Privacy policy

Last updated: May 3, 2026

What this site is

bromaids.com is a public playground for the open-source bromaid diagram DSL. You can paste DSL source into the editor and the page renders it to SVG. The playground is a static Next.js site with a single API route that performs the render.

What we collect

Diagram source you type into the editor is sent to our render endpoint (/api/render) over HTTPS and processed in memory. We do not persist diagram source on disk and we do not associate it with you.

Analytics: if — and only if — you click Accept analytics in the consent banner, we load PostHog and capture anonymous product-usage events: page views, render success / failure (counts and durations only — never the diagram source), and your selected mode/background. PostHog sets its own cookies (ph_*) so it can recognise the same anonymous browser across visits.

Server logs: our hosting provider may log the IP address and user-agent of requests for the purpose of operating and securing the service. These logs are not used for analytics.

Cookies we set

bromaid_consent — first-party, stores your consent choice (granted / denied) and a timestamp. Lasts ~13 months.
ph_* — PostHog's anonymous identifier cookies. Only set after you accept analytics. Removed when you decline or reset your choice.

Your choices

You can change your mind at any time using the controls below. Declining or resetting your choice immediately stops new analytics events and clears the PostHog identifier from this browser.

Analytics: no decision yet

Legal basis (GDPR)

We rely on your consent (Art. 6(1)(a) GDPR) for analytics cookies and events. Operating the render endpoint and securing the service relies on our legitimate interests (Art. 6(1)(f) GDPR) in providing and protecting the playground.

Data retention

Diagram source: not persisted; processed in memory and discarded after the response.
Server logs: retained by our hosting provider for up to 30 days, then rotated.
Analytics events (PostHog): retained for up to 12 months, then aggregated or deleted.
Consent cookie (bromaid_consent): up to ~13 months, or until you reset it.

Processors

We share limited data with the following third parties so the site can function:

Vercel Inc. — hosting and edge delivery (request logs, IP, user-agent).
PostHog Inc. — product analytics (only after you accept analytics).

International transfers

Our processors may handle data outside the EEA / UK (primarily the United States). Transfers rely on the EU Standard Contractual Clauses and equivalent safeguards published by each provider.

Your rights

Under GDPR / UK GDPR you have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. Under CCPA / CPRA you have the right to know, delete, correct, and opt out of the sale or sharing of personal information — we do not sell or share personal information. To exercise any right, email contact@bromaids.com. You also have the right to lodge a complaint with your local data protection authority.

Children

bromaids.com is not directed to children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

Changes to this policy

We may update this policy as the playground evolves. Material changes will be reflected in the “Last updated” date at the top of this page; significant changes will be announced in the repository.

Contact

Data controller: bromaid. For privacy questions, email contact@bromaids.com.