Privacy Policy

Last updated: March 4, 2026

ForkBoard ("we", "us", "our") operates forkboard.io. This policy explains what data we collect and how we use it.

1. Data We Collect

Account Data

When you sign up via Supabase Auth (GitHub or Google), we receive your email address, display name, and avatar URL. We store this in your profile.

Card & Blueprint Data

Cards you create are public by default. Private cards (Pro tier) are encrypted at rest using AES-256-GCM. Business data you provide during the AI interview is used to generate your blueprint and is not shared with third parties.

Analytics

We collect anonymous page view and interaction events (page URL, referrer, event type). We hash IP addresses with daily rotation — we track unique visitor counts, not identities. Analytics only fire if you accept cookies via the consent banner.

Payment Data

Payments are processed by Stripe. We never see or store your full card number. We store your Stripe customer ID and subscription status.

2. How We Use Your Data

• Generate and store your AI blueprints
• Process subscription payments
• Measure aggregate usage to improve the product
• Send transactional emails (receipts, account changes)

We do not sell your data. We do not run third-party advertising trackers.

3. Cookies

We use a cookie consent banner. If you accept, we set a fb-cookie-consent localStorage key and enable analytics. If you decline, no analytics events are sent. Essential cookies (authentication session) are always active.

4. Third-Party Services

• Supabase — database and authentication
• Cloudflare — hosting, CDN, and edge computing
• Stripe — payment processing
• Anthropic (Claude) — AI blueprint generation

Each service has its own privacy policy. We only share the minimum data required for each service to function.

5. Your Rights (GDPR / CCPA)

You have the right to:

• Access — request a copy of your data
• Rectification — correct inaccurate data
• Deletion — delete your account and all associated data
• Portability — export your cards as JSON
• Objection — opt out of analytics via the cookie banner

To exercise these rights, email support@forkboard.io.

6. Data Retention

Account data is kept while your account is active. Deleted accounts are purged within 30 days. Anonymous analytics are retained for 12 months.

7. Security

Private card data is encrypted at rest (AES-256-GCM). All traffic is served over HTTPS. Database access is protected by Row Level Security (RLS).

8. Changes

We may update this policy. Material changes will be posted here with an updated date. Continued use after changes constitutes acceptance.

9. Contact

Questions? Email support@forkboard.io.