HeroBoards

Privacy Policy

HeroBoards is designed with data minimization in mind. We collect only what we need.

1. No user accounts

HeroBoards does not create user accounts. No email, password, or personal profile is stored. Your session uses a temporary guest token stored in a secure cookie.

2. What we collect

  • A temporary guest session token (stored in a secure HttpOnly cookie)
  • Your board recipe and edits (stored temporarily for generation and delivery)
  • Uploaded avatar photos (if you choose to upload one; deleted within 24 hours)
  • Generated board previews (watermarked; deleted after 24 hours)
  • Your paid clean PNG (stored for 48 hours post-payment)
  • Your email address (collected by Stripe during checkout; used to send one download confirmation email)
  • Basic operational metadata (generation status, error categories, rate limit signals)

3. Uploaded photos

If you upload a subject or avatar photo:

  • Consent is required before upload
  • Photos are stored privately (not publicly accessible)
  • EXIF location data is stripped
  • Photos are used only to generate an illustrated avatar
  • Photos are deleted within 24 hours (hard maximum)
  • Photos are not used for AI model training (where configurable)

4. What we do not do

  • We do not sell your data
  • We do not send marketing emails
  • We do not create advertising profiles
  • We do not share boards publicly
  • We do not retain board text or prompts in analytics
  • We do not create user accounts

5. Third-party services

We use the following service categories:

  • Payment processing: Stripe (handles card payment and email collection)
  • AI image generation: Provider selected after feasibility spike (configured for no-training posture where available)
  • Hosting, database, and storage: Supabase and Vercel
  • Transactional email: Resend (one post-payment download email only)
  • Analytics: Vercel Analytics (privacy-light, no personal data tracked)

6. Cookies

We use essential cookies for your guest session, credits, and checkout state. We use optional privacy-light analytics cookies if you accept. You can use essential cookies only via the cookie banner.

7. Data retention

  • Uploaded photos: deleted within 24 hours
  • Unpaid previews: deleted within 24 hours
  • Paid clean exports: accessible for 48 hours post-payment, then deleted
  • Session data: expires after 7 days
  • Payment records: retained as required by Stripe and legal obligations
  • Moderation event codes: retained for 30 days (no raw unsafe content)

8. Deletion requests

You can delete your board session from the success page (while your session token is active). This removes uploaded photos, previews, and session data.

For manual deletion requests, email support@heroboards.app with your Stripe receipt or board session details. We aim to respond within 5 business days.

Payment and legal records may be retained as required by law even after session deletion.

9. Contact

For privacy questions or deletion requests: support@heroboards.app