Privacy Policy
Effective Date: Jul 16, 2026
1. Introduction
This Privacy Policy describes how Critter Engine LLC ("Critter," "we," "us," or "our") collects, uses, discloses, and protects personal information when you use Critter's websites, browser-based editor, cloud project features, documentation, communications, and related services (collectively, the "Services").
This Privacy Policy applies to:
- https://app.critterengine.com;
- https://www.critterengine.com;
- any website or application page that links to this Privacy Policy;
- Critter project viewers embedded on third-party websites, when that feature is offered;
- account, cloud save, cloud autosave, project upload, project sharing, support, feedback, marketing, and payment interactions with us.
If you do not agree with this Privacy Policy, do not use the Services.
2. Summary
We collect information you provide directly, information generated automatically when you use the Services, information from authentication/payment/support providers, and content you upload or save through the Services.
We use this information to provide, secure, maintain, troubleshoot, bill for, and improve the reliability, performance, security, and functionality of the Services; respond to requests; send administrative messages; send marketing where permitted; and comply with legal obligations.
We do not currently sell private user-uploaded projects. We do not use private user projects, uploads, autosaves, files, simulations, prompts, model files, training runs, controller artifacts, or related private User Content to train, fine-tune, or improve Critter's own or generally reusable machine learning or artificial intelligence models unless the user gives separate, affirmative opt-in consent for that specific use. User-requested controller-training features are different: Critter may process selected User Content to provide a user-requested controller-training feature, but using that feature does not by itself grant Critter permission to use that content for Critter model training.
3. Information We Collect
3.1 Information You Provide
Depending on how you use the Services, we may collect:
- name, email address, username, account identifiers, and profile information;
- authentication information and account metadata handled through providers such as Clerk, Google OAuth, and GitHub OAuth;
- company, organization, or team information if you provide it;
- subscription plan, payment status, billing history, invoice information, and account identifiers used to manage billing;
- support requests, feedback, form submissions, emails, survey responses, and other communications;
- marketing preferences and email subscription status;
- project names, project metadata, file names, configuration data, and other information you choose to provide through the Services.
Stripe or another payment processor collects and processes payment-card details and other payment information. We do not intentionally store full payment-card numbers or card security codes on our own systems.
3.2 User-Uploaded Projects And Files
Users may upload, create, import, autosave, save, store, share, and manage projects, files, simulations, metadata, robot models, meshes, textures, behavior settings, controller settings, sensor data, recordings, thumbnails, previews, exports, and related content through the Services ("User Content").
Some User Content may include personal information if a user chooses to include it in project names, file names, descriptions, metadata, uploaded files, comments, support requests, or shared content. Users are responsible for ensuring they have the rights and permissions needed to upload and process their User Content through the Services.
3.3 Anonymous Local Browser Data
If you use Critter without creating or signing into an account, certain drafts, autosaves, assets, preferences, cached files, or project recovery data may be stored locally in your browser using browser storage technologies such as IndexedDB, local storage, cache storage, or similar browser mechanisms.
This local browser data is stored on your device/browser profile. Critter does not receive or store anonymous local drafts in its cloud systems unless you sign in and save, upload, share, submit, or otherwise send that content to the Services.
Local browser data may be lost if you clear browser data, use private/incognito mode, change devices or browsers, disable browser storage, or if your browser or operating system clears storage.
3.4 Cloud Saves, Cloud Autosaves, And Account Storage
If you create or sign into an account, the Services may store projects, files, assets, metadata, previews, thumbnails, share-link records, project versions, and autosaves in Critter's cloud systems.
Cloud autosaves are progressively thinned over time rather than kept in full. Critter generally keeps a project's most recent autosaves plus a small number of older checkpoint autosaves. Retained autosaves may be kept for as long as the project remains in the account, unless replaced, deleted, converted to a named save, removed for abuse, security, or legal reasons, or otherwise cleared under service limits.
Paid plans may include additional storage, version history, cloud save features, or other plan features described at checkout or on the applicable plan page.
3.5 Information Collected Automatically
When you use the Services, we and our service providers may automatically collect technical, diagnostic, security, and usage information, including:
- IP address;
- browser type and settings;
- device type, operating system, language, and approximate device/browser characteristics;
- referring URLs, pages viewed, paths, timestamps, session events, and feature usage;
- log data, error reports, stack traces, performance data, and diagnostic data;
- approximate location inferred from IP address, such as country, region, or city;
- cookie, local storage, and similar technology identifiers;
- cloud request metadata, security events, and abuse-prevention signals.
