Privacy Policy & GDPR Compliance
Last updated: April 2026 · StoryBoard Express by JK Design
1. Data Controller
2. Data Collected and Purposes
| Data category | Purpose | Legal basis (GDPR) | Retention period |
|---|---|---|---|
| Uploaded video / image files | Local in-browser processing only (RAM) | Service execution | Never stored — deleted when the tab is closed |
| Project data (localStorage) | Local auto-save, with consent | Consent (Art. 6.1.a) | Until manual deletion or withdrawal of consent |
| Google AdSense advertising cookies | Serving personalised ads to fund the free service | Consent (Art. 6.1.a) | As per Google policy (typically 13 months) |
| Google Analytics data (if enabled) | Anonymised audience measurement | Legitimate interest / Consent | Up to 14 months |
| IP address / server logs | Security, anti-abuse (Cloudflare Workers) | Legitimate interest (Art. 6.1.f) | Up to 30 days |
3. Cookies and Trackers
3.1 Strictly necessary cookies No consent required
- Interface preferences (theme, display mode) — sessionStorage / localStorage — never sent to a third party
- Cookie consent state — localStorage — duration: 1 year
3.2 Google AdSense advertising cookies Consent required
StoryBoard Express is a free tool funded by Google AdSense advertising. These cookies may include:
- __gads / __gpi — Google advertising identifiers — duration: 13 months
- IDE (DoubleClick) — ad targeting — duration: 13 months
- NID / DSID — ad personalisation — duration: 6 months
You can manage your preferences via Google Ad Settings and aboutads.info.
See Google’s Privacy Policy for full details.
4. Third-Party Partners — Google LLC
The only third-party partner integrated into StoryBoard Express is Google LLC, for advertising via Google AdSense. No other ad network, social tracking pixel (Meta, TikTok, Twitter…), or third-party analytics tool is present on this site.
| Partner | Service | Data processed | Purpose | Retention | Legal basis | Policy |
|---|---|---|---|---|---|---|
| Google LLC 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA |
Google AdSense (advertising) | Cookie identifiers (__gads, __gpi, IDE), truncated IP, browsing data (page views, ad clicks), device type, browser language |
Serving personalised or non-personalised ads depending on consent. Ad performance measurement. | __gads / __gpi: 13 months IDE: 13 months NID: 6 months DSID: 2 weeks Aggregated data: 26 months |
Consent (Art. 6.1.a GDPR) | policies.google.com/privacy |
| Google LLC | Google Fonts (typefaces) | Visitor IP address (temporary server log) — no cookie placed | Loading the typefaces used in the interface | Logs deleted within 90 days per Google policy | Legitimate interest (Art. 6.1.f) | developers.google.com/fonts/faq/privacy |
| Cloudflare, Inc. 101 Townsend St, San Francisco, CA 94107, USA |
CDN, hosting, anti-abuse protection | IP address, HTTP headers, request logs | Web page delivery, security, DDoS and spam protection | Logs: up to 30 days | Legitimate interest (Art. 6.1.f) | cloudflare.com/privacypolicy |
__gads, __gpi, and IDE are not set.
5. International Data Transfers
Google LLC, headquartered in the United States, processes data as part of ad delivery. These transfers are governed by the European Commission’s Standard Contractual Clauses and the EU-US Data Privacy Framework (DPF) adopted in 2023. Cloudflare, Inc. also relies on Standard Contractual Clauses for EU → US transfers. See Cloudflare’s GDPR centre.
6. Your Rights as a European Resident (GDPR)
- Right of access — No personal data is stored by JK Design. There is no data to communicate.
- Right of rectification — Not applicable (no personal data stored).
- Right to erasure — You can delete your local data via your browser settings → Site storage.
- Right to withdraw consent — You can withdraw cookie consent at any time via the cookie banner.
- Right to portability — Your projects can be exported as JSON directly from the app.
- Right to object — You can block ads via an ad blocker or Google settings.
- Right to lodge a complaint — You may contact the CNIL (French Data Protection Authority) for any complaint.
To exercise your rights: Contact form. Response within 30 days.
7. Data Security
The application is hosted on Cloudflare infrastructure (global CDN, mandatory HTTPS, serverless Workers). No user database is maintained. AI API keys (when used) pass through serverless functions without logging content.
8. Consent Management
On your first visit, a consent banner is presented in accordance with GDPR and CNIL guidelines. You can modify your preferences at any time from the bottom of this page or from the app settings.
9. Changes to this Policy
This policy may be updated as the application evolves or regulations change. The revision date is shown at the top of this page. In the event of a substantial change, a notification will be displayed in the app.
Related pages
Terms of Use · Legal Notice · Privacy Policy · Features & Limitations