leafblade

Privacy Policy

1. Overview

This privacy policy explains how Leafblade collects, uses, and protects your personal data when you use our website. We are committed to processing as little data as possible — your documents are never stored on our servers.

2. Data Controller

Lorenzo Melchior
Sonnenallee 141
12059 Berlin, Germany
Email: contact@leafblade.dev

3. Hosting

This website is hosted on Google Cloud Platform (GCP) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit this website, your connection data (e.g. IP address) may be processed by Google Cloud servers.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in reliable website operation). See Google's Privacy Policy.

4. Registration and Authentication

You can create an account using email and password, or sign in via Google or GitHub. Authentication is handled by Google Identity Platform (Firebase Authentication).

The following data is processed:

  • Email address
  • Display name (if provided)
  • Profile picture URL (for OAuth sign-in)
  • Unique user ID
  • Subscription status (Pro/Free)

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Sign-in via Google

When you sign in with Google, your name, email address, and profile picture are shared with us by Google. See Google's Privacy Policy.

Sign-in via GitHub

When you sign in with GitHub, your username, email address, and profile picture are shared with us by GitHub. See GitHub's Privacy Statement.

5. Payments (Stripe)

Payment processing is handled by Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.

When you subscribe to Leafblade Pro, your payment details (card number, expiry, CVC) are processed directly by Stripe. This data never reaches our servers. We only receive a payment confirmation and a customer ID from Stripe.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

Data transfer to the USA: Stripe is certified under the EU-US Data Privacy Framework and additionally relies on Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR to ensure an adequate level of data protection for transfers to the United States. See Stripe's Privacy Policy.

6. Document Processing

The markdown text and images you provide are processed solely to generate your PDF document. This data is not stored and is deleted immediately after the conversion completes. No document content is retained on our servers.

7. Server Logs

Our hosting provider (Google Cloud) automatically collects technical information in server log files:

  • Browser type and version
  • Operating system
  • Referrer URL
  • IP address
  • Time of request

This data is not combined with other data sources. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure operation).

8. Data Retention

We retain your data for the following periods:

  • Account data (email, name, user ID): retained for as long as your account exists. Deleted within 30 days of account deletion.
  • Subscription data (Pro status, Stripe customer ID): retained for as long as the subscription is active, plus the legally required retention period for financial records (10 years under German commercial law, § 257 HGB).
  • Server logs (IP address, request data): automatically deleted after 30 days by Google Cloud.
  • Document content (Markdown, images): not retained — deleted immediately after PDF conversion.

9. Cookies and Local Storage

This website does not use tracking cookies or analytics tools. We only use your browser's local storage (localStorage) to save your editor settings and markdown text. This data never leaves your browser.

10. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure of your data (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)

To exercise your rights, contact us at contact@leafblade.dev.

11. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for us is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstraße 219
10969 Berlin, Germany
www.datenschutz-berlin.de

12. Changes to this Policy

This privacy policy is current as of March 2026. We may update it as our services evolve or legal requirements change.

Impressum / Legal NoticeTerms of Service