Privacy Policy

Last updated: April 15, 2026

1. Introduction

Chitmunk is operated by [YOUR LEGAL ENTITY NAME] ("we," "us," or "our"). This Privacy Policy describes how we collect, use, share, and protect your personal information when you use the Chitmunk web application and related services (the "Service").

By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

For privacy questions or to exercise your rights, contact us at [email protected].

2. The Short Version

Chitmunk is a browser-first application. Your designs, images, and project data are stored locally on your device by default. Data only leaves your browser when you explicitly choose to save to Chitmunk Cloud, sync with Google Drive or OneDrive, use AI image generation, or when you sign in (which requires sending account data to our authentication provider). We collect analytics only with your consent. We do not sell your personal information.

3. Information We Collect

3.1 Information You Provide Directly

Category	Data	Purpose
Account information	Name, email address, profile picture (from Google, Microsoft, Apple, or email sign-in via Clerk)	Authentication, account management, displaying your identity in collaboration
Payment information	Billing name, payment method, transaction history (processed by Stripe via Clerk; we never see or store your full card number)	Processing Pro subscription payments
Cloud project data	Project files (designs, images, fonts, CSV data) that you choose to save to Chitmunk Cloud	Providing cloud storage, sharing, and collaboration features
Collaboration data	Email addresses of people you invite to collaborate; share roles and permissions	Managing project access and sending invitation emails
Communications	Emails you send to us (support requests, feedback)	Responding to your inquiries
AI prompts	Text prompts you enter for AI image generation	Generating images via Cloudflare Workers AI through our API

3.2 Information Collected Automatically

Category	Data	Purpose	Consent Required
Analytics data	Pages viewed, features used, session duration, browser type, OS, screen size, approximate location (country/city, anonymized by Google)	Understanding usage patterns and improving the Service	Yes — only collected if you click "Accept" on the consent banner
Error data	JavaScript error messages, source file, line/column number (sent as GA4 events)	Identifying and fixing bugs	Yes — same consent as analytics
Presence data	Your user ID, cursor position, and selected elements during live collaboration sessions	Enabling real-time collaboration with other users	No — necessary for the collaboration feature you activated
Audit logs	User ID, project ID, action type (save, share, delete), timestamp	Security monitoring and abuse prevention	No — legitimate interest

3.3 Information Stored Locally in Your Browser

The following data is stored in your browser's localStorage and IndexedDB and never leaves your device unless you explicitly save to the cloud or a third-party service:

Project designs, card layouts, and CSV data (autosave and manual saves)
Uploaded images and custom fonts (stored as binary blobs in IndexedDB)
Editor preferences (theme, grid settings, zoom level, recent projects)
Consent choices and tour/onboarding completion status
Third-party credentials you enter (e.g., TheGameCrafter API key)

We have no access to browser-stored data. Clearing your browser data removes it permanently.

4. How We Use Your Information

We use personal information for the following purposes:

Providing the Service: authenticating you, storing and syncing your projects, enabling collaboration and sharing, processing payments
Improving the Service: analyzing aggregate usage patterns (with consent), identifying bugs, developing new features
Communication: sending transactional emails (share invitations, account notifications), responding to support requests
Security: detecting fraud, abuse, and unauthorized access; maintaining audit logs
Legal compliance: complying with applicable laws, responding to lawful requests

We do not use your personal information for advertising, profiling, or automated decision-making. We do not use your content or prompts to train AI models.

5. How We Share Your Information

We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

We share personal information only in these circumstances:

5.1 Service Providers (Data Processors)

We use the following third-party services to operate Chitmunk. Each processes data on our behalf under contractual obligations to protect your information:

Provider	Role	Data Shared	Privacy Policy
Clerk	Authentication, session management, billing	Name, email, profile picture, subscription status	clerk.com/legal/privacy
Stripe (via Clerk)	Payment processing	Billing name, payment method, transaction details, device/behavioral data for fraud prevention	stripe.com/privacy
Cloudflare	Hosting, API infrastructure, cloud storage (Workers, R2, D1, Durable Objects)	Cloud project data, account metadata, IP address (for request routing)	cloudflare.com/privacypolicy
Google Analytics 4	Usage analytics (consent required)	Pages viewed, features used, browser/OS info, anonymized IP, approximate location	policies.google.com/privacy
Resend	Transactional email	Recipient email address, inviter name, project title	resend.com/legal/privacy-policy

