Privacy Policy - StartBoard

2) What we collect

We collect the following categories of personal data:

Account & Authentication

• Name, email address, profile picture (where available), Facebook user ID, OAuth tokens/identifiers, password only if you create a native account (hashed & salted).

Usage & Device Data

• IP address, device/browser type, language, timezone, pages viewed, referrer URLs, app actions, error logs, and diagnostic data (via first‑party logs and analytics).

Content You Provide

• Prompts, uploaded images/assets, saved ads (metadata from Meta Ad Library), project names, tags, and settings.

Payments & Subscriptions

• Billing email, plan, transaction identifiers, last 4 digits and expiry of card (processed by Stripe). We do not store full card numbers.

Communications

• Support requests, email correspondence, feedback, survey responses.

Cookies/Similar Technologies

• Essential (authentication, security), functional (preferences), analytics, and marketing cookies. See Cookies below.

3) Sources of data

• Directly from you when you register, sign in (e.g., via Facebook Login), use the app, or contact support.
• Automatically through your device and usage of the Services.
• From third parties you connect (e.g., Meta for login), and from providers we use for processing (e.g., Stripe for payments, email providers, cloud hosting, and AI model providers to generate images/text).

4) Purposes & legal bases (GDPR)

Where we rely on consent, you can withdraw it at any time via preferences or by contacting us.

5) How we use and share information

We use your information to run the Services and only share it as needed:

Processors (service providers) — bound by contracts to process data on our behalf:

• Stripe, Inc. (payments, subscription management)
• Meta Platforms, Inc. (Facebook Login authentication); we receive name/email/user ID as permitted by you.
• Cloud hosting & infrastructure (servers, storage, CDN)
• Email & customer support tools (ticketing, transactional emails)
• AI model providers used to generate content from your prompts/uploads (e.g., image or text generation). We transmit only what’s necessary to fulfill your request. We instruct providers not to use your data to train their models unless you explicitly opt‑in or as required by the provider’s terms and applicable law.

Legal & safety

We may disclose information to comply with law, enforce our terms, or protect rights, property, or safety.

Business transfers

In a merger, acquisition, or asset sale, your data may be transferred subject to this Policy.

We do not sell your personal information.

6) International transfers

We may process and store data in countries other than where you reside. When transferring personal data out of the EU/UK, we rely on lawful safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and supplementary measures as needed.

7) Data retention

We keep personal data only as long as necessary for the purposes above:

• Account data: for the life of the account and then deleted or anonymized within 30 days after closure.
• Logs/diagnostics: typically 12–24 months.
• Payment records: retained as required by tax/accounting laws.
• Backups: overwritten on rolling cycles (normally within 30 days after deletion events).

8) Your rights (GDPR/UK GDPR)

You can access, rectify, erase, or port your data, and object to or restrict processing in certain cases. You may also withdraw consent where processing is based on consent.

To exercise rights: email privacy@startboard.io. We will verify your identity and respond within statutory timelines.

You have the right to lodge a complaint with your local supervisory authority. In France, this is the CNIL.

9) California notice (CCPA/CPRA)

We collect identifiers, commercial information, internet activity, and inferences for the purposes described above. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined by the CPRA.

California residents can request access, deletion, correction, and limit use of sensitive information by emailing privacy@startboard.io. You may also use an authorized agent.

10) Cookies & tracking

We use cookies and similar technologies:

• Essential (required for login, security, load balancing)
• Functional (preferences, UI state)
• Analytics (usage metrics, performance)
• Marketing (only with consent where required)

You can manage cookies in your browser and—where available—in our cookie banner/preferences center. Blocking some cookies may impact functionality.

11) Children

Our Services are not directed to children. We do not knowingly collect personal data from persons under 16 (or a higher age where required). If you believe a child has provided data, contact us and we will delete it.

12) Security

We apply administrative, technical, and physical safeguards including encryption in transit, access controls, least‑privilege practices, and regular monitoring. No method of transmission or storage is 100% secure.

13) Third‑party links

Our Services may link to third‑party sites. Their privacy practices are governed by their own policies.

14) Changes to this Policy

We may update this Policy from time to time. We will post the updated version with an updated Effective date and, where appropriate, notify you.

15) Contact

Questions or requests: privacy@startboard.io