Cracken Released ("we," "us," or "our") operates Boarderless.app (the "Service"). This Privacy Policy explains how we collect, use, and protect your information when you use our Service. We are committed to transparency and the Principle of Least Privilege.
Our Privacy Posture: User Agency First
Boarderless is built around user agency. We do not inspect your canvas, sniff your private traffic, retain your creative files on our servers, or use content surveillance as a condition of using the app. Our safety boundaries are narrow and technical: we may reject formats or requests that can execute code, abuse our infrastructure, compromise Google Drive integration, or threaten the Service itself. These boundaries are designed to protect accounts and infrastructure without taking custody of your work or policing lawful expression.
1. Information We Collect & Legal Basis
- Authentication: Boarderless.app normally authenticates via Google OAuth. When Google sign-in is unavailable because the OAuth client is not configured or the browser cannot reach Google Identity Services, the app may offer a local Free Mode fallback so users are not locked out of local-only canvas work. Google OAuth sign-in collects only your Google Email address and Google User ID. We never receive, store, or have access to your Google password. Local Free Mode does not collect Google account data and is limited to local browser storage and Free-tier capabilities.
- Payment Data: Subscription upgrades (Personal and Pro tiers) are processed securely by Stripe. We do not store or process your credit card numbers or billing details. Stripe provides us only with payment status metadata (e.g., subscription active, payment failed), which is used solely to determine your tier entitlements.
- Automatically Collected Connection Logs: Our hosting provider (Porkbun Secure Static Hosting) automatically logs standard network details, including your IP address, browser type, and timestamps, to serve the application files securely.
- Anonymous Diagnostics: We may capture anonymous client-side error stack traces and device details (e.g., OS version, WebGL capabilities) solely to troubleshoot performance issues and optimize canvas rendering.
2. Subscription Tiers
Personal, Pro, and contributor Pro elevation require Google OAuth authentication. A local Free Mode fallback may be available for local-only use when Google sign-in is unavailable.
- Free: No charge. The default tier for authenticated users and local Free Mode fallback sessions. Canvas data is stored locally in your browser's IndexedDB.
- Personal: Paid monthly subscription via Stripe. Canvas data is stored locally in your browser's IndexedDB.
- Pro: Paid monthly subscription via Stripe. Includes cloud synchronization directly to your own Google Drive (see §3). We do not host your canvas data.
Tier limits (object counts, undo history, board counts) are enforced client-side as a UX convenience and server-side for features that involve our infrastructure.
3. Google OAuth & Google Drive Scopes
Boarderless.app integrates with Google Drive APIs for Pro-tier cloud synchronization. We follow the strict Principle of Least Privilege:
https://www.googleapis.com/auth/drive.file or drive.appdata). This ensures that the App can only read, write, or access files that it creates itself. We cannot read, modify, or delete any other files, folders, sheets, or photos inside your Google Drive.
- Your Data, Your Drive: Pro-tier synced board files live in your Google Drive, not on our servers.
- No Arbitrary Content Relay: Drive sync and export features are intended to write Boarderless-generated board/export files, not arbitrary executable content supplied by a device. We may block active document/image formats, malformed payloads, or requests that would put unsafe content into a user's Drive through Boarderless.
- Connection Severance: If you disconnect your Google Account or delete your Boarderless.app account, we will sever the OAuth connection. We will not modify or delete files previously synced to your Google Drive; you retain full control over those files in your Google account.
4. Data Storage, Localization, & Retention
- Local Data (Free & Personal): Your canvas layouts, shapes, images, and text are stored locally in your browser's IndexedDB. This data remains on your physical device and is never transmitted to our servers.
- Cloud Data (Pro): Canvas data is synced to your own Google Drive space. We do not store board content on our servers.
- No Traffic Sniffing or Content Retention: We do not intercept, decrypt, or retain the contents of your private app traffic for content review. Standard hosting logs and optional anonymous diagnostics are used for security, reliability, and performance only.
- Account Metadata Retention: Account metadata (your Google Email and Stripe subscription status) is stored securely. If you delete your account, we flag it for deletion and permanently purge it from our systems within thirty (30) days.
5. Your CCPA & GDPR Rights
Depending on your location, you may have the following rights:
- The Right to Know/Access: You can request a summary of the personal data we hold (which is limited to your Google Email and subscription status).
- The Right to Delete: You can delete your account and all associated metadata at any time.
- The Right to Opt-Out: We do not sell or share personal data to third parties for advertising purposes.
6. Contact Information
If you have any questions about this Privacy Policy or your data, you may contact us at:
Cracken Released
Jefferson County, West Virginia, USA