Last updated: 2026-03-28
OPJAW is a deterministic geometry engine. It reads your STEP file, generates CNC workholding, and returns the output. The pipeline is procedural code — no neural networks, no training data. This policy covers data processed through opjaw.com.
OPJAW LLC is operated from Pennsylvania, USA. For questions about data processing: legal@opjaw.com.
When you load a page on opjaw.com:
__cf_bm cookie for
bot detection. This cookie expires after 30 minutes of inactivity and does not track you
across websites. Legal basis: legitimate interest in network security (GDPR Art. 6(1)(f)).
We do not run analytics, tracking scripts, or set first-party cookies.
Your STEP file is written to a temporary directory on an isolated cloud container (gVisor-sandboxed), processed by the geometry engine, and the directory is deleted when processing completes or fails.
STEP file headers may contain embedded metadata — author names, file paths, organization names. This metadata is processed in memory as part of the file and destroyed with it. We do not extract, parse, or store header metadata separately. We act as a data processor for any personal information embedded in uploaded files. Legal basis: contractual necessity (GDPR Art. 6(1)(b)).
Payment is handled by Stripe. When you click "Buy," you are redirected to Stripe Checkout. OPJAW never receives your card number, bank details, or billing address.
We store an order ID and payment status in volatile memory for up to 30 minutes to authorize your download. This data is not written to disk.
Stripe retains transaction records (email, payment details) as required by financial regulation. Stripe acts as a data processor on our behalf and as an independent data controller for AML, KYC, and fraud prevention.
Uploaded files and generated output are deleted from temporary storage when processing completes. Order records expire from memory after 30 minutes. We do not retain, archive, or back up your files. There is nothing to retrieve after the session ends.
| Service | Purpose | Role | Privacy / DPA |
|---|---|---|---|
| Stripe | Payment processing | Processor + Independent Controller | DPA |
| Modal | Cloud compute | Processor | DPA |
| Cloudflare | DNS, CDN, security | Processor | DPA |
Sub-processor lists: Modal, Cloudflare.
| Data | Retention |
|---|---|
| STEP files and output | Deleted on processing completion |
| Order metadata | 30 minutes (in-memory) |
| Payment records (Stripe) | Per Stripe retention policy |
Cloudflare __cf_bm |
30 minutes |
| IP addresses (Cloudflare) | Per Cloudflare retention policy |
Under GDPR, CCPA/CPRA, and applicable state privacy laws, you have the right to access, correct, delete, and port your personal data, and to opt out of sale or sharing. We do not sell, share, or otherwise track personal information, so there is no activity for browser privacy signals to control.
Because OPJAW has no user accounts, data subject requests must be sent to legal@opjaw.com from the email address used during Stripe checkout. We verify identity against Stripe transaction records.
Uploaded files and generated output cannot be accessed or deleted on request — they no longer exist after the 30-minute session window. Actionable requests apply to payment metadata retained by Stripe.
To exercise your rights or appeal a decision: legal@opjaw.com.
Data is processed in the United States. Transfers from the EU are governed by the EU–U.S. Data Privacy Framework and Standard Contractual Clauses included in our sub-processors' data processing agreements.
OPJAW is designed for manufacturing professionals. We do not knowingly collect information from anyone under 16. If you believe a minor has used the service, contact legal@opjaw.com.
Do not upload files containing ITAR, EAR, or CUI-controlled technical data. See Terms of Service, Section 10.
We may update this policy. Material changes will be posted here with a revised date. Continued use constitutes acceptance.
Questions about this policy: legal@opjaw.com