We do not intentionally collect precise GPS location unless a feature separately asks for and receives permission.
Critter's Sentry error reporting is configured not to intentionally collect personal information, session replays, screen recordings, or performance traces. Diagnostic events are scrubbed before they are sent to remove query strings, request headers, cookies, request bodies, local file paths, user context, and sensitive-looking fields.
3.6 Information From Third-Party Sources
We may receive limited information from service providers and integrations used to operate the Services, such as:
- authentication providers, including Clerk, Google OAuth, and GitHub OAuth;
- payment processors, including Stripe;
- hosting, CDN, security, and infrastructure providers, including Cloudflare;
- error monitoring and diagnostics providers, including Sentry;
- email, marketing, and form providers, including MailerLite and Formspree;
- support, analytics, database, storage, or other operational service providers we use.
For Google and GitHub sign-in, we generally receive basic account/profile information such as name, email address, profile image/avatar, provider user ID, and authentication metadata, depending on the provider and sign-in configuration. We use Google and GitHub OAuth for sign-in only. We do not access Google Drive, Gmail, Calendar, Contacts, GitHub repositories, GitHub organizations, or similar provider data unless we separately request that access and disclose that use.
We do not collect personal information from data brokers, affiliate programs, public databases, or broad social media sources for targeted advertising.
4. How We Use Information
We use personal information and User Content as needed to:
- create, authenticate, secure, and manage accounts;
- provide the browser editor, simulation tools, project import/export, cloud save, cloud autosave, project versioning, sharing, and other Services;
- store, process, back up, restore, render, simulate, analyze, and manage projects and related files;
- operate, maintain, troubleshoot, debug, secure, and improve the reliability, performance, security, and functionality of the Services;
- process subscriptions, payments, invoices, refunds, cancellations, taxes, disputes, and fraud-prevention checks;
- respond to support requests, feedback, questions, bug reports, and privacy requests;
- send administrative messages about accounts, security, billing, subscriptions, service changes, policy updates, and support;
- send marketing or promotional emails where permitted and according to user preferences;
- monitor usage trends, performance, availability, reliability, abuse, and security;
- comply with legal obligations, enforce our agreements, protect rights and safety, and prevent misuse.
We do not use private User Content to train, fine-tune, or improve Critter's own or generally reusable machine learning or artificial intelligence models unless the user gives separate, affirmative opt-in consent for that specific use. We may process User Content as needed to provide, secure, troubleshoot, support, maintain, and improve the reliability, performance, security, and functionality of the Services, including user-requested controller-training features, but that operational processing is separate from Critter model training.
5. User-Uploaded Projects, Controller Training, And Critter Model Training
The Services let users create, upload, autosave, store, and work with project files, simulations, metadata, and related materials. Critter handles that content for product operations such as saving projects, rendering previews, running simulations, troubleshooting issues, maintaining backups, protecting the Services, and improving reliability, performance, security, and core functionality.
Nothing in this Privacy Policy changes ownership rights in User Content. Ownership and license rights are governed by the Terms of Service. We do not currently sell user-uploaded content.
Controller-training features are different from Critter model training. If Critter offers features that let users train, optimize, tune, generate, or evaluate controllers, policies, parameters, or simulation behaviors for their own projects, Critter may process the selected User Content as needed to provide that user-requested feature. This may include running simulations, creating intermediate training data, generating outputs, and storing or displaying results according to the feature settings and this Privacy Policy. This applies whether training runs in the user's browser, on the user's own hardware, or on Critter-hosted infrastructure.
Using a controller-training feature does not by itself give Critter permission to use private User Content, training runs, outputs, controller artifacts, or project data to train, fine-tune, or improve Critter's own or generally reusable machine learning or artificial intelligence models for other users or general product development.
Critter will not use private User Content for Critter model training, benchmarking datasets, public datasets, research datasets, or generally reusable machine learning or artificial intelligence model improvement unless the user gives separate, affirmative opt-in consent for that specific use. Publishing, sharing, exporting, saving, or uploading content to Critter does not by itself grant us permission to use that content for Critter model training.
If we introduce Critter model-training, benchmarking, dataset, public gallery, research, or similar features, we will explain the data use for that feature and require a clear user action before using private User Content for those purposes. A user who does not opt in can still use Critter's core Services, other than features that require training-submitted content to function.
