Privacy Policy
Effective August 28, 2025
This Privacy Policy explains how Bredbox ("Bredbox", "we", "us", or "our") collects, uses, and shares information when you visit our website or use any of our applications, browser extensions, or related services (collectively, the "Bredbox Services"). We are building a link saving and reading tool focused on simplicity, reliability, and respecting user privacy.
We want you to clearly understand what data we collect, why we collect it, and the choices you have. If you do not agree with this policy, you should not use the Bredbox Services.
1. User Accounts & Information You Provide
You may browse the public portions of Bredbox without registering. Creating an account is required to save links or access personalized features. Account creation is performed exclusively via OAuth (currently Google and GitHub). We do not support email/password signup. From the OAuth provider we store the email address, the provider‑supplied name (used as your display name), the provider username/handle, and the avatar URL. If the provider omits a name we do not generate a fallback at this time. No other profile fields are collected.
We do not collect postal addresses, phone numbers, government identifiers, or payment card numbers. (Planned paid features are not yet active; when they launch payments will be handled by Stripe and card data will not be stored on Bredbox servers.)
Waitlist. If you join the waitlist prior to creating an account, we collect only your email address (stored in our Kit mailing list) after a confirmation (double opt‑in) email. Waitlist emails are retained indefinitely until you unsubscribe or convert to an account. We do not send product update/marketing emails to waitlist addresses—only the confirmation and any future invite. If you unsubscribe before receiving an invite, you will not receive an invite email unless you re‑subscribe.
Account deletion. When you delete your account we fully purge your email (no suppression list retained for that address) subject to brief backup cycling and security/legal obligations described elsewhere.
2. Information Collected When Using Bredbox
When you save a URL, we store the canonical URL plus extracted metadata: title, description/summary, site name, favicon, normalized content attributes, full article text (parsed for reader mode), estimated reading time, language detection result, and a content hash used for deduplication. We also record the timestamp of save and any organizational data you apply.
Organizational features: tags are available now; collections and highlights are planned future features and not yet active. Once launched, highlights will store the selected text segments and associated metadata (e.g., position). Collections will group saved items under user-defined labels.
Usage & state events we currently store: save (create), delete, archive, and tag edits (add/remove). We do not presently store scroll position or detailed read progress metrics. Additional sync events may be added if future features (e.g., highlights) require them.
External requests during content processing: we fetch the page you save directly from the origin site. We do not send saved URLs to third‑party parsing or enrichment APIs. The only ancillary third‑party request related to saved items is loading the OAuth provider avatar image (Google or GitHub) when rendering your profile/avatar in the UI.
Use of extracted content: the full text and derived metadata (reading time, language, content hash) are used to display a reader-friendly version to you and to support internal relevance ranking, trending and popularity aggregation (e.g., most-saved domains or frequently accessed items in aggregate). Aggregated outputs do not expose the underlying personal data or individual reading behavior.
We may log basic technical information: browser type, device type, operating system, preferred language, approximate time zone, and IP address at time of request in short‑term server logs for security and abuse prevention. These logs are retained for 30 days and then deleted or irreversibly aggregated.
Failed fetch diagnostics (e.g., HTTP status codes, timeout indicators) are tracked only in aggregate operational logs and are not stored as a per-user history beyond the 30‑day security log window.
We do not collect mobile advertising identifiers or precise geolocation. We do not perform behavioral ad tracking. If this changes, we will update this policy before enabling such features.
3. Cookies & Local Storage
We use essential Supabase authentication cookies (httpOnly, first‑party) to keep you signed in and protect your account. These persist only while your session remains active (renewed automatically when you interact, subject to provider defaults). We do not currently store any user preferences (theme, dismissals, feature flags) in local storage or additional cookies. We do not set third‑party advertising or social media tracking cookies, and we do not use separate CSRF or additional security cookies beyond what Supabase sets.
Planned analytics (if adopted) will be privacy‑respecting and cookieless. Should we ever introduce optional analytics or personalization technologies that set non‑essential cookies, we will update this section and provide a clear choice mechanism before activation.
4. How We Use Information
- Provide, maintain, and improve the Bredbox Services.
- Render saved content metadata and facilitate search, filtering, and organization.
- Sync your saves across browsers or devices you sign in from.
- Detect abuse, spam, fraud, or security threats.
- Communicate service updates, invitations, onboarding guidance, or policy notices.
- Plan new features using aggregated, de‑identified usage metrics.
We do not sell your personal information. We do not use your saved content to build advertising profiles.
We currently provide only aggregate trending/popularity insights (e.g., frequently saved domains) and do not perform individualized recommendation or personalization algorithms. We do not train external machine learning models on your saved content, and we do not manually repurpose your saved items for unrelated product testing beyond aggregated, de‑identified analysis.
Future personalization: We plan to introduce optional personalized recommendations within the next 12 months. If and when this launches, we will update this Policy to describe the signals used (e.g., your saved domains, tags) and provide controls to opt out of personalization while retaining core features.
5. When We Share Information
We share personal information only in these situations:
- Service providers (current):
- Supabase – hosting, database, authentication, and object storage (data residency per chosen Supabase region).
- Cloudflare – DNS, edge network, and edge functions/workers used for performance and secure content delivery.
- Kit – waitlist and mailing list management for double opt‑in email collection.
- Resend – transactional email delivery (e.g., account notices).
- Planned providers: Stripe (payments) – not yet active. This policy will be updated before Stripe begins processing your data.
