BOARDBLOOM PRIVACY POLICY

Last Updated: February 9, 2026

1. INTRODUCTION

Welcome to BoardBloom ("we," "our," or "us"). BoardBloom is a web application that allows users to transform their Pinterest boards into customizable vision boards. We are committed to protecting your privacy and being transparent about how we collect, use, and share your information.

This Privacy Policy explains how BoardBloom collects, uses, discloses, and safeguards your information when you use our web application and services (collectively, the "Service"). Please read this Privacy Policy carefully. By accessing or using our Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

BoardBloom is an independent application and is not affiliated with, endorsed by, or sponsored by Pinterest, Inc. Our use of Pinterest's services is governed by Pinterest's Terms of Service and Developer Policy, which we strictly adhere to.

2. INFORMATION WE COLLECT

2.1 Information You Provide to Us

When you register for an account or use our Service, we collect the following information:

• Account Information: Email address, password (encrypted), nickname or username
• Profile Information: Optional profile picture, bio, user preferences
• Payment Information: If you subscribe to our paid plans, we collect payment information through our third-party payment processor Stripe. We do not store your credit card information on our servers.
• Vision Board Content: Titles, custom text, folder names, and organizational preferences for your created vision boards
• Communications: If you contact us for support, we collect your name, email address, and the content of your messages

2.2 Information We Collect from Pinterest

When you connect your Pinterest account to BoardBloom or provide us with a Pinterest board URL, we access and temporarily process the following information from Pinterest in accordance with Pinterest's API Terms of Service and Privacy Policy:

• Public Board Data: Board titles, descriptions, and metadata from publicly accessible Pinterest boards you provide URLs for
• Pin Images: Image URLs and thumbnails from pins on the boards you wish to convert
• Pin Metadata: Pin titles, descriptions (if public), and image dimensions
• Board Statistics: Number of pins

IMPORTANT LIMITATIONS:

• We ONLY access Pinterest boards that you explicitly provide to us via URL or through OAuth authorization
• We DO NOT access your private Pinterest boards unless you explicitly grant us permission through Pinterest's OAuth flow
• We DO NOT access, store, or process any Pinterest data beyond what is necessary to generate your vision board
• We DO NOT have access to your Pinterest password or login credentials
• We DO NOT collect information about your Pinterest followers, following, or personal Pinterest activity
• We DO NOT scrape or crawl Pinterest's platform beyond authorized API usage

2.3 Pinterest OAuth Authorization

If you choose to connect your Pinterest account through OAuth (optional feature for accessing private boards):

• We request limited permissions only: read access to your boards and pins
• You can revoke BoardBloom's access to your Pinterest account at any time through your Pinterest settings at pinterest.com/settings/apps
• We do not post, create, delete, or modify any content on your Pinterest account
• We only use your Pinterest data to generate vision boards you explicitly request
• OAuth tokens are stored encrypted in our database and are automatically invalidated after 60 days of inactivity or upon your request

2.4 Automatically Collected Information

When you use our Service, we automatically collect:

• Device Information: IP address, browser type, operating system, device type
• Usage Data: Pages visited, features used, time spent on the Service, referral sources
• Cookies and Tracking Technologies: We use cookies, local storage, and similar technologies to enhance your experience (see Section 9)
• Analytics Data: We use PostHog and Google Analytics to understand how users interact with our Service

2.5 Information from Third-Party Services

• Cloudinary: We use Cloudinary to host and optimize images. When you upload or generate images, they are stored on Cloudinary's servers
• Stripe: For payment processing, Stripe collects and processes your payment information in accordance with their Privacy Policy
• OAuth Providers: If you sign in with Pinterest, we receive your email address or username

3. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

3.1 To Provide and Maintain Our Service

• Create and manage your BoardBloom account
• Generate vision boards from Pinterest board URLs you provide
• Store and organize your created vision boards and folders
• Process image transformations and exports
• Provide customer support and respond to your inquiries

3.2 Pinterest Data Processing

• Fetch and temporarily cache Pinterest board data to generate your vision boards
• Extract color palettes and analyze image layouts for template recommendations
• Optimize Pinterest images for display and export in your vision boards

Note: Pinterest data is processed temporarily in our system (cached for up to 1 hour in Redis) and is NOT permanently stored in our database unless incorporated into a vision board you choose to save.

