Privacy Policy

1. Introduction

BrikSnap ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect when you use BrikSnap, how we use it, who we share it with, and what rights you have over it. By using the Service, you agree to the practices described here.

2. Information We Collect

2a. Account Information

When you create an account, we collect your email address and a hashed password. We do not store plaintext passwords. Authentication is handled by Supabase (see Section 4).

2b. Library and Usage Data

When you save sets to your library, submit instruction links, or interact with features of the Service, we store the associated data (set identifiers, URLs, timestamps) linked to your account. This data is necessary to provide core features of the Service.

2c. Search Queries

When you perform a descriptive search, your search query is sent to OpenAI's API to generate a semantic embedding used to rank results. OpenAI may retain query data per their own data use policies. We do not store raw search queries on our own servers beyond the duration of the request.

2d. Photo Uploads for Set Identification

When you use the photo identification feature, your image is sent to Google Cloud Vision API for analysis and to Brickognize's API for set matching. Images are not stored on our servers after the identification request completes. Third-party services may retain data per their own policies.

2e. Private File Uploads

If you upload instruction files for private storage, those files are stored in a private, access-controlled storage bucket. They are not accessible to other users. File metadata (filename, upload date, associated set) is stored in our database linked to your account.

2f. Technical Data

Like all web services, our hosting provider (Vercel) automatically collects standard server logs including IP addresses, browser type, referring URLs, and request timestamps. This data is used for security, debugging, and infrastructure purposes and is subject to Vercel's privacy policy.

2g. Analytics

We use Vercel Analytics to collect aggregated, anonymized page view and traffic data. Vercel Analytics does not use cookies and does not track individual users across sessions. No personally identifiable information is collected through analytics. See Vercel's privacy policy for details.

3. How We Use Your Information

We use the data we collect to:

• Provide, operate, and maintain the Service
• Authenticate your account and secure your session
• Store and display your personal library
• Process search queries and photo identification requests
• Send transactional emails (account verification, password reset)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not use your data to serve targeted advertising. We do not sell your personal data to third parties.

4. Third-Party Services

BrikSnap uses the following third-party services to operate. Each has its own privacy policy and data handling practices:

5. Cookies and Local Storage

BrikSnap uses cookies and browser local storage for authentication session management (to keep you logged in). We do not use advertising cookies or third-party tracking cookies. If you block cookies, you will not be able to maintain a logged-in session, but guest browsing and searching will still work.

6. Data Retention

We retain your data for as long as your account is active. Specifically:

• Account data (email, hashed password) — retained until account deletion
• Library data (saved sets, notes) — retained until you delete the items or your account
• Uploaded files — retained until you delete the files or your account
• Server logs — retained by Vercel per their standard retention schedule
• Search queries — not retained on our servers (sent directly to OpenAI per request)

After account deletion, we may retain anonymized aggregate data (e.g., total number of saves for a particular set) that cannot be linked back to you.

7. Your Rights

Depending on where you are located, you may have rights under GDPR, CCPA, or other applicable privacy laws, including:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate data
• Deletion — request deletion of your account and associated data
• Portability — request your library data in a machine-readable format
• Objection — object to processing where we rely on legitimate interests
• Restriction — request that we restrict processing of your data

To exercise any of these rights, email us at legal@briksnap.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

8. Children's Privacy

The Service is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has created an account, we will delete the account and associated data. If you are a parent or guardian and believe your child has provided us with personal data, please contact us.

9. International Data Transfers

BrikSnap is operated from the United States. If you are accessing the Service from outside the US, your data will be transferred to and processed in the United States and other countries where our service providers operate (including Supabase/AWS, OpenAI, Google Cloud, and Vercel). These countries may have different data protection laws than your home country. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify registered users by email or by a prominent notice on the Service at least 14 days before the changes take effect. The "Effective" date at the top of this page reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

11. Contact

Privacy questions or requests? Contact us at legal@briksnap.com.