As described in this Privacy Policy, Critter may keep autosaves, backups, logs, and deleted content for limited periods when needed for recovery, security, fraud prevention, debugging, legal compliance, dispute resolution, or enforcing our agreements.
6. How We Disclose Information
We disclose information only as needed for the purposes described in this Privacy Policy, including:
- to service providers that operate, host, secure, monitor, support, bill, or maintain the Services;
- to authentication providers to create and manage accounts and sign-in sessions;
- to payment processors to process subscriptions and payments;
- to email, support, form, and communication providers to send messages or receive inquiries;
- to infrastructure, database, storage, CDN, logging, analytics, security, and error-monitoring providers;
- to professional advisers, legal authorities, or other parties when necessary for legal compliance, safety, security, dispute resolution, enforcement, or protection of rights;
- to Workspace owners and administrators, if you join or use a team, organization, or workspace account, as described below;
- in connection with a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction.
If Critter offers team, organization, or workspace accounts ("Workspaces") and you join or use one, the Workspace owner and administrators may be able to view account, usage, membership, and billing information associated with the Workspace and may be able to access, manage, export, transfer, restrict, or delete projects and other User Content stored in the Workspace. Do not store personal content in a Workspace unless you understand that the Workspace owner or administrator may control it. The Terms of Service describe Workspace roles and responsibilities.
Current/expected service providers include:
| Provider | Purpose |
|---|---|
| Clerk | Account registration, authentication, user management, and Clerk SDK telemetry |
| Google OAuth | Optional Google sign-in |
| GitHub OAuth | Optional GitHub sign-in |
| Stripe | Payments, subscriptions, billing |
| Cloudflare | Hosting, CDN, Workers/API, database/storage for cloud projects and uploaded assets, security, infrastructure, traffic/security logs, network error reporting, Cloudflare Web Analytics, and access control if enabled for protected environments |
| GitHub (asset hosting) | Hosting for Critter's built-in asset library and pretrained example models; receives standard web request data such as IP address when the app loads those assets |
| Sentry | Error monitoring, diagnostics/debugging |
| MailerLite | Marketing email subscription management through Critter's updates endpoint; email analytics/preferences if enabled |
| Formspree | Feedback form processing when users submit the feedback form |
We do not disclose personal information to data brokers for sale, and we do not use targeted advertising pixels or cross-context behavioral advertising tools.
7. Cookie Notice: Cookies, Local Storage, And Similar Technologies
We and our service providers may use cookies, local storage, IndexedDB, cache storage, pixels, web beacons, SDKs, and similar technologies. These technologies may store information on your browser or device, read information from your browser or device, or help us recognize your browser, device, session, preferences, or activity.
7.1 Types Of Technologies We Use
- Cookies: small files or values stored by a browser to support sessions, security, preferences, analytics, or similar functions.
- Local storage and IndexedDB: browser storage used to save app state, preferences, cached assets, project recovery data, local autosaves, and similar browser-local data.
- Cache storage: browser storage used to improve app loading and asset availability.
- Pixels, web beacons, SDKs, and scripts: small code or request-based technologies used by service providers for diagnostics, forms, email preferences, analytics, security, or similar operational purposes.
7.2 Why We Use These Technologies
We use these technologies for the following purposes:
| Category | Purpose | Examples |
|---|---|---|
| Strictly necessary | To provide core Services users request | Sign-in sessions, authentication state, security, fraud prevention, load balancing, project save flows, browser-local recovery, app operation |
| Preferences | To remember user choices | UI preferences, reduced-motion preference, app settings, local editor state |
| Diagnostics and performance | To understand errors and improve reliability | Sentry error reports, crash diagnostics, debugging breadcrumbs, service health |
| Security and infrastructure | To protect and deliver the Services | Cloudflare security, request logs, bot/abuse prevention, CDN and routing |
| Analytics | To understand service usage and improve product decisions | Cloudflare Web Analytics on marketing pages; similar privacy-conscious analytics if enabled elsewhere |
| Forms and communications | To process form submissions and email preferences | Formspree contact/feedback forms, MailerLite newsletter or marketing-email preferences |
7.3 Current Provider Assumptions
Current service providers that may use cookies or similar technologies include:
| Provider | Current expected use |
|---|---|
| Clerk | Account authentication, sign-in sessions, user management, Clerk SDK telemetry |
| Google OAuth | Optional Google sign-in |
| GitHub OAuth | Optional GitHub sign-in |
| Cloudflare | Hosting, CDN, security, traffic logs, network error reporting, infrastructure, Cloudflare Web Analytics on marketing pages, and access controls if Cloudflare Access is enabled |
| GitHub (asset hosting) | Serves built-in asset library and pretrained example model files requested by the app |
| Sentry | Error monitoring, diagnostics/debugging |
| MailerLite | Marketing email subscription management through Critter's updates endpoint and email analytics/preferences if enabled |
| Formspree | Feedback form processing when users submit the feedback form |
| Stripe | Checkout, billing, fraud prevention, subscription/payment processing if paid plans are enabled |
7.4 Browser-Local Project Storage
Critter uses browser storage technologies such as IndexedDB and local storage for app functionality, including browser-local project recovery, cached project assets, user preferences, and local editor state.