3.3 To Improve Our Service

• Analyze usage patterns to improve features and user experience
• Conduct research and development for new features
• Monitor and analyze trends, usage, and activities
• Debug technical issues and ensure Service security

3.4 To Communicate with You

• Send you account-related notifications and updates
• Respond to your comments, questions, and support requests
• Send marketing communications (with your consent, and you may opt-out at any time)
• Notify you about changes to our Service or policies

3.5 To Ensure Security and Prevent Fraud

• Detect, prevent, and address technical issues, fraud, and security vulnerabilities
• Enforce our Terms of Service and comply with legal obligations
• Protect the rights, property, and safety of BoardBloom, our users, and the public

3.6 For Legal Compliance

• Comply with applicable laws, regulations, and legal processes
• Respond to lawful requests from public authorities

4. PINTEREST DATA HANDLING AND COMPLIANCE

4.1 Compliance with Pinterest Policies

BoardBloom strictly complies with Pinterest's Developer Policy, API Terms of Service, and Privacy Policy. We commit to:

• Attribution: We clearly attribute all Pinterest content and provide links back to the original Pinterest boards where applicable
• No Spam or Abuse: We do not engage in any spamming, scraping, or abusive practices on Pinterest's platform
• Respect User Privacy: We only access Pinterest data that users explicitly authorize us to access
• Data Minimization: We only collect and process the minimum amount of Pinterest data necessary to provide our Service
• No Unauthorized Use: We do not use Pinterest data for any purpose other than generating vision boards as requested by users
• Compliance with Changes: We promptly update our practices to comply with any changes to Pinterest's policies

4.2 Pinterest Data Retention

• Temporary Caching: Pinterest board data is cached in Redis for up to 1 hour to improve performance and reduce API calls
• Vision Board Storage: If you save a vision board, the images from Pinterest are stored on Cloudinary as part of your exported vision board file. These are derivative works you create, not raw Pinterest data
• No Raw Data Storage: We do NOT store raw Pinterest board data, pin metadata, or user information in our permanent database
• Cache Deletion: Cached Pinterest data is automatically deleted after 1 hour or when you delete your associated vision board

4.3 User Rights Regarding Pinterest Data

• You can request deletion of any vision boards containing Pinterest-sourced images at any time
• You can revoke BoardBloom's access to your Pinterest account through Pinterest settings
• You can request a copy of what Pinterest data we have temporarily cached (though this is typically expired within 1 hour)

4.4 Pinterest's Rights

We acknowledge that:

• Pinterest retains all rights to content on their platform
• Users must comply with Pinterest's Terms of Service when using BoardBloom
• Pinterest may revoke our API access at any time, which may affect Service functionality
• Users are responsible for ensuring they have the right to use Pinterest content in their vision boards

5. HOW WE SHARE YOUR INFORMATION

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

5.1 With Service Providers

We share information with third-party service providers who perform services on our behalf:

• Cloudinary: Image hosting and optimization (stores exported vision board images)
• Railway/Vercel: Cloud hosting and infrastructure
• PlanetScale: Database hosting (stores user accounts, vision board metadata)
• Upstash/Redis Cloud: Caching and session management (temporarily stores Pinterest data)
• Stripe: Payment processing for subscriptions
• PostHog/Google Analytics: Analytics and usage tracking
• Sentry: Error tracking and monitoring
• SendGrid/Resend: Transactional email delivery

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 With Pinterest

We share the following information with Pinterest when you use our Service:

• API requests containing board URLs you provide
• OAuth tokens when you authorize access to private boards
• Usage metrics as required by Pinterest's Developer Policy

We do NOT share your BoardBloom account information, email address, or any other personal data with Pinterest beyond what is necessary for API authentication.

5.3 For Legal Reasons

We may disclose your information if required by law or if we believe it is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Protect the rights, property, or safety of BoardBloom, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

If BoardBloom is involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service before your information is transferred and becomes subject to a different Privacy Policy.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. DATA RETENTION

6.1 Account Data

• We retain your account information for as long as your account is active or as needed to provide you the Service
• If you delete your account, we will delete your personal information within 30 days, except where retention is required by law

6.2 Vision Board Data

• Vision boards you create are stored indefinitely until you delete them
• Deleted vision boards are permanently removed from our systems within 30 days
• Exported images on Cloudinary are deleted when you delete the associated vision board

6.3 Pinterest Data

• Cached Pinterest board data is automatically deleted after 1 hour
• OAuth tokens are deleted immediately upon account deletion or when you revoke access through Pinterest

6.4 Backup Data

• Backup copies of deleted data may persist for up to 90 days in our backup systems for disaster recovery purposes, then are permanently deleted

6.5 Aggregated Data

• We may retain anonymized, aggregated data indefinitely for analytics and improvement purposes. This data cannot be used to identify you.

