CORKBOARD STUDIO
TermsPrivacyEULAOpen App
ContentsScopeInformation We CollectHow We Use ItHow We Disclose ItAI and IntegrationsSchools and ChildrenRetentionSecurityChoices and RightsU.S. State DisclosuresInternational UsersChangesContact

CorkBoard Studio legal

Privacy Policy

Effective: July 16, 2026   |   Last updated: July 16, 2026

This Policy describes CorkBoard Studio's handling of account, production, collaboration, educational, and technical information. It also explains when information remains only on your device and when an optional feature sends information to another provider.

1. Scope and Controller

This Policy applies to CorkBoard Studio, CorkBoard University, Framewalker, and related websites, apps, and services operated by Jack Allen (collectively, "CorkBoard"). It does not govern third-party sites, devices, or services that have their own privacy practices.

If a school, district, employer, or production organization provides your account, that organization may control your account and content. Its privacy notice and written agreement with CorkBoard may supplement this Policy.

2. Information We Collect

CategoryExamplesHow collected
Account and identityName, email address, Firebase user ID, profile name, authentication provider, account and approval statusFrom you, Google/Apple authentication, or an organization
Production and creative contentScripts, breakdowns, schedules, budgets, contacts, auditions, locations, call sheets, emergency contacts, safety notes, graphics, wardrobe, props, storyboards, messages, files, exports, and project metadataFrom users and collaborators
Education informationSchool/class association, enrollment, pathway, assignments, assessments, progress, grades, credentials, teacher feedback, and portfolio submissionsFrom students, instructors, schools, and service activity
Collaboration dataInvitee email, inviter, role, membership, permissions, acceptance status, team activity, comments, and communicationsFrom project owners and collaborators
Files and mediaDocuments, PDFs, scripts, images, PNG graphics, URLs, and associated metadata selected for import or uploadFrom your device or linked service
Settings and local dataDisplay preferences, drafts, project caches, local-only projects, API keys you elect to store locally, and game or lesson progressStored in browser storage or on your device
Technical and usage dataIP address, browser/device type, timestamps, request and error logs, security events, feature use, sync status, and approximate location inferred from IPAutomatically through hosting, security, and service operation
Integration dataAddresses or coordinates sent for maps/routes/weather, selected content sent to an AI provider, email links, and local broadcast device addresses/commandsWhen you invoke the integration
Transaction dataPlan, purchase status, billing contact, transaction identifiers, and limited payment metadataFrom you and a payment provider; full card details are handled by the provider
Support and feedbackMessages, attachments, diagnostic information, requests, and survey or feedback responsesFrom you

Some project fields can contain sensitive information, including private contact details, precise production locations, emergency information, student records, unreleased scripts, or confidential budgets. Enter only information that is necessary and that you are authorized to process.

3. How We Use Information

  • Provide authentication, storage, synchronization, collaboration, exports, education, support, and broadcast features.
  • Apply project and school permissions and deliver invitations.
  • Operate optional features you request, such as weather, routing, AI, email, and hardware integrations.
  • Maintain, secure, debug, measure, and improve the services.
  • Prevent fraud, abuse, unauthorized access, and violations of our Terms.
  • Administer accounts, subscriptions, institutional relationships, and support.
  • Comply with law, enforce agreements, protect rights and safety, and resolve disputes.
  • Send service, security, account, and legal notices. Marketing messages, where used, will include choices required by law.

Where applicable law requires a legal basis, we process information to perform our contract, pursue legitimate interests such as service security and improvement, comply with legal obligations, protect vital interests, or act with consent.

4. How We Disclose Information

We may disclose information:

  • At your direction: to collaborators, classes, organizations, public-link recipients, export recipients, broadcast outputs, or integrations you select.
  • To service providers: hosting, authentication, cloud database, content delivery, support, security, email, analytics if enabled, and payment providers that process information for service operation.
  • To integration providers: for example Google/Firebase, Google or Apple sign-in, Google Gemini or a configured AI proxy, OpenStreetMap/Nominatim, OSRM, Open-Meteo, and device or broadcast vendors when you invoke those services.
  • For legal and safety reasons: when reasonably necessary to comply with law, legal process, enforce agreements, investigate abuse, or protect users, CorkBoard, or the public.
  • In a business transaction: in connection with financing, due diligence, merger, acquisition, reorganization, bankruptcy, or transfer, subject to appropriate safeguards.

