Privacy Policy

Last updated: June 12, 2026

This policy explains what Storeboard (storeboard.dev) collects, why, and what happens to it. Short version: we collect what's needed to run the service, we don't sell your data, and you can ask us to delete everything.

1. What we collect

• Account data. With Google sign-in: your name, email address, and profile picture, as provided by Google. With email sign-up: your email address and a hashed password.
• Project content. The reference screenshots, app screens, and website URLs you upload, plus the assets, briefs, and listing copy generated from them.
• Usage data. Daily counts of generation requests per account, used to enforce rate limits.
• Cookies. Authentication session cookies only. No advertising or cross-site tracking cookies.

2. How we use it

To provide the service: generating your assets, saving your projects so you can return to them, enforcing fair-use limits, and securing accounts. We do not sell your data or use it for advertising.

3. Who processes it

Storeboard runs on a small set of infrastructure providers:

• Convex — database and file storage (your account, projects, and generated assets).
• OpenAI— image generation and analysis. Your uploaded images and prompts are sent to the OpenAI API to produce results. Per OpenAI's API policy, API data is not used to train their models by default.
• Vercel — application hosting.
• Google — sign-in, if you choose Google authentication.

When you provide a website URL, our server fetches that page's public HTML to read titles, descriptions, and brand colors. We don't crawl beyond the URL you give us.

4. Retention and deletion

Your projects and generated assets are kept so you can come back to them. Usage counters are kept per day. To delete your account and all associated data, email gboyega.ofi@gmail.comfrom your account email — we'll confirm deletion within 30 days.

5. Your rights

Depending on where you live (for example, under GDPR or CCPA), you may have rights to access, correct, export, or delete your personal data, and to object to certain processing. Email us and we'll honor them.

6. Security

Traffic is encrypted in transit (HTTPS). Sessions use signed tokens. Passwords are hashed. API routes require authentication and are rate-limited. No system is perfectly secure, but we keep the surface small.

7. Children

The service is not directed at children under 13, and we don't knowingly collect their data.

8. Changes

If this policy changes materially, we'll update the date above and note it in the app.

9. Contact

Privacy questions: gboyega.ofi@gmail.com.