Privacy Policy

Effective date: April 2025

LeafBound ("we", "us", "our") provides a personal dashboard and public creator page at leafbound.app. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

• Account data: your email address and username, stored when you register.
• Profile data: display name, bio, avatar URL, and social links — only what you enter.
• Links and categories: the links and categories you create in your dashboard.
• Click events: when visitors click links on your public profile, we record the link ID, a hashed IP address, and the timestamp. We do not store full IP addresses.
• Settings: your theme, layout preference, and clock/weather settings.
• Browser storage: we store your session token and theme preference in localStorage on your device. No cookies are set.
• Payment data: handled entirely by Stripe. We never store card numbers, CVVs, or full payment details. We store your Stripe customer ID to manage your subscription.

2. How We Use Your Data

• To authenticate you and provide your dashboard.
• To display your public profile at /u/your-username (if you set it to public).
• To show you click analytics on your links (Premium feature).
• To process subscription payments via Stripe.
• To display weather information using your saved location settings (via OpenWeatherMap).

We do not sell your data. We do not use your data for advertising.

3. Third-Party Services

• Stripe — payment processing. When you upgrade to Premium, you interact with Stripe's checkout directly. Stripe's privacy policy applies.
• OpenWeatherMap — weather widget data. Your saved latitude/longitude is sent to OpenWeatherMap to fetch current conditions. Their privacy policy applies.
• Google Favicons — when you add a link, we automatically fetch a favicon from www.google.com/s2/favicons. The link's domain is sent to Google for this purpose.
• Google Fonts — the M PLUS Rounded 1c typeface is loaded from Google Fonts. Google may log the request.

4. Data Storage & Security

Your data is stored in a SQLite database on a server we control. We use HTTPS for all connections. Passwords are hashed with bcrypt and are never stored in plaintext. JWT tokens used for authentication expire after 7 days.

5. Your Rights

• Export: download all your links, categories, and settings as JSON from Settings → Data.
• Profile visibility: set your profile to Private at any time from Settings to remove it from public view.
• Account deletion: contact us to request deletion of your account and all associated data.

6. Children

LeafBound is not directed at children under 13. We do not knowingly collect personal information from children under 13.

7. Changes to This Policy

We may update this policy from time to time. Continued use of the service after changes are posted constitutes your acceptance of the updated policy.

8. Contact

Questions about this policy? Reach out via the contact information listed on leafbound.app.