Legal

Privacy Policy

Last updated: April 24, 2026

Applies to: BoardSnap iOS app and boardsnap.ai

This is the plain-language version. We wrote it so a human can read it in one sitting. If anything below is unclear, email jack.b@10xdesign.com and we'll explain.

1. Who we are

BoardSnap is built and operated by Jack Brandt, a solo developer based in Detroit, Michigan, USA. "BoardSnap," "we," "us," and "our" all refer to this one-person company. You can reach us at jack.b@10xdesign.com.

2. What data we collect

Account data

When you sign in with Apple or Google, we receive your email address, your name (if you choose to share it), and your profile photo. You may also sign in with a magic-link email — in that case we only store your email. We do not store passwords.

User content

Whiteboard photos you capture or upload
Chat messages you type to BoardSnap's AI
Project names, brand descriptions, and website URLs you paste in
Action items and their completion state (todo / in-progress / done)

Usage data

We measure how the app is used so we can improve it: which screens you view, which buttons you tap, which features you adopt, approximate geolocation derived from your IP address (city-level, not GPS), and device info (model, iOS version, timezone). This is collected through PostHog — see Section 4.

Payment data

If and when paid subscriptions are enabled, all payments are processed by Apple through the App Store. We never see your card number or billing address. Apple tells us only whether your subscription is active.

3. How we use data

To run the app's core features — saving your boards, generating summaries and action items, powering chat responses, and keeping your projects organized.
To improve the product — aggregate usage analytics, crash reports, and performance metrics. We look at patterns across all users, not individual sessions.
To communicate with you — transactional emails (account confirmations, password resets, billing receipts) sent via Resend. No marketing emails unless you explicitly opt in.

4. AI and third-party data sharing

BoardSnap uses third-party services to deliver its features. Below is every vendor that ever receives data from BoardSnap, and what we send them. We do not sell your data. We do not share data for advertising.

AI-specific disclosure (Anthropic / Claude)

BoardSnap uses Anthropic's Claude AI (Claude Haiku 4.5) to generate summaries, action items, and chat responses. When you capture a whiteboard or send a chat message, the image or text is transmitted through our servers to Anthropic's Messages API for processing. The AI output is then returned to your device and saved to your account.

Anthropic does not use your data to train their models, per the Anthropic API Terms of Service that govern our use of their API. Anthropic's privacy practices are documented at anthropic.com/legal/privacy.

How to opt out. You can revoke AI consent at any time from App Settings → Privacy & AI → Revoke AI Consent. Declining AI consent disables BoardSnap's core AI features (summaries, action items, chat), but your non-AI data (account, projects, stored photos) remains accessible and editable.

Every third party we share data with

Anthropic (Claude AI) Your whiteboard photos, chat messages, and brand context are sent to Anthropic's Messages API to generate summaries, action items, and chat responses. Anthropic does not use this data to train their models. See anthropic.com/legal/privacy.
Supabase (database, storage, and edge functions) Hosts your boards, photos, account data, and auth tokens in US-region Postgres and object storage. See supabase.com/privacy.
Replicate (avatar generation) If you generate a custom avatar, the text prompt you provide is sent to Replicate. No board photos or chat messages are sent to Replicate. See replicate.com/privacy.
PostHog (product analytics) Usage events — screen views, button clicks, feature adoption — are sent to our self-managed PostHog Cloud EU workspace. We do not send message text, board photos, or other sensitive content to PostHog. See posthog.com/privacy.
Resend (transactional email) Your email address and the body of any email we send you (account confirmations, magic-link sign-in, billing receipts). See resend.com/legal/privacy-policy.
Apple (payments, sign-in, distribution) App Store purchases, Sign in with Apple, and app delivery are handled by Apple. See apple.com/privacy.
Cloudflare (website + CDN) Hosts boardsnap.ai and serves static assets. Cloudflare keeps standard web-server access logs (IP, user agent, timestamp) for abuse prevention.

We do not sell your data. We do not share data with advertisers. We do not use your content to train AI models, and our vendors have contractually agreed not to either.

5. Data retention

Account data — retained until you delete your account.
Boards, photos, chats, and action items — retained until you delete them individually or delete your account.
Analytics events — rolling 12-month window, then deleted.
Database backups — 30 days, then overwritten.

When you delete your account, we delete your user row, your projects, boards, photos, chat history, and action items from our primary database within 24 hours. Backups containing deleted data are purged within 30 days.

6. Your rights (GDPR, CCPA, and similar laws)

Regardless of where you live, you have these rights over your BoardSnap data:

Access your data — email jack.b@10xdesign.com and we'll send you a copy within 30 days.
Delete your account and data — in the app: Settings → Account → Delete Account. Or email us.
Correct or update data — in the app: Settings → Edit Profile, or edit any board / project / action item directly.
Revoke AI consent — in the app: Settings → Privacy & AI → Revoke AI Consent.
Opt out of analytics — a toggle at Settings → Privacy & AI → Disable Analytics is being added in a future release. Until it ships, email us and we'll disable analytics for your account manually.
Data portability — export via the access request above.
Lodge a complaint — if you're in the EU/UK, you can complain to your local data protection authority. We'd rather you email us first so we can fix whatever went wrong.

7. Security

Data in transit — TLS 1.3 for every request to our servers and to third-party APIs.
Data at rest — encrypted at the storage layer by Supabase (AES-256).
Authentication — Sign in with Apple, Google OAuth, and optional magic-link email. We never store passwords.
Access control — only the founder has production database access. All access is logged.

No system is 100% secure. If we ever discover a breach that affects you, we will notify you by email and in-app banner within 72 hours of confirming it.

8. Children

BoardSnap is not directed at children under 13, and we do not knowingly collect data from children under 13. If you believe a child under 13 has created a BoardSnap account, email us and we'll delete it.

9. Changes to this policy

If we change this policy in a way that meaningfully affects you — for example, adding a new third-party vendor, expanding the data we collect, or changing how we use AI — we'll notify you by email and through an in-app banner before the change takes effect. For minor edits (typos, clarifications), we'll just update the "Last updated" date at the top of this page.

10. Contact

Questions, requests, or complaints: jack.b@10xdesign.com. A real human (Jack) reads every one.