◆ Panel Spec Designer
Open Designer Log in

Legal

Privacy Policy

Last updated: July 3, 2026

Operator: ismartbase (“we”, “us”, “our”) · Website: ismartbase.com · Privacy contact: privacy@ismartbase.com

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use Panel Spec Designer, our websites, and related services (the “Service”). It is incorporated into our Terms & Conditions. In the event of a conflict between these Terms and this Privacy Policy, the Terms govern except where applicable privacy law requires otherwise. By using the Service, you consent to the practices described here.

Your content. You retain ownership of all PanelSpec designs, layouts, prompts you generate, and generated specifications you create.

Your project files, exports, and prompt text — not the Panel Spec format, schema, or our prompt-generation system (see Sections 7–8 below).

AI training. We do not use your projects or PanelSpec designs to train AI models without your explicit permission.

Global audience. We are based in the United States and serve users worldwide. Depending on where you live, you may have rights under privacy laws such as the European Union and UK GDPR, California CCPA/CPRA, Colorado CPA, Virginia VCDPA, Connecticut CTDPA, Utah UCPA, Canada’s PIPEDA, Brazil’s LGPD, and similar laws. Sections 9, 11, and 12 below describe retention, your rights, and international transfers in more detail.

Your data — quick answers for developers

Before you upload proprietary work, here is how we handle it:

Who owns my data?
You do. You retain ownership of all PanelSpec designs, layouts, prompts you generate, and generated specifications you create. We do not claim ownership of your designs. We own the Panel Spec format, designer software, and shared specification rules (see our Terms, Sections 7–8).
Is my data used for AI training?
No — not without your explicit permission. We do not use your projects or PanelSpec designs to train AI models unless you opt in to a feature that says otherwise.
Where is my data stored?
Cloud-saved projects are stored on servers in the United States (our hosting provider). Local drafts stay in your browser until you save to the cloud. Payment data is processed by Stripe. See Section 13 (international transfers).
How long is it retained?
While your account is active and as described in Section 9 — including deletion within ~30 days after account removal and up to 90 days in encrypted backups.
How can I delete it?
Use Delete account in the designer Account panel (password required), delete individual projects in the designer, or email privacy@ismartbase.com.

1. Information we collect

Information you provide

  • Account data: email address, password (stored in hashed form), mobile phone number (for password recovery), and Terms acceptance version and timestamp recorded at signup.
  • Design data: panel layouts, project names, device settings, and related content you save to cloud storage.
  • Comments: display name and comment text if you post on our public comments page.
  • Billing: subscription status and limited billing metadata processed by our payment provider (we do not store full payment card numbers).
  • Communications: messages you send us (support, legal notices, privacy requests).

Information collected automatically

  • Usage data: feature usage (e.g. prompt-generation event counts), timestamps, and standard web server logs (requested URLs, IP address) from our hosting provider — we do not use third-party page-analytics scripts
  • Device and browser data: IP address, browser type, operating system, language, and screen characteristics (including standard web server and security logs from our hosting provider).
  • Anonymous visitor identifier: a random ID stored in your browser (localStorage) to distinguish guest usage for aggregate statistics — not linked to your name unless you create an account.

2. How we use information

We use personal information to:

  • Provide, operate, maintain, and improve the Service
  • Create and manage your account and cloud-saved projects
  • Process subscriptions and send transactional messages (receipts, security alerts, password codes)
  • Display public comments and moderate abuse
  • Monitor usage, debug errors, and protect against fraud and misuse
  • Comply with law and enforce our Terms
  • Send optional product updates where permitted — we do not currently send promotional or marketing emails; if we do in the future, you will be able to opt out

We do not sell your personal information. We do not share personal information for cross-context behavioral advertising.

AI and model training

We do not use your PanelSpec designs, projects, or prompts to train public or third-party AI models without your explicit consent. We may use aggregated, de-identified usage statistics — not your design content or prompts — to improve reliability and security of the Service. This statement is consistent with Section 9 of our Terms & Conditions.

3. AI, PanelSpec, and your designs

Panel Spec Designer is an AI-assisted layout specification tool — not an application generator. It describes UI layout; external AI tools implement functionality. The following answers common privacy questions. This section supplements Section 2 and aligns with Section 9 of our Terms & Conditions.

AI trust: We do not use your PanelSpec designs or projects to train AI models without your explicit consent.

