Legal

Privacy Policy

Last updated: April 29, 2026

Applies to: BoardSnap iOS app and boardsnap.ai

This is the plain-language version. We wrote it so a human can read it in one sitting. If anything below is unclear, email [email protected] and we'll explain.

1. Who we are

BoardSnap is built and operated by Jack Brandt, a solo developer based in Detroit, Michigan, USA. "BoardSnap," "we," "us," and "our" all refer to this one-person company. You can reach us at [email protected].

2. What data we collect

Account data

When you sign in with Apple or Google, we receive your email address, your name (if you choose to share it), and your profile photo. You may also sign in with a magic-link email — in that case we only store your email. We do not store passwords.

User content

Whiteboard photos you capture or upload
Chat messages you type to BoardSnap's AI
Project names, brand descriptions, and website URLs you paste in
Action items and their completion state (todo / in-progress / done)
Meeting transcripts and the structured notes BoardSnap generates from them (added in version 1.0.4 — see "Meeting recordings" below)
Free-form feedback messages you submit through the in-app "Send Feedback" overlay

Meeting recordings (added in version 1.0.4)

BoardSnap can record meetings on your iPhone and turn them into structured notes (a feature called "Meeting SparkNotes"). The recording and transcription happen entirely on your device, using Apple's built-in on-device speech recognition. Specifically:

Audio is never transmitted off your device. The microphone is only active while you've explicitly tapped Record. The audio is transcribed locally by Apple's SFSpeechRecognizer in on-device mode. We do not upload audio bytes to BoardSnap servers, to Apple, or to any third party. We do not retain a copy of the audio after transcription completes.
The transcript text and the meeting duration in seconds are uploaded to BoardSnap's servers, where BoardSnap's AI converts the transcript into structured notes — summary, key takeaways, action items. This is the same flow we use for board photos and chat messages and is covered by the same "AI and data processing" terms in Section 4 below.
You control whether the feature runs at all. Microphone and Speech Recognition permissions are requested by iOS the first time you tap Record. You can revoke either permission at any time in Settings → BoardSnap on your iPhone, which disables Meeting SparkNotes without affecting any other feature.

Usage data

We measure how the app is used so we can improve it: which screens you view, which buttons you tap, which features you adopt, approximate geolocation derived from your IP address (city-level, not GPS), and device info (model, iOS version, timezone). This is collected through PostHog — see Section 4.

Payment data

If and when paid subscriptions are enabled, all payments are processed by Apple through the App Store. We never see your card number or billing address. Apple tells us only whether your subscription is active.

3. How we use data

To run the app's core features — saving your boards, generating summaries and action items, powering chat responses, and keeping your projects organized.
To improve the product — aggregate usage analytics, crash reports, and performance metrics. We look at patterns across all users, not individual sessions.
To communicate with you — transactional emails (account confirmations, password resets, billing receipts) sent via Resend. No marketing emails unless you explicitly opt in.

4. AI and data processing

BoardSnap's AI features (summaries, action items, chat) run on enterprise AI infrastructure we contract with — currently Anthropic (Claude), named in the sub-processor list below. We integrate that infrastructure into BoardSnap's product surface; we do not resell raw access to it. We do not sell your data. We do not share data for advertising.

AI-specific disclosure

What gets sent. When you capture a whiteboard, send a chat message, or finish a meeting recording, the image, transcript, or text is transmitted to BoardSnap's servers and forwarded to our AI processing provider (Anthropic). The AI output is returned to your device and saved to your account.

Not used to train AI models. Per Anthropic's enterprise API terms, content sent through our API contract is not used to train their models. Every other infrastructure provider we rely on (listed below) is contractually bound to the same restriction.

How to opt out. You can revoke AI consent at any time from App Settings → Privacy & AI → Revoke AI Consent. Declining AI consent disables BoardSnap's core AI features (summaries, action items, chat), but your non-AI data (account, projects, stored photos) remains accessible and editable.

