Privacy Policy

1. Summary

We collect only what is needed to provide the Service, including account details, usage data, and the content you create. We use data to deliver features (including offline), secure the Service, and improve performance. The Service is local‑first: some data is stored in your browser (IndexedDB) for offline use; clearing browser data, using private browsing, changing devices, or storage policies may result in data loss.

2. Data We Collect

• Account Information: Email, display name (if provided), third-party identity tokens.
• Identity and Authentication: OAuth identifiers, session tokens.
• Billing and Payments: Payment tokens and billing details processed by providers (e.g., Stripe). We do not store full card numbers; limited transaction metadata may be used for fraud prevention and reconciliation.
• User Content: Content you create or upload (boards, animations, assets, comments) and related metadata. For previews/exports, we may generate derived files (e.g., thumbnails, transcodes) as needed to operate the Service.
• Technical and Usage Data: Device and browser info, IP address and approximate location, logs, feature usage events, cookies, local storage identifiers, and storage usage estimates to help you manage local space.
• From Third-Party Integrations: Data (e.g., collaboration or storage metadata) to enable specific features.

3. How We Use Data

• We process personal information to operate and maintain the Site, ensure security, prevent fraud, and improve features and performance.

4. Sharing and Disclosure

• Service providers acting as processors (identity/auth, cloud hosting, storage, payments, email/analytics, logging/monitoring) under contractual safeguards;
• Authorities where required by law or to protect rights, property, and safety;
• Parties to a corporate transaction (merger, acquisition, or asset transfer) under confidentiality.

5. Data Retention & Deletion

• Account Data: Retained while your account is active. Upon verified deletion request, we delete or anonymize within a reasonable period (e.g., 30–90 days).
• Local Data: Offline data stored in your browser is under your control and may be deleted by clearing browser storage; we cannot remotely delete local data.

6. Local‑First Storage & Exports

The Service stores certain data locally in your browser (e.g., IndexedDB) for offline use, autosave, and faster load. Clearing browser data, using private browsing, device changes, or storage limits may cause data loss. Use export/backup features (e.g., JSON/PNG/PDF/WebM) to preserve content. We may generate derived files (thumbnails/transcodes) to operate exports and previews.

7. Cookies and Local Storage

• Necessary: Authentication/session, security, and preference storage.
• Functional: Improved features and settings.
• Analytics: Limited metrics for product improvement.

Some features may be limited if cookies in your browser are disabled.

8. Security & Vulnerability Reporting

We implement reasonable technical and organizational measures to protect personal data but cannot guarantee absolute security. Local data stored in your browser is not end‑to‑end encrypted by us and is subject to device/browser protections. Report vulnerabilities to the contact email and allow reasonable time to remediate.

9. Third-Party Sites and Services

The Service may link to or integrate third-party services. Their privacy practices are not governed by this Policy. Review their policies separately. We are not responsible for third parties’ actions.

10. Updates to this Policy

We may update this Policy periodically. Your signing in to or using the Service after the Effective Date constitutes your acceptance.

11. Contact & Controller

Contact: tacticslate@icloud.com.