7. DATA SECURITY

We implement appropriate technical and organizational security measures to protect your information:

7.1 Encryption

• All data transmitted between your device and our servers is encrypted using TLS 1.3
• Passwords are hashed using bcrypt with 12 salt rounds
• Database connections are encrypted
• JWT tokens are signed and verified cryptographically

7.2 Access Controls

• Access to user data is restricted to authorized personnel only
• Multi-factor authentication is required for administrative access
• Regular security audits and penetration testing

7.3 Infrastructure Security

• Servers are hosted in secure data centers with physical security measures
• Regular security patches and updates
• Firewall and DDoS protection
• Automated backup systems

7.4 Pinterest Data Security

• OAuth tokens are encrypted at rest
• Pinterest API keys are stored in environment variables, not in code
• Cached Pinterest data in Redis is protected by authentication and encrypted connections

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights:

8.1 Access and Portability

• Request access to the personal information we hold about you
• Request a copy of your data in a portable format (JSON or CSV)

8.2 Correction

• Update or correct inaccurate or incomplete information through your account settings or by contacting us

8.3 Deletion

• Request deletion of your account and associated data
• Delete individual vision boards or folders at any time

8.4 Objection and Restriction

• Object to processing of your personal information for certain purposes
• Request restriction of processing in certain circumstances

8.5 Withdraw Consent

• Withdraw consent for marketing communications at any time
• Revoke Pinterest OAuth access through Pinterest settings or BoardBloom settings

8.6 Data Portability

• Export your vision boards at any time through our dashboard
• Request a complete data export by contacting support@boardbloom.app

8.7 Complaints

• Lodge a complaint with your local data protection authority if you believe we have violated your privacy rights

To exercise any of these rights, contact us at privacy@boardbloom.app. We will respond within 30 days.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 What We Use

• Essential Cookies: Required for authentication, session management, and core functionality (cannot be disabled)
• Analytics Cookies: PostHog and Google Analytics to understand usage patterns (can be disabled)
• Preference Cookies: Remember your settings and preferences (can be disabled)
• Local Storage: Store draft vision boards and offline data for PWA functionality

9.2 Your Choices

You can control cookies through your browser settings. Note that disabling essential cookies may affect Service functionality. You can opt out of analytics tracking through our cookie consent banner or your account settings.

9.3 Do Not Track

Our Service does not respond to Do Not Track (DNT) signals. You can control tracking through cookie settings and browser preferences.

10. CHILDREN'S PRIVACY

BoardBloom is not intended for children under 13 years of age (or under 16 in the EU). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it immediately. If you believe we have collected information from a child, contact us at privacy@boardbloom.app.

11. INTERNATIONAL DATA TRANSFERS

BoardBloom is operated in the United States. If you access our Service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For EU/EEA Users: We rely on Standard Contractual Clauses approved by the European Commission for data transfers. By using our Service, you consent to the transfer of your information to countries outside the EU/EEA.

12. CALIFORNIA PRIVACY RIGHTS (CCPA)

If you are a California resident, you have the following rights:

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

To exercise these rights, email privacy@boardbloom.app

13. EUROPEAN PRIVACY RIGHTS (GDPR)

If you are in the EU/EEA, you have rights under the General Data Protection Regulation (GDPR):

• Legal Basis for Processing: We process your data based on contract performance, legitimate interests, and consent
• Data Protection Officer: Contact our DPO at dpo@boardbloom.app
• Right to Lodge Complaint: You can complain to your local supervisory authority
• Automated Decision-Making: We do not use automated decision-making or profiling

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the new Privacy Policy on this page with an updated "Last Updated" date
• Sending an email notification to the address associated with your account
• Displaying a prominent notice on our Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

15. THIRD-PARTY LINKS AND SERVICES

Our Service may contain links to third-party websites, including Pinterest. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

• Pinterest's Privacy Policy: https://policy.pinterest.com/privacy-policy
• Pinterest's Terms of Service: https://policy.pinterest.com/terms-of-service
• Pinterest Developer Policy: https://developers.pinterest.com/terms/

16. CONTACT US

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

For Pinterest-specific data requests or concerns, you may also contact Pinterest directly through their privacy center: https://help.pinterest.com/privacy

17. CONSENT

By using BoardBloom, you consent to this Privacy Policy and our collection, use, and sharing of your information as described herein. If you do not agree, please do not use our Service.