Privacy Policy

Effective: February 21, 2026 · Last updated: March 6, 2026

1. Introduction

BG Labs ("we," "our," "us") operates the bglabs.app service and associated plugins. This Privacy Policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

2.1 Account Data

When you create an account, we collect:

• Email address
• Password (hashed, never stored in plaintext)

2.2 Embed API Request Data

When a visitor loads a page using a BG Labs animation, the visitor's browser makes a request to bglabs.app. This includes:

• The page URL (via the HTTP Referer header) — used to verify domain authorization
• The API key — used to authenticate the request
• Standard HTTP headers (User-Agent, IP address) — used for rate limiting and abuse prevention

We do not: set cookies on visitor browsers, track visitors across sites, collect personal data from site visitors, use visitor data for advertising, or sell any data to third parties.

2.3 Dashboard Analytics

When you use the BG Labs dashboard, we use Google Analytics (with IP anonymization enabled) to understand how the service is used. This data is collected only with your consent via our cookie banner. You may opt out at any time via your profile settings or by clicking "Essential Only" on the cookie banner.

2.4 Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers. We receive transaction identifiers and billing status from Stripe.

3. Cookies

We use two categories of cookies:

• Essential cookies: Required for authentication and session management. These cannot be disabled.
• Analytics cookies: Google Analytics cookies (_ga, _gid) that help us understand usage patterns. These are only set with your consent and can be disabled at any time.

You can manage your cookie preferences via the cookie banner (shown on first visit) or from your profile settings.

4. How We Use Data

We use collected data to:

• Authenticate API requests and enforce domain authorization
• Deliver animation code to authorized domains
• Prevent abuse and enforce rate limits
• Improve the Service
• Communicate with you about your account

5. Data Retention

• Account data is retained while your account is active. You may request deletion at any time.
• API request logs (domain, API key, timestamp) are retained for 90 days, then automatically purged.
• Payment records are retained as required by applicable tax and financial regulations.

6. Data Sharing

We do not sell, rent, or share your data with third parties except:

• Service providers who help us operate the Service (e.g., hosting, payment processing, analytics), bound by data protection agreements
• Legal requirements when required by law, subpoena, or court order
• Business transfers in connection with a merger, acquisition, or sale of assets (you will be notified)

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data (account data is anonymized; animations created by BG Labs remain our property)
• Export your data in a portable format (account information and domain configurations; animation source code is proprietary to BG Labs and not included in exports)
• Object to certain processing
• Withdraw consent for analytics cookies at any time

To exercise these rights:

• Export or delete your account: Visit your profile settings — use the Export and Delete Account buttons in the Account section.
• Other requests: Submit a request via our contact form.

7.1 GDPR (European Users)

If you are in the EEA, the legal bases for processing your data are: contract performance (to deliver the Service), legitimate interest (abuse prevention, service improvement), and consent (analytics cookies, marketing).

7.2 CCPA (California Users)

California residents have the right to know what personal information is collected, request its deletion, and opt out of its sale. We do not sell personal information.

8. Account Deletion

When you request account deletion through your profile settings:

• Your email and personal identifiers are anonymized (replaced with non-reversible hashes)
• Your API keys are revoked and animations stop rendering on your domains
• Aggregated usage data is retained in anonymized form for business analytics, as permitted under GDPR Art. 89 and CCPA exemptions for de-identified data
• Animation source code and visual effects remain the sole property of BG Labs per our Terms of Service

9. Children

The Service is not directed at children under 13. We do not knowingly collect data from children.

10. International Transfers

Data may be processed in the United States. By using the Service, you consent to the transfer of data to the US, where data protection laws may differ from your jurisdiction.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the dashboard or email.

12. Contact

For privacy questions or data requests, please use our contact form.