5.2 Third-Party Services You Connect

When you optionally connect these services, data flows directly between your browser and the third party:

Service	Data Shared	Your Control
Google Drive & Sheets	Project files, spreadsheet data (via OAuth scopes: `drive.appdata`, `drive.file`)	Revoke access in Google Account settings at any time
Microsoft OneDrive & Excel	Project files, spreadsheet data (via OAuth scope: `Files.ReadWrite`)	Revoke access in Microsoft Account settings at any time
TheGameCrafter	Card artwork, your TGC credentials (stored locally, never on our servers)	Remove credentials from Chitmunk settings at any time
Cloudflare Workers AI	Text prompts (proxied via our API, not stored)	Use is optional; prompts are not retained by us
Google Fonts	Font family names requested (loaded via Google's CDN)	Standard browser request
Iconify	Icon search queries	Standard browser request

5.3 Other Sharing

With collaborators: When you share a project, collaborators can see the project content and your name/email as the owner. During live collaboration, your cursor position and selections are visible to other participants.
Legal requirements: We may disclose information if required by law, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred to the successor entity. We will notify you before your information becomes subject to a different privacy policy.

6. Cookies and Tracking Technologies

6.1 Cookies We Use

Cookie	Provider	Purpose	Duration	Consent Required
`_ga`	Google Analytics	Distinguishes unique visitors	2 years	Yes
`_ga_<ID>`	Google Analytics	Persists session state	2 years	Yes
`__session`, `__client_uat`	Clerk	Authentication session	Session	No (strictly necessary)

6.2 Consent and Control

No analytics cookies are set by default. When you first visit Chitmunk, a consent banner asks whether you accept analytics. If you decline or ignore the banner, no tracking cookies are set and no analytics data is collected.

Accept: GA4 cookies are set; usage data is collected
Decline: No GA4 cookies; no usage data. GA4 Consent Mode v2 may send cookieless pings for aggregate behavioral modeling (no individual tracking)
Revoke consent: Use the Chitmunk menu → Analytics Settings. All GA4 cookies are deleted immediately and future collection stops.

Your consent choice is stored in your browser's localStorage (chitmunk_analytics_consent) and is not sent to our servers.

6.3 Global Privacy Control (GPC)

We honor the Global Privacy Control browser signal. If your browser sends a GPC signal, we treat it as a request to opt out of any sale or sharing of personal information (though we do not sell or share your data for advertising in any case).

7. Data Retention

Data Type	Retention Period
Account data (Clerk)	While your account is active, plus 30 days after deletion request
Payment and billing data (Stripe)	Per Stripe's retention policy and applicable tax/financial regulations (typically 7 years)
Cloud project data (R2/D1)	While your account is active. Deleted within 30 days of account closure, plus additional time for backups to cycle.
Soft-deleted cloud projects (trash)	30 days, then permanently deleted by automated garbage collection
Share invitation data	Pending invites expire after 7 days. Consumed invite metadata retained for audit purposes while the share relationship exists.
Analytics data (GA4)	14 months (Google's automatic deletion), then purged
Audit logs	12 months, then purged
Transactional email records (Resend)	Per Resend's retention policy
Browser-stored data (localStorage, IndexedDB)	Until you clear your browser data; we have no control over this

8. Data Security

We implement reasonable technical and organizational measures to protect your personal information, including:

Encryption in transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
Content-addressed storage: Cloud-stored images use SHA-256 content-addressed hashing
Authentication security: Clerk manages session tokens and JWTs with industry-standard security practices
Payment security: Stripe handles all payment data and maintains PCI DSS Level 1 compliance; we never process or store card numbers
Infrastructure security: Cloudflare provides DDoS protection, WAF, and infrastructure security for our API and storage
Atomic quota enforcement: Server-side controls prevent unauthorized resource usage
Browser sandboxing: Locally stored data benefits from your browser's built-in security sandbox

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

9. International Data Transfers

Our service providers process data in the United States and other countries. When personal data is transferred outside the EU/EEA or UK, we rely on the following safeguards:

EU-US Data Privacy Framework (DPF): Clerk, Stripe, and Resend are certified under the EU-US Data Privacy Framework.
Standard Contractual Clauses (SCCs): Cloudflare provides Data Processing Agreements with Standard Contractual Clauses for international transfers.
Adequacy decisions: Where applicable, transfers are made to countries recognized by the European Commission as providing adequate data protection.

