Privacy Policy

At Bubblybards, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform.

By using Bubblybards, you consent to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: Username, email address, password (encrypted)
• Profile Information: Display name, bio, profile picture, social links
• Content: Pages, comments, images, templates you create
• Payment Information: Handled by Stripe (we never see your full card details)
• Communications: Support emails, feedback, reports

1.2 Information We Collect Automatically

• Usage Data: Pages viewed, features used, time spent, clicks
• Device Information: Browser type, operating system, device type, screen resolution
• IP Address: For security, fraud prevention, and analytics
• Cookies: Authentication tokens, preferences, analytics (see Section 5)
• Log Data: Server logs (timestamps, errors, requests)

1.3 Information from Third Parties

• OAuth Login: If you sign in with Discord, Google, or GitHub, we receive your username, email, and profile picture from those services
• Payment Processor: Stripe provides us with subscription status and transaction metadata (not full card details)

2. How We Use Your Information

We use your information to:

2.1 Provide the Service

• Create and manage your account
• Store and display your content
• Process subscriptions and payments
• Enable comments, upvotes, and community features
• Send transactional emails (confirmations, password resets, etc.)

2.2 Improve the Platform

• Analyze usage patterns to improve features
• Fix bugs and optimize performance
• Develop new features based on user behavior

2.3 Security & Fraud Prevention

• Detect and prevent spam, abuse, and fraud
• Enforce our Terms of Service and Community Guidelines
• Investigate violations and respond to legal requests

2.4 Communication (with your consent)

• Product updates and feature announcements
• Weekly digest emails (if subscribed to tags)
• Marketing emails (you can opt out anytime)

2.5 Legal Obligations

• Comply with laws, regulations, and court orders
• Respond to DMCA takedown requests
• Cooperate with law enforcement when required

2.6 AI Generation & Context Processing

When you use our AI features, we collect and process additional data to generate content:

• Your prompts: The text you enter to generate AI content
• AI-generated output: The content the AI creates for you
• Context data: If you enable context-aware generation, we send your own page content (current/parent/sibling/child pages) to the AI
• Usage statistics: Credit consumption, generation success/failure rates, model used, generation time

Purpose of AI Data Collection:

• To generate the content you requested
• To improve AI accuracy and relevance over time
• To detect abuse and filter prohibited content (NSFW, copyrighted material)
• To enforce our Terms of Service and content policies
• To provide cached results for identical prompts (saves credits)

🔒 PRIVACY PROTECTION:

• We ONLY send YOUR OWN pages to the AI - never other users' private content
• Private pages remain private - context features only access pages you own and explicitly enable
• AI prompts are cached for 30 days - then permanently deleted (content remains in your pages)
• You control what context is shared - checkboxes let you enable/disable parent/sibling/child page context

Third-Party AI Provider (Anthropic):

• We use Anthropic's Claude 3.5 Sonnet for AI generation
• Your prompts and context are sent to Anthropic's API for processing
• Anthropic does NOT use your data to train their models (per their Enterprise Agreement)
• Anthropic's privacy policy: anthropic.com/privacy

AI Data Retention:

• Prompts & outputs: Cached for 30 days (for performance), then deleted
• Generated content: Stored in your pages until you delete them
• Credit usage records: Kept indefinitely (for billing and fraud prevention)
• Abuse logs: Filtered/blocked prompts kept for 90 days (for safety)

3. How We Share Your Information

We do not sell your personal information. We only share data in the following situations:

3.1 Public Content

Any content you mark as "public" (pages, comments, profile) is visible to all users and search engines. This includes:

• Your username and profile picture
• Public pages and comments
• Upvote counts and follower counts

3.2 Service Providers

We share data with trusted third-party providers who help us run the platform:

• Supabase: Database and authentication (hosted in the US)
• Cloudflare: Hosting, CDN, and DDoS protection
• Stripe: Payment processing and subscription management
• Resend: Transactional email delivery

These providers are contractually obligated to protect your data and only use it to provide their services to us.

3.3 Legal Requirements

We may disclose your information if required by law or to:

• Comply with court orders, subpoenas, or legal processes
• Enforce our Terms of Service
• Protect our rights, property, or safety (or that of our users)
• Respond to DMCA takedown requests
• Report illegal activity (e.g., CSAM, terrorism) to authorities

3.4 Business Transfers

If Bubblybards is acquired or merged with another company, your information may be transferred to the new owner. You'll be notified of any such change.

