Privacy Policy

Last Updated: January 15, 2026

1. Introduction

Welcome to Paintboard ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our collaborative whiteboard application and website (collectively, the "Service").

By using Paintboard, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address, display username, and password (encrypted).
  • OAuth Information: If you sign in via Google, Microsoft, or GitHub, we receive your email address, name, and profile picture from the provider.
  • Canvas Content: The drawings, text, shapes, and other content you create on canvases.
  • Communications: Messages you send to us via email or support channels.

2.2 Automatically Collected Information

  • Usage Data: Information about how you interact with the Service, including features used, canvas interactions, and session duration.
  • Device Information: Browser type, operating system, device identifiers, and IP address.
  • Cookies: We use essential cookies for authentication and session management.
  • Log Data: Server logs containing timestamps, request/response data, and error information.

3. How We Use Your Information

We use the collected information for:

  • Service Delivery: To provide, maintain, and improve Paintboard functionality.
  • Authentication: To verify your identity and secure your account.
  • Communication: To send service-related announcements, updates, and security alerts.
  • Analytics: To understand usage patterns and improve user experience.
  • Security: To detect, prevent, and address technical issues, fraud, and abuse.
  • Legal Compliance: To comply with applicable laws and legal obligations.

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

4.2 Service Providers

We may share information with trusted service providers who assist us in operating the Service:

  • Cloud Hosting: For storing application data and canvases.
  • Authentication Providers: Google, Microsoft, and GitHub for OAuth authentication.
  • Payment Processing: Stripe for subscription payments.
  • Email Service: For sending transactional emails.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Canvas Privacy and Sharing

  • Private Canvases: Only you and users you explicitly share with can access private canvases.
  • Shared Canvases: Users with the share link can view and edit shared canvases.
  • Collaboration: When you share a canvas, other users' actions are visible in real-time.
  • Deletion: When you delete a canvas, it is permanently removed from our servers.

6. Data Retention

  • Account Data: Retained while your account is active and for up to 30 days after deletion.
  • Canvas Data: Retained until you delete the canvas or your account.
  • Log Data: Retained for up to 90 days for security and diagnostic purposes.
  • Backup Data: May persist in backups for up to 30 days after deletion.

7. Data Security

We implement reasonable security measures to protect your information:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted password storage (bcrypt hashing)
  • Secure authentication with OAuth 2.0
  • Regular security updates and monitoring
  • Access controls and authentication requirements

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data.
  • Correction: Update or correct inaccurate information in your account settings.
  • Deletion: Delete your account and associated data at any time.
  • Export: Request export of your canvas data.
  • Opt-out: Unsubscribe from marketing communications (if any).

To exercise these rights, contact us at contact@paintboard.io.

9. Children's Privacy

Paintboard is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately at contact@paintboard.io.

10. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your country or jurisdiction where data protection laws may differ. By using Paintboard, you consent to the transfer of your information to our facilities and service providers.

11. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us:

14. GDPR Compliance (For EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time

Legal Basis for Processing:

  • Performance of contract (providing the Service)
  • Consent (OAuth authentication, cookies)
  • Legitimate interests (security, analytics, improvements)

15. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected
  • Know if personal information is sold or disclosed
  • Access your personal information
  • Request deletion of personal information
  • Opt-out of the sale of personal information (we do not sell data)
  • Non-discrimination for exercising your rights
An unhandled error has occurred. Reload 🗙
An error has occurred. This application may no longer respond until reloaded. An unhandled exception has occurred. See browser dev tools for details. Reload 🗙