Privacy Policy

Last updated: February 23, 2026

What we collect

Data	Purpose	Retention	Who sees it
GitHub username, display name, avatar	Identify you in the editor	Until you sign out (localStorage)	Only you (client-side)
GitHub OAuth token	Read/write your repos on save	Session cookie, httpOnly	Vercel serverless (token exchange only, not stored)
Aggregate usage stats	Improve the product	Indefinitely, anonymized	JustDraw team

What we don't do

• No behavior tracking or fingerprinting
• No advertising or ad-related data sharing
• No selling or renting of your data
• No email collection
• No third-party analytics scripts

Third parties

GitHub — OAuth provider and repo storage. Their privacy policy applies to data stored in your repositories.

Vercel — Hosting and serverless functions. Standard infrastructure logs (IP address, timestamp) are retained per their privacy policy.

Your rights (GDPR)

You have the right to access, rectify, delete, and port your data.

• Sign out to clear all client-side data (localStorage, session cookie).
• Revoke OAuth access at github.com/settings/applications.
• Clear browser data (IndexedDB, localStorage) via your browser settings to remove all locally cached icon data.
• Contact us at privacy@justdraw.dev for any data request. We respond within 72 hours.
• You have the right to lodge a complaint with your local data protection supervisory authority.

Cookies

We use one httpOnly session cookie for authentication. No tracking cookies, no third-party cookies. No cookie banner needed.

Changes

We may update this policy. Material changes will be noted by updating the date at the top of this page.

Controller

JustDraw. For privacy inquiries: privacy@justdraw.dev.