Social Boards Live! — Legal

Privacy Policy

Privacy Policy

Last updated: June 18, 2026

This Privacy Policy ("Policy") explains how Anthro Beacon ("Company," "we," "us," or "our") collects, uses, discloses, stores, retains, and protects personal data when you access or use Social Boards Live! (the "Service"), including the Social Boards Live! website, Progressive Web App (PWA), application programming interfaces (APIs), and related features and services.

By accessing or using the Service, you acknowledge that you have read and understood this Policy. Where required by applicable law, your use of the Service, your acceptance of a cookie banner, or your submission of information through the Service constitutes your consent to the collection and processing of personal data as described in this Policy. This Policy is incorporated by reference into our Terms and Conditions.

1. Scope of This Policy

This Policy applies to personal data processed through the Service in connection with:

  • account registration, authentication, and profile management;
  • board creation, configuration, management, and delivery;
  • greetings submissions, survey invitations and responses, invoice workflows, gallery workflows, portfolio/public profile features, and newsletter tools;
  • store credit transactions and payment processing;
  • transactional, operational, and support communications;
  • security, fraud prevention, abuse detection, and platform administration.

This Policy does not apply to third-party websites, applications, services, or content that may be linked from the Service.

2. Roles Under Data Protection Law

Depending on how the Service is used, the Company may act as a:

  • Controller when we determine the purposes and means of processing personal data for our own operational, security, legal, billing, and support purposes;
  • Processor / Service Provider when we process personal data on behalf of a board owner or account holder for the purpose of providing the Service;
  • Independent Business when we collect and use personal data for our own compliance, fraud prevention, analytics, or business administration purposes.

Where you create or manage boards, you may also act as an independent controller with respect to personal data that you collect through your boards. In that case, you are responsible for ensuring that your own collection and use of such data complies with applicable law.

3. Personal Data We Collect

We collect only the personal data that is reasonably necessary to operate the Service, provide requested features, secure the platform, comply with law, and support our users.

3.1 Account and Profile Data

When you register or manage an account, we may collect:

  • email address;
  • authentication identifier, including OAuth provider identifiers where applicable;
  • display name and, where provided, legal name fields;
  • profile avatar URL;
  • locale, language preference, and timezone;
  • optional phone number;
  • marketing communication preferences and consent status.

3.2 Board and Workspace Data

When you create or manage boards, we may collect:

  • board title, summary, slug, type, visibility, status, and delivery schedule settings;
  • collaborator, member, and role assignments;
  • invitation records and access token settings;
  • moderation state, review history, and board activity metadata.

3.3 Greetings and Contributor Data

For Greetings Boards, we may process:

  • messages, signatures, and other text contributions;
  • photographs, GIFs, stickers, and other media uploaded by contributors;
  • sender-identifying information if provided;
  • recipient names and email addresses for managed delivery;
  • invitation delivery status, timestamps, and access metadata.

3.4 Survey Data

For Survey Boards, we may process:

  • survey questions, question types, and configuration data;
  • invitation metadata, delivery status, and timestamps;
  • submitted survey responses;
  • IP address signals and per-invitation participant tracking used for anti-abuse and deduplication.

3.5 Invoice Data

For Invoice Boards, we may process:

  • invoice number, issue date, due date, currency, status, and lifecycle timestamps;
  • line items, descriptions, quantities, prices, taxes, and discounts;
  • client name, email, company, and other client details entered by the board owner;
  • payment records manually entered by the board owner, including amount, method, and reference identifiers.

3.6 Portfolio and Public Profile Data

For public profile or portfolio features, we may process:

  • display name, title, summary, experience, education, skills, certifications, projects, and similar resume-style data;
  • profile photo and optional video URL;
  • publication status and visibility settings.

Information you choose to publish to a public profile or public board may be visible to anyone with access to the internet.

3.7 Communications and Support Data

When you contact us through the Service or by other means, we may process:

  • the content of your messages and inquiries;
  • thread metadata, timestamps, and read status;
  • correspondence records maintained for support, dispute resolution, safety, and service improvement.

3.8 Device, Log, and Security Data

When you use the Service, we may automatically collect:

  • IP address;
  • browser type and version, operating system, and device category;
  • request logs and response logs;
  • session activity;
  • authentication events;
  • rate-limiting, security, and abuse-prevention telemetry.

