The Operators of Boarderless.app ("we," "us," or "our") operate the Service. This Privacy Policy explains how we collect, use, and protect your information when you use our Service. We are committed to transparency and the Principle of Least Privilege.

Our Privacy Posture: User Agency First

Boarderless is built around user agency. We do not inspect your canvas, monitor your app traffic, retain your creative files on our servers, or employ content surveillance systems as a condition of using the app. Our safety boundaries are narrow and technical: we may reject formats or requests that can execute code, abuse our infrastructure, compromise Google Drive integration, or threaten the Service itself. These boundaries are designed to protect accounts and infrastructure without taking custody of your work or policing lawful expression.

1. Information We Collect & Legal Basis

2. Cookies & Tracking Technologies

Boarderless uses minimal tracking technologies to run the Service:

2A. Optional Ai Provider Connections

The Ai Partner can connect directly from your browser to Google Gemini, OpenAI, Anthropic Claude, Z.AI/GLM, a local model, or another OpenAI-compatible endpoint that you choose. This connection is optional and begins only when you select a provider, supply any required API key, and submit an Ai Partner request.

3. Subscription Tiers

Free Canvas does not require an account. Personal and Pro subscriptions require a deliberate Google sign-in before Stripe Checkout. Pro users may separately choose to connect Google Drive.

Tier limits (object counts, undo history, board counts) are enforced client-side as a UX convenience and server-side for features that involve our infrastructure.

4. Google OAuth & Google Drive Scopes

Boarderless.app integrates with Google APIs for Pro-tier cloud synchronization and authentication. We follow the strict Principle of Least Privilege:

🔒 Google Drive Least Privilege Commitment: We request only narrow, app-specific access scopes:
  • https://www.googleapis.com/auth/drive.file: To read, write, and access only the specific files created or opened by the Boarderless application.
  • https://www.googleapis.com/auth/drive.appdata: To store app-specific configuration files in a secure, hidden application data folder.
  • openid, https://www.googleapis.com/auth/userinfo.email, and https://www.googleapis.com/auth/userinfo.profile: To verify your identity and check subscription entitlement status.
We cannot read, modify, or delete any other files, folders, sheets, or photos inside your Google Drive.

5. Data Storage, Localization, & Retention

6. Security & Data Breach Notifications

While we store minimal personal data (restricted to account metadata such as Google Email and subscription status), we take security seriously. In the unlikely event of a security breach compromising this metadata, we will notify affected users via email within the timelines required by applicable law.

7. Children's Privacy

Our Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13.

8. Your CCPA & GDPR Rights

Depending on your location, you may have the following rights:

To exercise these rights, you may contact us through the contact form on our website.

9. Changes to this Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last Updated" date at the top of this document.

10. Contact Information

If you have any questions about this Privacy Policy or your data, you may contact us through the contact form on our website.

*(Note: Legal structure updates will be published here upon LLC formation.)*