Privacy Policy

Last updated: 11/18/2025

At BoardGen.app, we take your privacy seriously. This privacy policy explains how we collect, use, and protect your personal information when you use our service to generate Notion boards.

Information We Collect

  • Email addresses: We collect your email address when you sign up, use our service, or subscribe to our newsletter. This is used to track usage, manage subscriptions, and communicate with you.
  • Notion integration tokens: If you choose to connect your Notion workspace, we store your Notion integration token (encrypted) to create boards in your workspace. Tokens are stored securely and only used to fulfill your requests.
  • Notion workspace information: We may store your selected Notion workspace name, page IDs, and connection timestamps to provide the service.
  • Project descriptions: When you generate a board, we process your project description through our AI service. This data is used solely to generate your board and is not stored long-term.
  • Usage data: We track the number of boards you create per month to enforce subscription limits and improve our service.
  • Payment information: Payment processing is handled entirely by Stripe. We do not store, process, or have access to your credit card information, billing addresses, or payment details.
  • Technical data: We may collect IP addresses, browser type, device information, and usage patterns for security and service improvement purposes.
  • Communication data: If you contact us, we may store your communications to provide customer support.

How We Use Your Information

  • To provide and improve our service: We use your information to generate boards, connect to your Notion workspace, and deliver the features you request.
  • To process payments and manage subscriptions: We use your email and subscription data to process payments through Stripe and manage your account.
  • To communicate with you: We may send you service-related emails (account updates, subscription confirmations) and, with your consent, marketing emails.
  • To enforce usage limits: We track board creation to ensure compliance with your subscription plan limits.
  • To create Notion boards: We use your Notion integration token to create boards in your workspace as you request.
  • To ensure security: We monitor for unauthorized access, abuse, and security threats.
  • To comply with legal obligations: We may use your data to comply with applicable laws and regulations.
  • For analytics: We analyze aggregated, anonymized usage data to improve our service.

Data Storage and Security

  • Your data is stored securely using Vercel Blob storage, which provides enterprise-grade security and encryption at rest.
  • Notion integration tokens are encrypted using industry-standard encryption (AES-256) before storage. Tokens are never stored in plain text.
  • All data transmission is encrypted using HTTPS/TLS protocols. We enforce HTTPS for all connections.
  • We use industry-standard security practices including: secure authentication, access controls, regular security audits, and monitoring for unauthorized access.
  • Secret keys (Notion API keys, Stripe keys) are stored only in secure environment variables and never exposed to the frontend or in logs.
  • We do not log sensitive data such as Notion tokens, payment information, or full request bodies containing tokens.
  • While we implement strong security measures, no method of transmission or storage is 100% secure. You acknowledge that you provide information at your own risk.
  • In the event of a data breach, we will notify affected users and relevant authorities as required by law.

Third-Party Services and Data Sharing

  • Stripe: We use Stripe for payment processing. Your payment information (credit card numbers, billing addresses) is handled entirely by Stripe according to their privacy policy and security standards. We only receive confirmation of successful payments.
  • MailerLite: We use MailerLite for email marketing communications. Your email address is shared with MailerLite only if you explicitly consent to receive marketing emails. You can unsubscribe at any time.
  • Notion: When you connect your Notion workspace, we interact with Notion's API on your behalf using your integration token. This is governed by Notion's Terms of Service and API Usage Guidelines. We do not share your data with Notion beyond what is necessary to create boards.
  • Vercel: Our hosting provider. Your data is stored on Vercel's infrastructure according to their security practices and data processing agreements.
  • OpenAI: We use OpenAI's API to generate task boards. Your project descriptions are sent to OpenAI for processing but are not stored by OpenAI beyond their standard API logging (typically 30 days).
  • We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
  • We may share data if required by law, to protect our rights, or to prevent fraud or abuse.

Your Rights (GDPR, CCPA, and Other Privacy Laws)

  • Right to Access: You can request a copy of all personal data we hold about you by emailing andrewtbbusiness@gmail.com.
  • Right to Deletion: You can request deletion of your account and all associated data, including your email, Notion tokens, and usage history. Email andrewtbbusiness@gmail.com with 'DELETE MY DATA' in the subject line.
  • Right to Rectification: You can request correction of inaccurate personal data by contacting us.
  • Right to Data Portability: You can request your data in a machine-readable format.
  • Right to Object: You can object to processing of your data for certain purposes, such as marketing.
  • Right to Withdraw Consent: You can withdraw consent for data processing at any time, though this may affect service functionality.
  • Notion Integration: You can disconnect your Notion workspace at any time by removing your token through our service or revoking access in Notion settings.
  • Email Communications: You can unsubscribe from marketing emails at any time using the unsubscribe link in emails or by contacting us. Service-related emails (account updates, billing) cannot be unsubscribed from.
  • California Residents: Under CCPA, you have the right to know what personal information we collect, sell, or disclose. We do not sell personal information.
  • EU Residents: Under GDPR, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.

Cookies, Tracking, and Analytics

  • We use localStorage (not cookies) to store your theme preference and email address locally in your browser. This data never leaves your device.
  • We do not use cookies for tracking or advertising purposes.
  • We may use analytics services (such as Vercel Analytics) to understand how our service is used, but this data is anonymized and does not identify individual users.
  • We do not use third-party advertising networks or tracking pixels.
  • You can disable analytics by adjusting your browser settings, though this may affect some service features.
  • We respect Do Not Track (DNT) browser signals, though our service does not currently respond to DNT signals.

Children's Privacy

  • Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Changes to This Policy

  • We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the 'Last updated' date.
  • You are advised to review this privacy policy periodically for any changes.

Contact Us and Data Requests

  • If you have any questions about this privacy policy or wish to exercise your privacy rights, please contact us at:
  • Email: andrewtbbusiness@gmail.com
  • For data deletion requests, please email with 'DELETE MY DATA' in the subject line and include your account email address.
  • For data access requests, please email with 'DATA ACCESS REQUEST' in the subject line.
  • We will respond to all privacy-related requests within 30 days as required by law.
  • For billing disputes or subscription questions, please contact us at the same email address.

By using BoardGen.app, you agree to this privacy policy. If you do not agree, please do not use our service.

Menu