← Leaf

Privacy Policy

Last updated: April 2026

What we collect

  • Account data: your email, a bcrypt hash of your password (if you sign up with email), and a unique account ID.
  • Content you create: the HTML pages, folders, project metadata, and gallery images you upload.
  • Billing data: if you subscribe to Pro, Stripe stores your payment method. Leaf stores only your Stripe customer ID and subscription status. We never see full card numbers.
  • Request logs: standard server logs (IP, user agent, timestamp, path) kept for up to 30 days for security and debugging.

What we don’t do

  • We don’t sell your data.
  • We don’t run ad trackers on our app.
  • We don’t read the content of your private pages. Admin staff only access stored content when you request support or to investigate abuse.

Sub-processors

Leaf relies on a small number of vendors to operate the service:

  • Supabase — hosted database and authentication.
  • Stripe — payment processing and subscription management.
  • Vercel — application hosting.

Public pages

Pages you mark as public are served without authentication and are indexable by search engines. Pages you mark as private or password protected are served with X-Robots-Tag: noindex and are not crawlable. Password hashes use bcrypt; we do not store password plaintext.

Your rights

You can edit or delete any page, project, or folder at any time. You can delete your account from the settings page, which removes your rows from our database. Billing history remains with Stripe subject to their retention policy.

If you are in the EU/UK, you have rights under GDPR including access, portability, and erasure. Email support@leafpages.app to exercise them.

Cookies

We use a small number of cookies: a session cookie for authentication and an HMAC-signed unlock cookie that keeps password-protected pages open after you enter the password. No third-party ad cookies.

Contact

Questions or requests: email support@leafpages.app.

Terms of service →