  • Are my designs used to train AI models? No. We do not use your PanelSpec designs, projects, or generated prompts to train public or third-party AI models without your explicit consent to a feature that states otherwise.
  • Who owns exported PanelSpec files? You do. Subject to our Terms, you own the layout specifications, project files, and exports you create. We retain rights in the Panel Spec format, schema, and platform — not in the content of your documents.
  • Do ChatGPT, Claude, Cursor, or other AI tools receive my data? Only when you choose. The Service generates prompts and specifications in your browser. We do not automatically send your designs to external AI services. Those tools receive your content only if you copy, paste, upload, or otherwise share it with them under their own terms.
  • Are prompts stored? Generated prompt text is produced client-side for you to copy. We do not log or store the text of generated prompts on our servers. We may record that a prompt-generation event occurred (timestamp, account or anonymous visitor ID) for aggregate statistics — without the prompt content. Cloud-saved projects store the layout and project data you save, not a separate archive of every prompt you generate.
  • Are my layouts private? Cloud-saved projects are private to your account unless you export or share them. We do not publish, sell, or use private project content for advertising. Public comments you post are visible to others. Local-only drafts in your browser stay on your device until you save to the cloud or clear site data. See Section 7 for when we may access private content.

You are responsible for reviewing anything you paste into third-party AI tools and for the code or applications those tools produce.

4. How we share information

We may share information with:

  • Service providers who help us host the site, send email/SMS, process payments (e.g. Stripe), and operate infrastructure — under contractual confidentiality and data-processing obligations.
  • Law enforcement or regulators when required by law, subpoena, or to protect rights, safety, and security.
  • Business transfers in connection with a merger, acquisition, or sale of assets. Any successor will remain bound by this Privacy Policy unless users are notified otherwise and given choices required by law.
  • With your direction — e.g. content you post publicly on the comments page.

5. Cookies and similar technologies

We use the following categories:

  • Essential. Session cookies required for authentication, account security, and core Service operation (e.g. PHP session cookies with HttpOnly and secure flags where supported). The Service cannot function properly for logged-in users without these.
  • Functional. Browser localStorage and sessionStorage to remember your theme, language, designer preferences, local drafts, anonymous visitor ID, and similar settings. These are first-party technologies stored on your device, not third-party advertising trackers.
  • Analytics. We do not use third-party advertising cookies or cross-site tracking pixels. See Section 6 for how we measure usage.

You can clear cookies and site data through your browser settings. Clearing essential cookies will log you out; clearing functional storage may reset local drafts and preferences.

6. Analytics

We use first-party analytics only. We do not currently use Google Analytics, Microsoft Clarity, Plausible, Cloudflare Web Analytics, or similar third-party analytics scripts on the Service.

We collect limited, operational metrics on our own servers, such as:

  • Counts of “Generate AI Prompt” usage (linked to your account ID if signed in, or an anonymous browser visitor ID if not)
  • Standard web server logs (IP address, request path, timestamp) for security and reliability
  • Aggregated, de-identified statistics visible only to authorized administrators

We do not use these metrics for advertising profiles or to sell data. Prompt text and project content are not stored in analytics records.

7. Access to your private projects

We treat cloud-saved layouts and project files as private to your account. We do not read, mine, or inspect private project content except:

  • When you request support and ask us to look at a specific issue
  • To investigate abuse, security incidents, or violations of our Terms
  • When required by law or valid legal process
  • Through automated processes necessary to store, transmit, back up, or display your data to you (e.g. saving to our database)

Employees and contractors with access to production systems are limited to those with a legitimate operational need and are subject to confidentiality obligations.

8. Payment processing

Paid subscriptions are handled by Stripe or another PCI-compliant payment processor. Their use of your information is governed by their privacy policy. We receive limited billing data (such as customer ID, subscription status, and last four digits of a card) to manage your account. We do not store full payment card numbers on our servers.

9. Data retention

We keep information only as long as needed for the purposes described in this Policy, unless a longer period is required by law. Retention periods vary by category:

  • Account data (email, phone, password hash): retained while your account is active. After a confirmed deletion request, active production data is removed within approximately 30 days.
  • Design and project data (cloud-saved layouts, project names, settings): retained while your account is active or until you delete individual projects. Deleted with your account upon confirmed deletion request.
  • Billing and subscription records (Stripe customer ID, subscription status, limited payment metadata): retained while you are a customer and thereafter as needed for tax, accounting, fraud prevention, and legal compliance — typically up to seven (7) years where required.
  • Support and privacy communications: retained as needed to resolve your request and for a reasonable period afterward (generally up to three (3) years unless a longer period is required for legal or dispute purposes).
  • Public comments: retained until you delete them, we remove them for moderation, or your account is deleted.
  • Server and security logs (IP address, request metadata): retained for a limited period for security, abuse prevention, and troubleshooting — generally up to 90 days, unless extended for an active investigation.
  • Prompt-generation analytics (event counts, not prompt text): retained in aggregate form; individual event rows may be kept for operational reporting and then purged or aggregated.
  • Encrypted backups: residual copies of deleted data may remain in backups for up to 90 days before automatic purge.
  • Local browser data (drafts, preferences): remains on your device until you clear site data or uninstall your browser; we do not control retention on your device.

