Privacy Policy

Effective date: 2026-03-06  ·  Last updated: 2026-04-16

Overview

This page explains how the Brand Kit app at shaanwocker.online / brand-kit.shaanwocker.online handles data.

Data we collect

• Brand Profile (local only): Your brand profile fields (name, tagline, website, initials, accent color) are stored in your browser using localStorage. This data never leaves your device.
• Gmail connection (optional): If you connect Gmail, the app uses Google OAuth to request access needed to create email drafts (not to auto-send). OAuth tokens are stored server-side in secure, httpOnly cookies inaccessible to JavaScript.
• Basic technical data: Like most websites, hosting providers may log basic request data (e.g., IP address, user agent) for security and reliability.

How we use data

• To provide the app features (template generation and optional Gmail draft creation).
• To keep the service secure and reliable.

Data protection mechanisms

We protect your data using the following technical and organisational measures:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
• Secure token storage: Google OAuth tokens are stored exclusively in httpOnly cookies, preventing client-side script access and reducing exposure to cross-site scripting (XSS) attacks.
• Minimal data collection: We collect only the Google OAuth scopes strictly necessary to create Gmail drafts. We do not request access to read, send, or delete your emails.
• No third-party data sales: We do not sell, rent, or trade your personal information or Google user data to any third parties.

Data retention and deletion

• Brand Profile data is stored entirely in your browser's localStorage and is retained until you clear your browser site data. No copy is held on our servers.
• Google OAuth tokens are retained on our servers only for as long as your Gmail connection is active. Tokens are deleted immediately when you disconnect Gmail within the app, or when you revoke access via your Google Account settings at myaccount.google.com/permissions.
• Server logs (IP address, user agent) generated by our hosting provider are retained for up to 30 days for security and reliability purposes, after which they are automatically deleted.
• Deletion requests: You may request deletion of any data associated with your use of the service by contacting us at connect@shaanwocker.online. We will action deletion requests within 30 days.

Sharing

We do not sell your personal information. We only share data with service providers used to run the app (e.g., hosting and Google OAuth/Gmail) as required to provide functionality.

Your choices

• You can clear your Brand Profile by clearing your browser's site data for this domain.
• You can disconnect Gmail within the app (if enabled) and revoke access in your Google Account.
• You can request deletion of server-side data by contacting us directly.

Contact

If you have questions, contact: connect@shaanwocker.online