Moodboard

Privacy Policy

Last updated: December 2024

This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address - For account authentication and important notifications
  • Display name - Your chosen name shown on your profile and shared boards
  • Profile picture - Provided via Google OAuth

Authentication Data

If you sign up using Google, we receive basic profile information (name, email, profile picture) from Google. We do not receive or store your Google password.

Content You Create

We store the content you create, including:

  • Board titles and settings
  • Images you upload
  • Text notes and sticky notes
  • Freehand drawings and shapes
  • Board layout and organization data

Usage Data

We collect anonymous usage analytics to improve our service, including pages visited and features used. This is handled by Umami Analytics, which is privacy-focused and does not use cookies or collect personal information.

AI Service Usage Data

When you use AI-powered features (template generation, canvas scaffolding), we collect request metadata for analytics and cost monitoring:

  • Request timestamp and endpoint used
  • AI model used for the request
  • Token counts (for internal cost tracking)
  • Response time and success/error status

We do NOT store your prompts or any content you submit to AI features. Only technical metadata is retained. AI request logs are retained for 90 days.

Storage Analytics

We track your storage usage (file sizes, file counts per board) to enforce plan limits, monitor service health, and provide usage insights to administrators.

2. How We Use Your Information

We use your information to:

  • Provide and maintain the service
  • Authenticate your account
  • Enable board sharing and collaboration
  • Send important service updates (rarely, only when necessary)
  • Improve the product based on anonymous usage patterns
  • Respond to support requests

We do not sell your personal information. We do not use your content to train AI models. Your boards and images remain yours.

3. Data Storage and Security

Where Your Data Lives

  • Account data and board metadata - Stored in a self-hosted database with encryption in transit via HTTPS
  • Uploaded images - Stored in Hetzner Object Storage in the EU with secure access controls

Security Measures

  • HTTPS encryption for all data in transit
  • Secure authentication
  • Access controls and regular security monitoring

4. Data Sharing

We share your data only in these circumstances:

  • Public boards - When you make a board public, anyone with the link can view it
  • Service providers - We use Hetzner for image storage. They process data on our behalf under strict agreements
  • Legal requirements - If required by law or to protect rights and safety

5. Your Rights

You have the right to:

  • Access your data - View all your boards and account information in the app
  • Export your data - Export boards as PNG images or JSON files
  • Delete your data - Delete individual boards or your entire account at any time
  • Correct your data - Update your profile and account information

To delete your account and all associated data, go to Settings and select "Delete Account". This action is immediate and irreversible.

6. Cookies and Local Storage

We use minimal cookies, only essential ones required for the service to function:

  • Authentication cookies - To keep you logged in securely
  • Local storage - To remember your preferences like dark/light mode
  • Payment cookies - Stripe sets cookies for fraud detection when you use billing features

We do not use advertising cookies or tracking cookies. Our analytics provider (Umami) does not use cookies. Stripe cookies are only loaded when you interact with billing features.

7. Third-Party Services

We integrate with these third-party services:

  • Google - OAuth authentication (Privacy Policy)
  • Hetzner - Image storage (Privacy Policy)
  • Stripe - Payment processing (only when you use billing features) (Privacy Policy)
  • Umami - Privacy-focused analytics (cookieless, anonymous)

8. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, please contact us.

9. International Data Transfers

Your data is primarily stored in the EU (Hetzner infrastructure). By using our service, you consent to this data storage location.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us through the support channels provided in the application.

By using this service, you agree to this Privacy Policy. If you do not agree, please do not use our service.