Last updated · 2026-05-01

Privacy Policy

How we collect, use, and protect your data.

Your privacy matters. This policy explains what data we collect, why we collect it, how we use it, and the rights you have over your information.

1. Data we collect

When you buy the boilerplate we receive the order data forwarded by our merchant of record (your name, email and the GitHub username you provide at checkout). Card details and tax information are handled by Polar — they never touch our servers. We also collect standard server logs (IP address, user agent, pages visited) for security and product improvement.

2. How we use your data

To provide and operate the service (auth, billing, notifications), to detect and prevent fraud, to comply with legal obligations, and to improve the product. We never sell your data.

3. Who we share with

We share data with the subprocessors required to deliver your purchase: Polar (merchant of record — handles payment, VAT and invoicing), GitHub (we add your username to our buyers organization so you can clone the repos), Resend (transactional email — your welcome email and any update notifications), and our hosting provider for the landing itself. We do not sell or rent your data, and we only share with other parties when required by law.

4. How long we keep it

Account data is retained while your account is active. Audit logs and invoices are kept for the period required by tax and accounting regulations (typically 7 years). When you delete your account, we anonymize personal information and remove your content within 30 days, unless legally required to retain it.

5. Your rights

You may access, correct, export, or delete your personal data at any time from your account settings, or by emailing us at [email protected]. Residents of the EU/UK have additional rights under GDPR — including the right to object to processing and to lodge a complaint with a supervisory authority.

6. Cookies and tracking

We use a minimal set of essential cookies required for authentication (session and CSRF tokens). We do not use third-party advertising cookies. Optional analytics cookies, if any, are clearly labeled and require explicit consent before being set.

7. Security

We protect your data with TLS in transit, encryption at rest for sensitive fields, two-factor authentication options, audit logging, and a principle of least privilege for internal access. No system is impenetrable, but we treat security as a first-class concern and disclose breaches as required by law.

8. Children

The service is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us at [email protected] and we will delete it.

9. Changes to this policy

We may update this policy as the product evolves. Material changes will be communicated by email or in-app notice at least 14 days before they take effect.

10. Contact

For privacy questions or data requests, email [email protected].