For anonymous/no-account users, this browser-local project data stays in the user's browser and is not stored in Critter's cloud systems unless the user signs in and saves, uploads, shares, submits, or otherwise sends that content to the Services.
Browser-local data may be lost if the user clears browser data, uses private/incognito mode, changes browsers or devices, disables browser storage, or if the browser or operating system clears storage.
7.5 Analytics, Advertising, And Sale/Sharing Assumptions
Critter does not use targeted advertising cookies, social media advertising pixels, abandoned-cart advertising reminders, data-broker trackers, or cross-context behavioral advertising tools.
Critter does not sell personal information or share personal information for cross-context behavioral advertising.
7.6 Managing Cookies And Browser Storage
Critter does not currently use targeted advertising cookies, social media advertising pixels, or a cookie-settings tool for optional advertising cookies.
Users can usually control cookies and browser storage through their browser settings. Blocking or deleting cookies, IndexedDB, local storage, or cache storage may affect sign-in, security checks, app functionality, preferences, local project recovery, cloud save flows, or other Services.
Users can also manage certain in-app privacy or storage preferences where available, such as technical error reporting and local asset persistence. Technical error reporting uses an in-app setting stored in browser storage, not a cookie.
If Critter later uses optional non-essential cookies or similar technologies that require consent or opt-out controls, Critter will update this Privacy Policy and provide the applicable consent or preference controls.
7.7 Consent For Non-Essential Technologies
Where consent is required by applicable law, Critter will seek consent before using non-essential cookies or similar technologies. Strictly necessary technologies may be used without consent where they are needed to provide the Services requested by the user, secure the Services, or operate essential functionality.
8. Payments
If you purchase a paid plan or paid feature, payment information is processed by Stripe or another payment processor. We may receive and store limited billing and subscription information, such as customer ID, subscription status, plan, invoices, payment status, billing contact information, tax-related information, refund or dispute status, and limited payment metadata.
We do not intentionally store full card numbers or card security codes on our own systems.
Stripe's privacy policy is available at https://stripe.com/privacy.
9. Marketing Communications
If you opt in or otherwise consent where required, we may send product updates, newsletters, launch announcements, feature updates, offers, or other marketing communications. You can unsubscribe from marketing emails by using the unsubscribe link in the email or by contacting us.
Even if you unsubscribe from marketing communications, we may still send administrative or transactional messages, such as account, billing, subscription, security, legal, support, and service-related notices.
10. How Long We Keep Information
We keep personal information and User Content for as long as necessary to provide the Services, maintain accounts, comply with legal obligations, resolve disputes, enforce agreements, prevent fraud and abuse, maintain security, and support ordinary business operations.
Our retention practices include:
- Anonymous browser-local drafts/autosaves are stored locally in the user's browser until replaced, cleared, deleted, evicted, or otherwise made unavailable by browser/app behavior.
- Cloud autosaves are progressively thinned over time; Critter generally keeps a project's most recent autosaves plus a small number of older checkpoint autosaves, which may be kept for as long as the project remains in the account, unless replaced, deleted, converted to a named save, removed for abuse, security, or legal reasons, or otherwise cleared under service limits.
- User-deleted projects are removed from active user-facing systems as soon as reasonably practicable, typically within 7 days, except where retention is needed for backups, security, legal compliance, dispute resolution, fraud prevention, abuse prevention, or enforcement.
- Account data and private cloud-stored User Content are deleted or anonymized typically within 90 days after account deletion or termination, except where retention is needed for legal, tax, accounting, billing, security, fraud prevention, backup, dispute-resolution, or enforcement purposes. Backup copies may persist for a limited period and are deleted on normal backup rotation, typically within 90 days.