10. Your Privacy Rights

10.1 Rights for All Users

Regardless of where you live, you can:

Access your data: Request a copy of the personal information we hold about you
Export your projects: Use the built-in export feature to download your designs at any time in standard formats (ZIP, PNG, PDF, JSON)
Delete local data: Clear your browser's localStorage and IndexedDB at any time
Control analytics: Opt in or out of analytics via the consent banner or Chitmunk menu → Analytics Settings
Revoke third-party access: Disconnect Google Drive or OneDrive through their respective account settings
Delete your account: Request account deletion by emailing [email protected]

10.2 Additional Rights for EU/EEA/UK Residents (GDPR)

Under the General Data Protection Regulation, you also have the right to:

Rectification: Request correction of inaccurate personal data
Erasure: Request deletion of your personal data ("right to be forgotten")
Restriction: Request restriction of processing of your personal data
Portability: Receive your personal data in a structured, commonly used, machine-readable format
Object: Object to processing based on legitimate interests
Withdraw consent: Withdraw consent at any time without affecting the lawfulness of prior processing
Lodge a complaint: File a complaint with your local data protection supervisory authority

Legal bases for processing (GDPR Article 6):

Processing Activity	Legal Basis
Providing the Service (authentication, storage, collaboration)	Performance of contract (Art. 6(1)(b))
Processing payments	Performance of contract (Art. 6(1)(b))
Analytics and usage tracking	Consent (Art. 6(1)(a))
Security monitoring and audit logs	Legitimate interest (Art. 6(1)(f))
Sending transactional emails (share invitations)	Performance of contract (Art. 6(1)(b))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

10.3 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act provide you with the following rights:

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and the categories of third parties with whom we share it
Right to Delete: Request deletion of your personal information, subject to certain exceptions
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out of Sale/Sharing: We do not sell your personal information or share it for cross-context behavioral advertising
Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

Categories of personal information collected in the preceding 12 months:

CCPA Category	Examples	Sold or Shared for Advertising
Identifiers	Name, email address, account ID	No
Commercial information	Subscription plan, payment history	No
Internet or electronic network activity	Pages viewed, features used (with consent)	No
Geolocation data	Approximate location derived from IP (anonymized, with consent)	No
Audio, electronic, visual information	Profile picture (from SSO provider)	No
Professional or employment-related information	Not collected	N/A
Sensitive personal information	Not collected	N/A

10.4 Additional Rights for Other US State Residents

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights to access, delete, correct, and opt out. We honor these rights for all US residents.

10.5 How to Exercise Your Rights

To submit a privacy request:

Email [email protected] with your request
We will verify your identity using the email address associated with your Chitmunk account
We will respond within 30 days (or 45 days if an extension is needed, with notice)
There is no fee for exercising your rights

You may also designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization.

11. Children's Privacy

Chitmunk is not directed at children under 16. We do not knowingly collect personal information from anyone under 16 years of age. If you are a parent or guardian and believe your child has provided personal information to us, please contact [email protected] immediately. We will promptly investigate and delete any such information.

12. AI-Generated Content

When you use AI image generation features:

Your text prompts are sent to Cloudflare Workers AI via our API to generate images
Prompts are proxied through our Cloudflare Worker for routing purposes but are not stored, logged, or used by us
We do not use your prompts, generated images, or any User Content to train AI models

13. Data Breach Notification

In the event of a data breach that affects your personal information:

We will notify affected users without undue delay via the email address associated with your account
We will notify relevant supervisory authorities within 72 hours as required by GDPR (where applicable)
We will comply with all applicable state and federal breach notification laws
Our notification will describe the nature of the breach, the types of data affected, the measures we have taken, and steps you can take to protect yourself

14. Third-Party Links

The Service may contain links to third-party websites or services (such as TheGameCrafter and Google Drive). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with personal information.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will update the "Last updated" date at the top of this page
We will notify you via email or in-app notification
For significant changes to data collection or sharing practices, we will provide at least 30 days' notice

We encourage you to review this policy periodically. Your continued use of the Service after the updated policy takes effect constitutes your acknowledgment of the changes.

16. Contact Us

Privacy inquiries: [email protected]

General inquiries: [email protected]

Security issues: [email protected]