We do not currently sell personal information for money or share it for cross-context behavioral advertising. We do not use private student or project content for targeted advertising. If these practices change, we will update this Policy and provide legally required choices before the change applies.

5. AI, Maps, Weather, and Hardware Integrations

Optional integrations can transmit data outside CorkBoard:

  • An AI request may send selected script or project content to Google Gemini or a customer-configured proxy. Provider retention and model-training choices depend on the provider account and terms.
  • Address-based weather and routing can send an address or coordinates, along with ordinary network information, to Nominatim/OpenStreetMap, OSRM, Open-Meteo, or related services.
  • Google and Apple receive information when you use their sign-in services.
  • Local hardware integrations may process device addresses and commands on your network. Network or server configuration can affect whether those details leave the device.
  • External fonts, libraries, and content-delivery networks receive ordinary web-request data such as IP address, browser information, and requested resource.

Do not use an integration with confidential, regulated, student, or third-party material unless the relevant organization has approved the provider and terms.

6. Schools, Education Records, and Children

CorkBoard is not directed to children under 13 for independent registration. We do not knowingly collect personal information directly from a child under 13 without an authorized school arrangement or legally valid parental consent. Contact us to request deletion if you believe this occurred.

When a school uses CorkBoard to perform an institutional service, the applicable written agreement should define the school as controller of education records, permitted educational purposes, direct-control requirements, access, redisclosure, security, retention, deletion, and parent/student rights. CorkBoard uses school-managed records to provide the contracted service and not for targeted advertising.

Schools are responsible for determining whether and how FERPA, COPPA, state student-privacy laws, accessibility rules, and local policies apply before provisioning accounts or uploading education records. This Policy alone is not a school data-processing agreement or parental-consent mechanism.

7. Retention and Deletion

We retain account and content information while needed to provide the service, for the period directed by an organization, and as reasonably necessary for security, backups, fraud prevention, disputes, legal compliance, and enforcement. Retention varies by data type and account context.

Local-only information may remain on your device until you clear browser storage, remove the app, or delete it. Deleting active cloud content may not immediately remove encrypted backups or records that must be retained by law, but such data will remain protected and removed or isolated according to the applicable cycle.

Export important projects before requesting deletion. Contact support for access or deletion where an in-product control is unavailable. Organization-managed users may need to direct requests to their administrator.

8. Security

We use administrative, technical, and organizational measures designed to protect information, including authentication, role-based Firestore rules, transport protections, access controls, and backups where configured. No online service is completely secure. Protect your credentials, limit sensitive project fields, review team membership, and maintain independent backups of critical productions.

If we determine that a security incident requires notice, we will notify affected users, organizations, or authorities as required by applicable law.

9. Your Choices and Privacy Rights

Depending on your location and relationship with CorkBoard, you may have rights to request access, correction, deletion, portability, restriction, objection, or withdrawal of consent. You may also have a right to appeal a denied request or complain to a regulator.

Submit requests to support@corkboardstudio.com. We may verify your identity and authority. Authorized agents must provide legally sufficient authorization. Some information may be exempt or retained as permitted by law. Organization-managed account requests may be referred to the controlling organization.

You can manage certain information directly by editing projects, changing permissions, exporting data, signing out, clearing local browser storage, or declining optional integrations.

10. U.S. State Privacy Disclosures

The table in Section 2 describes categories of personal information collected, sources, purposes, and recipients. Depending on applicable state law, relevant statutory categories can include identifiers, customer records, commercial information, internet or electronic activity, approximate or precise location entered into project tools, education information, professional information, audio/visual content, and inferences generated from activity.

We do not currently sell personal information or share it for cross-context behavioral advertising. We do not knowingly sell or share the personal information of users under 16 for those purposes. We will not discriminate against you for exercising an applicable privacy right.

11. International Processing

CorkBoard and its providers may process information in the United States and other countries whose laws may differ from those where you live. Where required, an institutional agreement may include an approved transfer mechanism and additional regional terms. Do not deploy CorkBoard for regulated international use until the organization has completed its own legal and provider review.

12. Changes to This Policy

We may update this Policy as the service, providers, or law changes. We will update the date above and provide additional notice of material changes where required. Prior versions may be requested from support.

13. Contact

CorkBoard Studio
Operated by Jack Allen
Privacy inquiries: support@corkboardstudio.com
Copyright © 2026 CorkBoard Studio. Terms · EULA