- Routine logs, diagnostics, analytics, and approximate geolocation data are typically retained for up to 90 days unless a longer period is needed for security, debugging, legal compliance, fraud prevention, dispute resolution, backups, or account-related records.
- Purchase, subscription, billing, and transaction records may be retained for as long as needed for tax, accounting, legal, fraud prevention, dispute-resolution, and recordkeeping obligations.
When we no longer have an ongoing legitimate need to process information, we delete, anonymize, or isolate it from further active processing where deletion is not immediately possible, such as in backup archives.
11. Security
We use reasonable technical and organizational safeguards designed to protect personal information and User Content. These may include HTTPS/TLS, authentication controls, access controls, infrastructure security tools, monitoring, logging, and service-provider safeguards.
However, no electronic transmission or storage system can be guaranteed to be 100% secure. We cannot guarantee that unauthorized third parties will never defeat our security measures or improperly collect, access, use, disclose, alter, or destroy information.
12. Children
The Services are not intended for children under 13, and we do not knowingly collect personal information from children under 13. If you are 13 or older but under the age of majority where you live, you may use the Services only with permission from a parent or legal guardian. If we learn that we have collected personal information from a child under 13 without appropriate consent, we will take reasonable steps to delete it.
13. Your Privacy Choices And Rights
Depending on where you live, you may have rights to request access to, correction of, deletion of, or a copy of personal information we maintain about you. You may also have rights to opt out of certain processing, withdraw consent, appeal a privacy request decision, or limit certain uses of sensitive personal information where applicable law provides those rights.
To make a privacy request, contact us at:
- privacy@critterengine.com
- https://www.critterengine.com/feedback/
We may need to verify your identity before responding to a request. We may deny or limit requests where permitted by law, including where we cannot verify your identity, where retention is required or permitted by law, or where an exception applies.
14. United States State Privacy Notices
Residents of certain US states may have additional privacy rights. The categories of personal information we may collect or disclose include:
| Category | Examples | Collected | Disclosed |
|---|---|---|---|
| Identifiers | Name, email, username, account ID, IP address, online identifiers | Yes | Yes |
| Customer records information | Name, contact information, billing/subscription information | Yes | Yes |
| Commercial information | Subscription plan, purchases, invoices, payment status, billing history | Yes | Yes |
| Internet or network activity | Logs, usage data, pages/features used, device/browser data, security events | Yes | Yes |
| Approximate geolocation | Country/region/city inferred from IP address or billing data | Yes | Yes |
| Audio/visual/sensory information | Profile images/avatars received automatically through Google or GitHub sign-in, plus any such files users choose to submit | Yes, if users sign in with a social provider or submit such files | Yes, to service providers if received or submitted |
| Professional/employment information | Company/org information only if provided by users or future team profiles | Yes, if provided | Yes, to service providers if provided |
| Sensitive personal information | Not intentionally collected for launch | No | No |
| Inferences/profiles | Limited service, security, account, and usage inferences; no legal/significant automated decisions | Yes | Yes, to service providers if generated or processed through service providers |
We disclose personal information to service providers for business purposes described in this Privacy Policy. We do not currently sell personal information or share personal information for cross-context behavioral advertising.
15. Global Privacy Control And Do Not Track
Some browsers or extensions transmit "Do Not Track" or Global Privacy Control signals. The Services do not currently respond to Do Not Track or Global Privacy Control signals because Critter has not configured a consent-management tool or custom code to detect and honor those signals, except where applicable law requires otherwise.
If we later use technologies that are subject to opt-out rights, or if we enable a consent-management tool that honors Global Privacy Control, we will update this Privacy Policy and our cookie/consent settings.
16. International Users
Critter is operated from the United States and is currently intended for US-first launch. If you access the Services from outside the United States, your information may be processed in the United States and other locations where our service providers operate.
17. Changes To This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated effective date. If we make material changes, we will provide notice by posting a notice, updating the policy date, sending email, or using another reasonable method.
18. Contact Us
If you have questions or comments about this Privacy Policy, contact us at:
Critter Engine LLC
privacy@critterengine.com
1453 Camelot Ln, Tucker, GA 30084
To request access to, correction of, deletion of, or a copy of personal information we collect from you, use the same contacts or see Section 13.