- User-directed sharing: We do not currently offer a feature to publicly share saved content or make user profiles public. If we add optional sharing in the future, it will be opt‑in and documented here before launch.
- Legal and safety: To comply with law, enforce terms, or protect rights, property, or safety.
- Business transfer: In connection with a merger, acquisition, or asset sale, subject to continued protection obligations.
- Aggregate / de‑identified data: We may publish non-identifying statistics (e.g., most-saved domains) that cannot reasonably identify an individual.
We do not provide bulk access to saved content to advertisers or data brokers.
6. Data Retention
We retain account data while your account is active. When you delete a saved item it is removed from the primary datastore immediately; only point‑in‑time encrypted backups may still contain historical copies until those backups expire.
Backups: database and object storage backups are encrypted at rest and retained on a rolling 7‑day window, after which they are automatically purged. We do not create separate long‑term archives.
Account deletion: when you request deletion we queue your personal data and all saves for purge and complete the live data removal within 7 days, except where a longer period is required by law or for an active fraud/security investigation. After live deletion, only encrypted backup replicas (within the same 7‑day backup window) may still contain residual data until they age out; we do not otherwise retain hashes or anonymized references to your email once backups have cycled.
Operational security logs (described earlier) follow their own 30‑day retention and then are deleted or de‑identified; these logs do not retain full saved content.
7. International Transfers
We currently host primary application infrastructure (database, authentication, object storage) in us-east-1 via Supabase. Object storage resides in the same region. By using the service, your information may be transferred to and processed in the United States (and in any other country where our service providers operate infrastructure).
Cloudflare’s global edge network caches static assets (JavaScript, CSS, images) and may transiently cache certain API responses that can include saved item metadata or minimal profile fields to improve latency. Edge cache entries are short‑lived and governed by standard cache controls; we do not intentionally push full raw saved article text into edge cache beyond what is required for normal HTTP responses you request.
For transfers from the European Economic Area (EEA), the United Kingdom, or Switzerland to the United States, we rely on the Standard Contractual Clauses (and UK addendum where applicable) incorporated in our providers’ Data Processing Addenda (e.g., Supabase, Cloudflare, Resend, Kit). Where provider participation in additional adequacy frameworks (such as the EU‑US Data Privacy Framework) is unknown or variable, we default to the SCCs plus technical safeguards (encryption in transit and at rest, access controls, least privilege).
We are evaluating offering an EU data residency option in the future but have not yet committed to a timeline. This section will be updated if regional hosting choices change.
8. Security
We apply reasonable technical and organizational safeguards: encrypted transport (HTTPS), provider‑managed encryption at rest for all primary data stores (Supabase database and object storage), enforced Row Level Security (RLS) policies on user data tables, and strict access limitation (a single administrative account with least‑privilege credentials). No application‑level (field‑level) encryption is currently layered on top of provider encryption.
Production access is restricted to one admin; credentials are stored securely and rotated as needed. RLS ensures that queries executed through the standard application context are automatically scoped to the authenticated user.
Vulnerability management: we track upstream dependency advisories informally and apply urgent security updates as they become available, but we have not yet implemented a formal periodic scan or SLA (target practice will be to patch high‑severity issues promptly once detected). This section will be updated as our process matures.
No system is perfectly secure; we cannot guarantee absolute protection. If we become aware of a data breach affecting your personal information, we will notify you and relevant authorities as required by applicable law.
9. Phishing & Account Safety
We will not request your password or authentication codes via unsolicited email. Always verify the domain before entering credentials. Report suspicious messages to the contact email below.
10. Your Choices & Controls
- Access & export: A self‑service export feature is not yet available; our target is to launch this by December 2025. Planned export will include your saved links and associated metadata in a portable, open format (e.g., JSON or CSV). This section will be updated when the feature ships.
- Update: Edit account profile details from settings.
- Delete items: Remove individual saves at any time.
- Account deletion: An in‑app self‑service delete account control is planned within the next 3 months. Until then, request full deletion by emailing the address below.
- Email preferences: A single unsubscribe link is provided in any non‑essential email. Critical service or legal notices may still be sent.
- Do Not Track: We do not currently respond to DNT signals beyond limiting tracking already described (no third-party ads).
11. Children
Bredbox is not directed to children under 13 and we do not knowingly collect personal information from them. If you are a parent or legal guardian and believe a child under 13 has provided us personal data, contact us and we will delete the information. We honor verified parental/guardian deletion requests.
We do not perform active age verification beyond this policy; if we become aware that we have collected personal information from a child under 13, we will take steps to remove it promptly.
12. Changes to this Policy
We may update this Privacy Policy to reflect changes in our practices or legal requirements. If changes are material, we will notify active account holders via email before the revised policy takes effect (no fixed minimum lead time, but prior to the effective date). Continued use after the effective date constitutes acceptance of the revised policy.
We will maintain an accessible archive or changelog of prior versions so you can see how the Policy has evolved over time.
13. Contact Us
Questions or requests regarding this policy may be sent to: support@humanwhocodes.com or by mail to:
Human Who Codes LLC230 Independence Way STE 1 PMB 1094
Danvers, MA 01923
USA
We respond to privacy inquiries within a reasonable timeframe consistent with applicable laws. We do not currently appoint a Data Protection Officer or EU/UK representative; this section will be updated if that changes.
This document is provided for transparency while the product is in early access and may evolve prior to public launch.