4. Data Retention

How Long We Keep Your Data:

• Account Data: Until you delete your account (plus 30 days for backups)
• Content: Until you delete it or your account is deleted
• Logs & Analytics: 90 days (for debugging and security)
• Payment Records: 7 years (required by tax laws)
• DMCA Reports: 3 years (required by law)

Deleting Your Account:

You can delete your account at any time from your settings page. When you delete your account:

• Your profile and content are removed within 24 hours
• Your data is permanently deleted within 30 days
• Cached copies may persist temporarily (e.g., search engines, CDN)
• Payment records are retained for tax compliance (7 years)

5. Cookies & Tracking Technologies

We use cookies and similar technologies to provide and improve our service.

5.1 What Are Cookies?

Cookies are small text files stored on your device that help us recognize you when you return to the site.

5.2 Types of Cookies We Use:

• Essential Cookies (Required):
  • Authentication tokens (keep you logged in)
  • Session management
  • Security and fraud prevention
• Preference Cookies (Optional):
  • Remember your settings (theme, language)
  • Store your layout preferences
• Analytics Cookies (Optional):
  • Track page views and usage patterns (anonymized)
  • Help us improve the platform

5.3 Managing Cookies:

You can control cookies through your browser settings:

• Block all cookies (this will break essential features like login)
• Delete existing cookies
• Allow cookies only from specific sites

Learn more: allaboutcookies.org

6. Your Rights (GDPR & CCPA)

6.1 For EU Users (GDPR)

If you are in the European Union, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Delete your account and data
• Right to Data Portability: Export your content in a machine-readable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Opt out of marketing emails and analytics
• Right to Withdraw Consent: Revoke consent at any time (e.g., unsubscribe from emails)

6.2 For California Users (CCPA)

If you are a California resident, you have the following rights:

• Right to Know: Request what personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out of Sale: We do not sell your data, so this doesn't apply
• Right to Non-Discrimination: We won't discriminate against you for exercising your rights

6.3 How to Exercise Your Rights:

To exercise any of these rights, contact us at:

• Email: hello@bubblybards.com
• Subject Line: "Privacy Rights Request"
• Include: Your username, email, and which right you're exercising

We will respond within 30 days.

7. Security

We take security seriously and use industry-standard measures to protect your data:

Our Security Measures:

• Encryption: HTTPS/TLS for all data in transit
• Password Security: Passwords are hashed using bcrypt (we never see your password)
• Two-Factor Authentication: Available via Supabase
• Access Controls: Only authorized personnel can access sensitive data
• Regular Backups: Daily backups stored securely
• DDoS Protection: Cloudflare protects against attacks
• Security Audits: Regular vulnerability scans

⚠️ No system is 100% secure. If you believe your account has been compromised, change your password immediately and contact us at security@bubblybards.com.

8. Children's Privacy (COPPA)

Bubblybards is intended for users aged 13 and older. We do not knowingly collect personal information from children under 13.

If you are under 13: You may not use Bubblybards. If we discover that a user is under 13, we will delete their account immediately.

Parents: If you believe your child has created an account, contact us at hello@bubblybards.com and we will delete it.

9. International Data Transfers

Bubblybards is operated from [Your Country/Region]. If you access the platform from outside this region, your data may be transferred to and processed in:

• United States: Supabase (database), Stripe (payments), Cloudflare (hosting)
• European Union: Cloudflare edge servers

EU Users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission to protect your data when it's transferred outside the EU.

10. Third-Party Links

Bubblybards may contain links to external websites (e.g., Discord, Twitter, D&D Beyond). We are not responsible for the privacy practices of these sites.

We recommend reading the privacy policies of any third-party sites you visit.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified via email and a site-wide notice at least 30 days before taking effect.

Continued use of Bubblybards after changes take effect means you accept the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

• Email: hello@bubblybards.com
• Data Protection Officer: dpo@bubblybards.com
• General Support: hello@bubblybards.com

EU Representative (GDPR): If you are in the EU and have concerns about our data practices, you may also contact your local data protection authority.