Privacy

Local-first, with clear account boundaries.

Effective date: 2026-05-20

Local browser use stays private by default. Account, Prism cloud, and paid features add server-backed data only when you choose to use them.

In one paragraph

RetroBeads is local-first. Image conversion, palette matching, local project storage, and PDF export run in your browser by default. When you create an account, RetroBeads stores the account and cloud data needed to provide that account-backed service. The marketing site at retrobeads.app may use Cloudflare Web Analytics for aggregate page views. We do not sell personal data, run ad pixels, or use session replay.

What stays in your browser

  • Local-only source images, conversion work, projects, and preferences.
  • Local backups, local imports, and client-side PDF exports.
  • Your theme choice on this site, stored in localStorage.

What account and cloud features may store

When you use account or Prism features, they may store:

  • Your account identifier, email address, session data, and provider metadata through Supabase Auth.
  • Privacy, Terms, and account-age acknowledgement versions with acceptance time.
  • Cloud project metadata, derived pattern data, and a capped normalized working source asset when you choose cloud sync.
  • Security, rate-limit, and operational logs needed to run the service and reduce abuse.
  • Billing and entitlement records if you buy a paid feature through a Merchant of Record.

What we avoid

  • No sale of personal data.
  • No ad pixels, heatmaps, fingerprinting, or session replay.
  • No server-side conversion of your images in the planned account flow.
  • No retention of original full-resolution uploads as cloud originals.
  • No app-side analytics unless a later policy update says exactly what changed.

Marketing site measurement

When enabled, this marketing site loads a single Cloudflare Web Analytics beacon that records aggregate page views and country. It does not set cookies or follow you across sites. Direct visits to the app, installed PWA launches, offline use, and blocked beacons may not appear in any report.

Providers we use

RetroBeads uses Cloudflare for hosting, Turnstile bot checks, analytics on the marketing site, and private cloud file storage. Account data uses Supabase. Paid features use a Merchant of Record and secure payment provider for checkout, payment, tax, receipts, and cancellation flows.

Your choices and rights

You can use RetroBeads locally without an account. With an account, you may request access, export, correction, or deletion of account-backed data. Cloud projects and normalized source assets are deleted with the project or account unless a legal retention rule applies. Billing records may need limited retention for tax, refund, dispute, and accounting reasons.

Questions

Reach the maintainers through the project channel that brought you to RetroBeads. A dedicated support and data-request contact will be published before public account collection opens broadly.