3.9 Cookies and Similar Technologies

We use only strictly necessary cookies and similar technologies — that is, technologies required for the Service to function and that do not require consent under applicable law. Specifically, we use:

  • authentication session cookies, set by our authentication provider, to keep you signed in and to secure your account session;
  • invitation-claim cookies, set when you open a single-use invitation link (for example, a survey or board invitation), to prevent the same invitation from being claimed more than once across different browsers or devices. These cookies are scoped to the relevant invitation, are marked HttpOnly and Secure, and expire automatically (currently within 30 days).

We do not use the Service to set advertising, cross-site tracking, or analytics cookies, and we do not embed third-party advertising or analytics tracking pixels. Because we do not use non-essential cookies, we do not currently display a cookie consent banner; if this changes, we will update this Policy and implement an appropriate consent mechanism before doing so, as required by applicable law. You can control or delete cookies at any time through your browser settings, though disabling essential cookies may prevent you from signing in or using certain features (such as claiming an invitation) correctly.

4. How We Use Personal Data

We may use personal data to:

  • provide, operate, and improve the Service;
  • create, configure, deliver, and manage boards and related features;
  • authenticate users and maintain account security;
  • process invitation workflows, survey responses, invoice workflows, gallery workflows, and store credit activity;
  • send transactional and operational messages;
  • detect and prevent fraud, spam, abuse, security incidents, and unauthorized access;
  • enforce our Terms and Conditions;
  • comply with legal, tax, accounting, regulatory, and recordkeeping obligations;
  • respond to support requests, complaints, disputes, and lawful requests;
  • analyze platform performance, reliability, and product quality.

Where you have opted in or where applicable law otherwise permits, we may use your contact information to send marketing communications. You may withdraw marketing consent at any time by using the unsubscribe mechanism in the message or by updating your account settings.

5. Legal Bases for Processing

Where the GDPR or UK GDPR applies, we process personal data under one or more of the following legal bases:

  • Performance of a contract — to provide the Service you request, manage accounts, deliver boards, and process transactions.
  • Legitimate interests — to secure the Service, prevent fraud and abuse, maintain logs, improve reliability, and defend legal claims, where those interests are not overridden by your rights and freedoms.
  • Legal obligation — to comply with tax, accounting, recordkeeping, law enforcement, regulatory, or court-order obligations.
  • Consent — for certain marketing communications, cookie categories, or other processing where consent is required by law.

We do not use personal data for automated decision-making that produces legal or similarly significant effects unless clearly stated and legally permitted.

6. Disclosure of Personal Data

We do not sell your personal data.

We disclose personal data only to the following service providers (sub-processors), each of which processes personal data on our behalf solely to provide the Service and is bound by contractual confidentiality and data-protection obligations:

  • Supabase, Inc. — database hosting, user authentication, and file storage.
  • Vercel, Inc. — application hosting, runtime, and content delivery.
  • Stripe, Inc. — payment processing and transaction management.
  • Resend and/or Amazon Web Services Simple Email Service — transactional and operational email delivery.
  • Tremendous, Inc. — gift card fulfillment, only on boards where the gift-card feature is enabled.

We do not currently use any third-party analytics, advertising, or tracking service. We do not use any sub-processors beyond those listed above. If we add a new sub-processor that materially changes how your personal data is processed, we will update this Policy.

We may also disclose personal data:

  • if required by law, court order, subpoena, or lawful request from a government or regulatory authority;
  • to protect the rights, property, security, or safety of the Company, our users, or others;
  • to investigate or enforce violations of our Terms and Conditions;
  • in connection with a merger, acquisition, financing, corporate reorganization, or sale of assets, subject to continued protection of personal data consistent with this Policy.

7. International Transfers

The Company is based in the United States, and our infrastructure and service providers (listed in Section 6) host and process data primarily in the United States. If you access the Service from outside the United States, your personal data will be transferred to, stored in, and processed in the United States, which may not have the same data protection laws as your home jurisdiction.

Where the GDPR, UK GDPR, or a similar law requires a specific safeguard for transferring personal data out of your jurisdiction, we rely on the safeguards made available by our service providers, which may include the EU Standard Contractual Clauses, the UK International Data Transfer Addendum, or another lawful transfer mechanism offered by that provider. You may contact us using the details in Section 14 to ask which safeguard applies to a particular transfer.

8. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Retention periods may vary by data type:

  • Account data — retained while your account remains active and for a reasonable period thereafter as required by law or legitimate business needs.
  • Board data — retained while the board remains active and for a reasonable period after archival or deletion, unless a longer period is required by law or by the features of the Service.
  • Gallery content — deleted when the selected retention period expires.
  • Payment and store credit records — retained for at least seven (7) years for accounting, tax, audit, and legal compliance.
  • Security and audit logs — retained for a period appropriate to security, fraud prevention, and incident response.
  • Support communications — retained for dispute resolution, quality assurance, and compliance.

When retention is no longer required, data is deleted or de-identified.

9. Security

We use commercially reasonable technical and organizational measures to protect personal data, which may include:

  • TLS encryption in transit;
  • access controls and role-based permissions;
  • database security controls;
  • audit logs;
  • tokenized or signed access for protected resources;
  • password strength rules;
  • abuse-prevention and rate-limiting controls.

No system is perfectly secure. We cannot guarantee absolute security, and you use the Service at your own risk.

10. Your Privacy Rights

Subject to applicable law and identity verification, you may have the right to:

  • access your personal data;
  • correct inaccurate or incomplete personal data;
  • delete personal data in certain circumstances;
  • receive a portable copy of certain personal data;
  • restrict or object to certain processing;
  • withdraw consent where processing is based on consent.

Self-service access and portability. Authenticated users can download a structured, machine-readable export of their personal data — including profile data, boards, invoices and payment records, wallet/credit transactions, support messages, and legal-acceptance records — at any time from the account settings page ("Export My Data"). This export is provided immediately, without needing to contact us.

Self-service erasure. Authenticated users can permanently delete their account at any time from account settings ("Close Account & Delete All Data"). Deleting your account immediately and permanently deletes your profile, boards and board content, invoices, wallet/credit history, and consent records. This action is irreversible, including any remaining wallet/store-credit balance, and is not subject to a delay or retention period before deletion occurs. Certain records (for example, payment and tax records, or records we are required to keep for legal compliance) may be retained after account deletion as described in Section 8.

Other rights requests. To exercise any other right described above (correction, restriction, objection, or a request relating to data you cannot manage directly through account settings), submit a request using the Contact Us form in the Service and select "Privacy & Data" as the reason. We will respond to verified requests within the timeframe required by applicable law.

We may need to verify your identity before acting on your request. Some requests may be limited by legal obligations, fraud prevention needs, or technical constraints.

11. California Privacy Rights

If you are a California resident, you may have additional rights under the CCPA and CPRA, including the right to:

  • know what personal information we collect, use, disclose, and retain;
  • delete personal information, subject to exceptions;
  • correct inaccurate personal information;
  • access personal information in a portable format;
  • opt out of the sale or sharing of personal information, if applicable;
  • limit the use and disclosure of sensitive personal information, if applicable;
  • not be discriminated against for exercising your privacy rights.

We do not sell personal information as those terms are commonly used under the CCPA/CPRA, and we do not share personal information for cross-context behavioral advertising.

To submit a California request, use the Contact Us form in the Service and select "Privacy & Data" as the reason, or use the self-service data export and account deletion tools described in Section 10. We will respond within the time period required by law.

12. Board Owner Responsibilities

If you create or manage boards, you may collect personal data from contributors, survey respondents, invoice clients, gallery clients, or other participants. In those cases, you are responsible for:

  • providing proper privacy notices;
  • obtaining all necessary consents;
  • having a lawful basis for collection and processing;
  • collecting only data that is necessary for your stated purpose;
  • responding to data subject requests relating to the data you collect;
  • ensuring your own compliance with applicable privacy and communications laws.

We do not guarantee that your use of the Service makes your data practices compliant with any law. You are solely responsible for your own compliance obligations.

13. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data to the Service, contact us immediately so we can review and take appropriate action.

14. Contact and Complaints

If you have questions about this Policy or want to exercise your privacy rights, use the Contact Us form in the Service and select "Privacy & Data" as the reason for your message. This is the fastest and most reliable way to reach us about a privacy matter.

Privacy Contact: Anthro Beacon (operator of Social Boards Live!) Contact: Contact Us form within the Service, reason type "Privacy & Data"

If you are located in the EEA, UK, or another jurisdiction with a data protection authority, you may also have the right to lodge a complaint with your local supervisory authority.

15. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and may provide additional notice where required by law. Your continued use of the Service after the updated Policy becomes effective means you acknowledge the revised Policy to the extent permitted by law.

Back to Dashboard