BabyBoard

Privacy policy

Last updated: May 1, 2026

The short version. BabyBoard collects your email when you sign in and a record of your purchases for accounting. We don't track, don't run analytics, and don't sell anything to anyone. The kiosk app on your Mac doesn't collect any data about your child. You can see, export, or delete your account at any time from your account page.

Who we are

BabyBoard is an indie macOS app distributed at babyboard.app. The website, the API at babyboard.app/api/*, and this policy are operated by the developer of BabyBoard. Contact: support@babyboard.app.

What we collect

From the website / sign-in flow

  • Email address. You provide this when requesting a magic-link sign-in. We use it as your unique account identifier and to send sign-in links + receipts.
  • IP address (transient). Stored alongside magic-link records for abuse triage and rate limiting. Magic-link rows expire and are eligible for deletion 15 minutes after creation; the IP isn't otherwise used.
  • Refresh tokens. A hashed (SHA-256) version of your session refresh token is stored so you can stay signed in for 14 days. We never store the raw token.

From a purchase

  • Purchase records. When you buy Letters & Numbers, we store the Stripe Checkout Session ID, the amount, currency, and status (paid / refunded). We never receive your card details — those go directly to Stripe.

From the macOS app

  • Nothing about your child. Keyboard events, mouse movements, and screen content are processed locally on your Mac and never leave the device.
  • A cached license. After you sign in, a signed 30-day license JWT is stored in your macOS Keychain so the app works offline. It contains your account ID, email, tier, and entitlement list.
  • Mode preference. Whether you picked Sensory Play or Letters & Numbers — kept locally in UserDefaults on the Mac.

What we don't collect

  • No analytics or tracking pixels — anywhere on the site or in the app.
  • No third-party advertising. We don't sell or share data for marketing.
  • No telemetry or usage metrics from the app.
  • No information about your child — not voice, video, behavior, age, or anything else.

Subprocessors

To operate BabyBoard, we use these third-party services:

  • Stripe — processes payments and sends receipts. Stripe sees your card details (we don't), your email, and the purchase amount.
  • Cloudflare — hosts the website (Pages), the API (Workers), the database (D1), the rate-limit cache (KV), and email routing for support@babyboard.app.
  • Resend — sends sign-in / receipt emails.

Each subprocessor receives only what it needs to do its job. We don't ship data to anyone for marketing or analytics.

How long we keep things

  • User account & email: until you delete your account.
  • Magic links: 15 minutes after creation (single-use; expires).
  • Refresh tokens: 14 days (rotated on every refresh; revoked on sign-out).
  • Purchase records: retained after account deletion for accounting and refund records, with the email tombstoned (see below).
  • Server logs: we don't keep request logs beyond Cloudflare's default retention (which the platform uses for abuse / DDoS protection — see Cloudflare's policy).

Your rights

See your data

Visit your account page while signed in. You'll see your email, tier, and unlocked products. For a full export of your data — including purchase history — email support@babyboard.app and we'll send a JSON dump within a reasonable time.

Delete your account

Click "Delete account" on your account page and confirm with your email. Your sign-in is removed immediately and all your refresh tokens are revoked. Your email is replaced with a tombstone (deleted-<id>@deleted.local) so the original address is freed for a future signup. Purchase records are kept (linked by an opaque ID, not by email) for accounting and refund history — required for tax and dispute purposes.

Sign out everywhere

If you've lost a device, click "Sign out of all devices" on your account page. Every refresh token associated with your account is immediately revoked.

Refunds

Email support@babyboard.app within 14 days of purchase for a full refund through Stripe. After 14 days, refunds are evaluated case-by-case.

Children's privacy

BabyBoard is designed for babies and toddlers to interact with — but the account holder is always an adult. We don't knowingly collect any information from children under 13. The kiosk app processes input locally and sends nothing about your child to any server. If a parent or guardian believes we've inadvertently collected child data, contact support@babyboard.app and we'll delete it.

Security

  • Refresh tokens are stored only as SHA-256 hashes; reuse of a rotated token is treated as theft and revokes the entire chain.
  • Stripe webhooks are HMAC-verified with a 5-minute replay window.
  • The macOS app's tokens live in your system Keychain, encrypted at rest by macOS.
  • We don't store payment card details — those go to Stripe directly.

International users

BabyBoard is operated from the United States; data is stored on Cloudflare's global network, which may transfer data internationally. We process EU/UK/Swiss personal data to provide you the service you signed up for (the lawful basis is contractual necessity). Email support@babyboard.app if you have an access, deletion, or portability request and we'll honor it under whichever law (GDPR / UK GDPR / CCPA / etc.) applies.

Changes

If we materially change this policy, we'll update the "Last updated" date above and, for significant changes, send a notice to your account email. Continued use after a change means you accept the updated policy.

Contact

Email support@babyboard.app. We aim to respond within a few days.