Legal

Privacy Policy

Last updated: 25 April 2026

This Privacy Policy explains how OnboardUI ("we", "us", "our") collects, uses, and protects your personal data when you use our Service. We are committed to handling your data responsibly and in accordance with applicable data protection laws, including the UK GDPR.

1. Data We Collect

Account data: When you register, we collect your email address and, if provided, your name and avatar (via OAuth providers such as Google).

Project data: We store the onboarding projects, screens, and components you create using the Service.

Uploaded assets: Images and icons you upload are stored in our cloud storage.

Billing data: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your full card details - Stripe handles all payment data. We store your Stripe customer ID and subscription status.

Usage data: We may collect basic usage information such as pages visited and features used, to improve the Service.

GitHub connection: If you connect your GitHub account, we store an access token and your GitHub username to enable the push-to-GitHub feature. This is optional and can be revoked at any time.

2. How We Use Your Data

We use your data to:

  • Provide and operate the Service
  • Process payments and manage your subscription
  • Send transactional emails (account confirmation, billing receipts, important service notices)
  • Respond to support requests
  • Improve and develop the Service
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your data for advertising purposes.

3. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase - database, authentication, and file storage
  • Stripe - payment processing
  • Vercel - hosting and infrastructure
  • GitHub - optional OAuth login and code export

Each of these providers has their own privacy policy governing how they handle data. We only share data with them to the extent necessary to provide the Service.

4. Data Retention

We retain your account data and project data for as long as your account is active. If you close your account, we will delete your personal data within 90 days, except where we are required to retain it for legal or regulatory reasons (such as billing records).

5. Your Rights

Under UK GDPR, you have the right to:

  • Access - request a copy of the personal data we hold about you
  • Rectification - ask us to correct inaccurate data
  • Erasure - ask us to delete your personal data
  • Portability - receive your data in a structured, machine-readable format
  • Objection - object to certain uses of your data
  • Restriction - ask us to limit how we use your data in certain circumstances

To exercise any of these rights, contact us at hello@onboardui.com. We will respond within 30 days.

6. Cookies

We use essential cookies to keep you logged in and maintain your session. We do not use tracking or advertising cookies. No third-party analytics cookies are set without your consent.

7. Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, loss, or disclosure. All data is transmitted over HTTPS and stored encrypted at rest. However, no system is completely secure and we cannot guarantee absolute security.

8. Children

The Service is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice. The date at the top of this page reflects when it was last updated.

10. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at hello@onboardui.com.