Privacy Policy
Last updated: May 16, 2026
1. What we collect
We collect information you provide directly: your name, email address, and the templates, variable values, and recipient data you enter into the Service. We also collect standard server logs (IP address, browser type, pages visited) for security and performance purposes.
2. How we use your data
Your data is used solely to provide and improve Oh Boiler — to store your templates and recipient memory, render filled-out drafts on request, and send transactional emails (account verification, billing, security alerts). We do not use your personal data, template content, or recipient information to train AI models, our own or anyone else's.
3. AI fill assist data handling
When you use AI fill assist, the prompt content you submit is sent in real-time to the model provider you select (Anthropic, OpenAI, Google, Mistral, Cohere, Meta). The provider processes the request under their privacy policy; we link to it in the model picker. We retain no copy of the AI-generated output beyond your variable history, which is visible only to you.
4. We do not sell your data
We will never sell, rent, or share your personal information, templates, or recipient data with third parties for marketing or commercial purposes.
5. Third-party services
We use Vercel for hosting (which processes server request data), Supabase (EU, Frankfurt region) for the database, Stripe for payment processing, and Postmark for transactional email. Each operates under its own privacy policy and standard data processing addenda. We do not share template or recipient data with any service beyond what is required to deliver the request you made.
6. Data location & retention
Your account data lives in the European Union (Frankfurt, Germany). We retain your account data for as long as your account is active. If you close your account, your data is exportable for 90 days and then permanently deleted. Anonymized, aggregate usage statistics may be retained indefinitely.
7. Your rights (GDPR & UK GDPR)
If you are in the EU or UK, you have the right to access, correct, port, restrict, or delete your data at any time. You can export all your data in JSON format from your account settings. To exercise other rights or request account deletion, contact us at privacy@ohboiler.com. We respond within 30 days as required by law.
8. Cookies
We use only essential cookies necessary for authentication and session management. We do not use advertising or third-party tracking cookies. Optional analytics (Plausible, EU-hosted) are aggregate and anonymous — no cookies, no personal data.
9. Security
We use industry-standard encryption (TLS 1.3 in transit, AES-256 at rest) to protect your data. Access to personal data is restricted to team members who need it to deliver the Service, logged, and audited quarterly.
10. Children
Oh Boiler is not intended for children under 16. We do not knowingly collect data from anyone under 16.
11. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 14 days before they take effect. The "Last updated" date at the top reflects the latest revision.
12. Contact
For privacy-related questions or data requests, contact us at privacy@ohboiler.com or write to Boilerplate Studio Inc., Lisbon, Portugal.