Account deletion

You may delete individual projects in the designer. To delete your entire account and associated cloud projects, use Delete account in the designer Account panel (password confirmation required) or email privacy@ismartbase.com. Active subscriptions are canceled when you delete your account. We may retain limited records where required for tax, billing, fraud prevention, or legal compliance even after deletion.

10. Security

We use reasonable administrative, technical, and organizational measures to protect personal information, including:

  • Encryption in transit: HTTPS/TLS for data transmitted between your browser and our servers
  • Password protection: passwords stored using one-way hashing, not plain text
  • Access controls: restricted access to production systems and databases on a need-to-know basis
  • Encrypted backups: periodic encrypted backups of production data for disaster recovery
  • Infrastructure security: hosting and database protections provided by our service providers

No method of transmission or storage is 100% secure; we cannot guarantee absolute security. You are responsible for safeguarding your account credentials.

11. Your rights and choices

Depending on where you live, you may have some or all of the rights below. We will not discriminate against you for exercising privacy rights permitted by law. To submit a request, email privacy@ismartbase.com. We may need to verify your identity before responding and will reply within the timeframe required by applicable law (for example, within 45 days for many U.S. state requests, or one month for GDPR requests, subject to permitted extensions).

Rights that may apply to you

  • Access — request a copy of personal information we hold about you
  • Correction — request correction of inaccurate personal information (you can also update account details in the designer)
  • Deletion — request deletion of your account and associated data, subject to legal retention requirements (see Section 9)
  • Export / portability — use Export my data in the designer Account panel to download a JSON copy of your account profile, cloud projects, and comments; or email us for assistance
  • Restriction — request that we limit certain processing, where applicable law provides this right
  • Objection — object to processing based on legitimate interests, where applicable law provides this right
  • Withdraw consent — where we rely on consent, you may withdraw it at any time (this does not affect prior lawful processing)
  • Opt out of sale or sharing — we do not sell personal information or share it for cross-context behavioral advertising; no action is required to opt out
  • Appeal — if we decline a request where your jurisdiction provides an appeal right, you may appeal by replying to our decision or contacting us at the address above

All users

  • Access and update account information in the designer or by contacting us
  • Export your data via Export my data in the designer Account panel
  • Delete your account via Delete account in the designer Account panel
  • Control browser cookies and local storage via your device settings

California residents (CCPA/CPRA)

California residents may have the right to know, access, correct, delete, and opt out of certain sharing. We do not sell personal information and do not share it for cross-context behavioral advertising. To exercise rights, email privacy@ismartbase.com with “California Privacy Request”. We will verify your request and respond as required by law.

Other U.S. state laws

Residents of Colorado, Connecticut, Virginia, Utah, and other states with comprehensive privacy laws may have similar rights, including the right to appeal a denied request. Contact us to submit a request.

EEA, UK, and Switzerland (GDPR)

If you access the Service from the EEA, UK, or Switzerland, we process personal data under one or more of the following legal bases:

  • Contract: to provide the Service you request (accounts, cloud save, subscriptions)
  • Legitimate interests: to secure, maintain, and improve the Service, prevent fraud, and communicate about your account — balanced against your rights
  • Consent: where you opt in (e.g. optional communications or features that require consent)
  • Legal obligation: where we must comply with applicable law

You may have the rights listed above, including data portability and the right to lodge a complaint with your local supervisory authority (for example, your EU member-state data protection authority or the UK ICO). Contact privacy@ismartbase.com to exercise these rights.

Canada (PIPEDA) and Brazil (LGPD)

Users in Canada and Brazil may have rights of access, correction, deletion, and information about processing under PIPEDA and LGPD respectively. Contact us at privacy@ismartbase.com to exercise applicable rights.

12. Children

The Service is not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

13. International transfers

We are based in the United States. If you access the Service from outside the U.S., your personal information may be transferred to, stored in, and processed in the United States and other countries where we or our service providers operate. Those countries may have data-protection laws that differ from those in your jurisdiction and may not provide the same level of protection.

Our primary hosting and databases are located in the United States. Service providers that process data on our behalf (such as payment processors, email/SMS providers, and hosting partners) may also process data in the U.S. and other countries.

Where required by applicable law — including for users in the EEA, UK, and Switzerland — we rely on appropriate safeguards for international transfers, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK authorities
  • Data processing agreements with service providers that impose confidentiality and security obligations
  • Other lawful transfer mechanisms recognized under applicable law

By using the Service, you acknowledge that your information may be transferred internationally as described in this Policy. If you do not agree, do not use the Service. Contact privacy@ismartbase.com for more information about safeguards applicable to your region.

14. Changes

We may update this Policy at any time. We will post the revised version with a new “Last updated” date. Material changes may also be notified by email or in-product notice where appropriate. Continued use after changes constitutes acceptance.

15. Contact

Privacy questions and requests: privacy@ismartbase.com
General contact: comments page or legal@ismartbase.com

© ismartbase.com · Panel Spec Designer

Legal Terms & Conditions Privacy Policy