Policy note

Local-first privacy explained as operating rules

A narrower documentation page that explains how image handling, export behavior, and future remote features should be communicated.

The homepage should not carry operational disclosure copy. This page does that job instead, with a document layout focused on what users need to know about image handling, export generation, and any future storage layer.

Operating principles

Default to browser-side work

If the image can stay client-side for the normal workflow, say so plainly and keep the implementation consistent with that promise.

Document optional remote paths separately

If uploads or sharing links are introduced later, explain provider, retention, and deletion behavior before shipping them.

Keep operational disclosures here

Analytics, error tracking, and abuse controls belong on the privacy page so the tool surface can stay focused.

Local-first image handling

The main editor is designed so portrait images can stay in the browser while you crop, frame, and export them. That keeps the default experience simple and better suited for campaign art, client commissions, and private homebrew material.

Export behavior

PNG export is generated from the editor state on the client side. If you are only using the local workflow, the normal download action does not require the site to store your portrait image on a server.

Optional remote upload model

The product requirements already describe upload as an adapter layer. If you later enable remote storage, document the storage provider, retention policy, and share-link behavior before turning it on in production.

Analytics and operations

If you add analytics, error tracking, or rate limiting in production, keep those disclosures in this page so the operational detail stays easy to find when users need it.

Keep moving

Do something useful after reading

Privacy pages should clarify trust, then get out of the way. These are the three best paths back into the product.