Privacy Policy

1. Introduction

BrikSnap ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect when you use BrikSnap, how we use it, who we share it with, and what rights you have over it. By using the Service, you agree to the practices described here.

2. Information We Collect

2a. Account Information

When you create an account, we collect your email address and a hashed password. We do not store plaintext passwords. Authentication is handled by Supabase (see Section 4).

2b. Library and Usage Data

When you save sets to your library, submit instruction links, or interact with features of the Service, we store the associated data (set identifiers, URLs, timestamps) linked to your account. This data is necessary to provide core features of the Service.

2c. Search Queries

When you perform a descriptive search, your search query is sent to OpenAI's API to generate a semantic embedding used to rank results. OpenAI may retain query data per their own data use policies. We do not store raw search queries on our own servers beyond the duration of the request.

2d. Photo Uploads for Set Identification

When you use the photo identification feature, your image is sent to Google Cloud Vision API for analysis and to Brickognize's API for set matching. Images are not stored on our servers after the identification request completes. Third-party services may retain data per their own policies.

2e. Private File Uploads

If you upload instruction files for private storage, those files are stored in a private, access-controlled storage bucket. They are not accessible to other users. File metadata (filename, upload date, associated set) is stored in our database linked to your account.

2f. Community Build Photos

When you submit a build photo to BrikSnap's community photo system, the following data is stored permanently in our database and file storage:

• The photo file itself, stored in Supabase file storage and publicly accessible to all visitors
• Your user ID, linked to the photo record
• The associated set ID and upload timestamp
• Vote counts and battle participation records if the photo enters a community photo battle

Community build photos are public by design and are not removed upon account deletion — see our Terms of Service (section 6c) for the full license terms. If a photo contains content that should not have been published (e.g., personally identifiable information submitted in error), contact us at legal@briksnap.com and we will review removal on a case-by-case basis.

2g. Technical Data

Like all web services, our hosting provider (Vercel) automatically collects standard server logs including IP addresses, browser type, referring URLs, and request timestamps. This data is used for security, debugging, and infrastructure purposes and is subject to Vercel's privacy policy.

2h. Analytics

We use Vercel Analytics to collect aggregated, anonymized page view and traffic data. Vercel Analytics does not use cookies and does not track individual users across sessions. No personally identifiable information is collected through analytics. See Vercel's privacy policy for details.

2i. Approximate Location (Region)

To set a sensible default currency and to provide regional context for community price data, we determine your approximate location at the country level from your IP address (using our hosting provider's geolocation header). We store the resulting country code and a default currency on your account profile. This is coarse, country-level information only — we do not access your device's GPS or precise location, and no browser location permission is requested. You can change your currency at any time in Settings, which overrides the detected default. We rely on our legitimate interest in providing a localized experience for this processing.

2j. Purchase Records and Price Reports

If you log a purchase ("price report") for a set or minifigure, we store the amount you paid, the currency, the purchase source and condition, the purchase date, and an optional region, linked to your account. Amounts are converted to a US-dollar equivalent using the exchange rate on the purchase date, for comparison purposes. You choose a visibility for each report:

• Private — visible only to you, for personal collection-spend tracking
• Community — contributed to BrikSnap's anonymized, aggregated community price dataset

Community price data is shared only in aggregate (for example, median, low, and high values across many users) and is never displayed in a way that identifies you — your identity and individual reports are not shown to other users. We may retain anonymized, aggregated community price data after account deletion, as it cannot be linked back to you.

3. How We Use Your Information

We use the data we collect to:

• Provide, operate, and maintain the Service
• Authenticate your account and secure your session
• Store and display your personal library
• Process search queries and photo identification requests
• Set a default display currency based on your approximate (country-level) location
• Track your personal purchase history and, where you choose, contribute anonymized data to community price insights
• Send transactional emails (account verification, password reset)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not use your data to serve targeted advertising. We do not sell your personal data to third parties.

4. Third-Party Services

BrikSnap uses the following third-party services to operate. Each has its own privacy policy and data handling practices:

5. Cookies and Local Storage

BrikSnap uses cookies and browser local storage for authentication session management (to keep you logged in). We do not use advertising cookies or third-party tracking cookies. If you block cookies, you will not be able to maintain a logged-in session, but guest browsing and searching will still work.

6. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account data (email, hashed password) — retained until account deletion
• Library data (saved sets, notes) — retained until you delete the items or your account
• Private uploaded files (instruction PDFs) — retained until you delete the files or your account
• Community build photos — retained permanently; not deleted upon account deletion (see section 2f)
• Approximate location and currency preference — retained on your profile until account deletion or until you change it
• Purchase records / price reports — retained until you delete them or your account; anonymized aggregate community price data may be retained after deletion (see section 2j)
• Server logs — retained by Vercel per their standard retention schedule
• Search queries — not retained on our servers (sent directly to OpenAI per request)

After account deletion, we may retain anonymized aggregate data (e.g., total number of saves for a particular set) that cannot be linked back to you.

7. Your Rights

Depending on where you are located, you may have rights under GDPR, CCPA, or other applicable privacy laws, including:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request your library data in a machine-readable format
• Objection — object to processing where we rely on legitimate interests
• Restriction — request that we restrict processing of your data

To exercise any of these rights, email us at legal@briksnap.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete the account and associated data. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

9. International Data Transfers

BrikSnap is operated from the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the United States and other countries where our service providers operate (including Supabase/AWS, OpenAI, Google Cloud, and Vercel). These countries may have different data protection laws than your home country. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email or by a prominent notice on the Service at least 14 days before the changes take effect. The "Effective" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

Privacy questions or requests? Contact us at legal@briksnap.com.