Every third party we share data with

Supabase (database, storage, and edge functions) Hosts your boards, photos, account data, and auth tokens in US-region Postgres and object storage. See supabase.com/privacy.
Anthropic (AI processing) Whiteboard photos, the text of chat messages you send, meeting transcripts produced on your device, and any brand-context URL content we fetch are forwarded to Anthropic's Claude API to generate summaries, action items, and chat responses. Content is not used to train Anthropic's models — that is contractually guaranteed by Anthropic's enterprise API terms. See anthropic.com/legal/privacy.
Replicate (avatar generation) If you generate a custom avatar, the text prompt you provide is sent to Replicate. No board photos or chat messages are sent to Replicate. See replicate.com/privacy.
PostHog (product analytics) Usage events — screen views, button clicks, feature adoption — are sent to our self-managed PostHog Cloud EU workspace. We do not send message text, board photos, or other sensitive content to PostHog. See posthog.com/privacy.
Resend (transactional email) Your email address and the body of any email we send you (account confirmations, magic-link sign-in, billing receipts), plus the body of any feedback message you submit through the in-app "Send Feedback" overlay (forwarded to BoardSnap's founder email with reply-to set to your account email so we can respond). Feedback messages are not used for AI training. See resend.com/legal/privacy-policy.
Apple (payments, sign-in, distribution) App Store purchases, Sign in with Apple, and app delivery are handled by Apple. See apple.com/privacy.
Cloudflare (website + CDN) Hosts boardsnap.ai and serves static assets. Cloudflare keeps standard web-server access logs (IP, user agent, timestamp) for abuse prevention.

We do not sell your data. We do not share data with advertisers. We do not use your content to train AI models, and our vendors have contractually agreed not to either.

5. Data retention

Account data — retained until you delete your account.
Boards, photos, chats, and action items — retained until you delete them individually or delete your account.
Analytics events — rolling 12-month window, then deleted.
Database backups — 30 days, then overwritten.

When you delete your account, we delete your user row, your projects, boards, photos, chat history, and action items from our primary database within 24 hours. Backups containing deleted data are purged within 30 days.

6. Your rights (GDPR, CCPA, and similar laws)

Regardless of where you live, you have these rights over your BoardSnap data:

Access your data — email [email protected] and we'll send you a copy within 30 days.
Delete your account and data — in the app: Settings → Account → Delete Account. Or email us.
Correct or update data — in the app: Settings → Edit Profile, or edit any board / project / action item directly.
Revoke AI consent — in the app: Settings → Privacy & AI → Revoke AI Consent.
Opt out of analytics — a toggle at Settings → Privacy & AI → Disable Analytics is being added in a future release. Until it ships, email us and we'll disable analytics for your account manually.
Data portability — export via the access request above.
Lodge a complaint — if you're in the EU/UK, you can complain to your local data protection authority. We'd rather you email us first so we can fix whatever went wrong.

7. Security

Data in transit — TLS 1.3 for every request to our servers and to third-party APIs.
Data at rest — encrypted at the storage layer by Supabase (AES-256).
Authentication — Sign in with Apple, Google OAuth, and optional magic-link email. We never store passwords.
Access control — only the founder has production database access. All access is logged.

No system is 100% secure. If we ever discover a breach that affects you, we will notify you by email and in-app banner within 72 hours of confirming it.

8. Children

BoardSnap is not directed at children under 13, and we do not knowingly collect data from children under 13. If you believe a child under 13 has created a BoardSnap account, email us and we'll delete it.

9. Changes to this policy

If we change this policy in a way that meaningfully affects you — for example, adding a new third-party vendor, expanding the data we collect, or changing how we use AI — we'll notify you by email and through an in-app banner before the change takes effect. For minor edits (typos, clarifications), we'll just update the "Last updated" date at the top of this page.

10. Contact

Questions, requests, or complaints: [email protected]. A real human (Jack) reads every one.