improve training quality.
• Fraud / abuse data: kept as long as needed to enforce Terms and prevent repeated abuse.
• Billing / invoicing data: kept for the duration required by tax and accounting law (which can be several years).
• Support messages: kept while resolving the request and for a reasonable period for audit/training.

If you request deletion of your account (see Section 9), we will either delete or irreversibly anonymize personal data that is no longer required for:

• our legal obligations,
• record-keeping for taxes/accounting,
• fraud prevention and enforcement of our Terms.

8. Security

We use technical and organizational measures designed to protect personal data, including (for example):

• encrypted transport (TLS),
• access controls / authentication,
• internal access logging,
• separation of production and test data.

No system can be guaranteed 100% secure. You are responsible for:

• using a strong login (Apple/Google account security),
• not sharing your credentials,
• notifying us immediately if you suspect unauthorized access.
  

9. Your rights

Depending on where you live (for example Switzerland, EU/EEA, UK, certain U.S. states), you may have some or all of the rights below. We will honor these rights where required by applicable law.

• Access / Portability
  You can ask for a copy of the personal data we hold about you.
• Correction (Rectification)
  You can ask us to correct inaccurate or incomplete personal data.
• Deletion / Erasure
  You can ask us to delete your personal data.
  Note: we may keep certain information if we are legally required to (for example, invoicing records), or if we still need it to enforce our Terms (for example, ongoing fraud investigation).
• Restriction / Objection
  You can ask us to stop or limit certain processing, especially if you believe it’s unlawful or not needed.
• Withdraw consent
  If we rely on your consent (for example, certain marketing communications), you can withdraw that consent at any time.
• Complain to a regulator
  You may have the right to lodge a complaint with your local data protection authority. We always encourage you to contact us first so we can try to resolve it quickly.

How to exercise these rights:
Email support@3d2cut.com from the email associated with your account and tell us what you’d like to do (access, correct, delete, etc.). We may need to verify your identity before acting on the request.

Account self-service:
You can delete your account directly in the app or by contacting us. When an account is deleted, your access to the course and your Seat ends, and we will schedule your personal data for deletion or anonymization as described in Section 7.

10. Children’s privacy

The Platform is not intended for children under 16 years old.

We do not knowingly collect personal data from anyone under 16 without appropriate consent (for example, parental consent or legally valid employer consent if applicable under local labor/safety law). If you believe a child under 16 has provided personal data to us without consent, contact us and we will take appropriate steps.

If your vineyard/Organization assigns Seats to minors (for example, vocational training interns), that Organization is responsible for ensuring that providing that Seat and that data is lawful, and for obtaining any required consents. We may require proof of that consent.

11. Changes to this Policy

We may update this Privacy Policy from time to time.

If we make material changes (for example, we start collecting new categories of data or we change who can see training performance), we will notify you in a reasonable way: for example by email, in-app notice, or a notice on the Platform before the new version takes effect.

If you continue using the Platform after the updated Policy takes effect, that means you accept the updated Policy.

12. Summary (not legally binding)

We collect account info, progress data, technical data, and billing info so we can provide training, assign Seats, and prove that each Seat is used by one real person.

If your Seat was bought by your Organization, your manager/Admin can see your training status, scores, and completion.

We monitor usage to detect Seat sharing and other abuse. If we see abuse, we may suspend access.

We don’t sell your data.

You can request access, correction, or deletion of your data.

You can delete your account, and we’ll remove or anonymize what we no longer need to keep for legal or anti-fraud reasons.