Privacy Policy

1. Who we are

Bramblet is a personal dictionary app. This policy explains how we collect, use, and protect your data. For questions, contact us at privacy@bramblet.app.

2. Data we collect

Account data: email address, display name, and avatar URL (if you sign in with Google).

Content: dictionaries, entries, definitions, word links, usage examples, and any other content you create.

Collaboration data: email addresses of people you invite. Collaborators on a shared dictionary can see each other's email addresses.

Technical data: authentication session cookies. We do not use analytics, tracking, or advertising cookies.

3. How we use your data

We use your data to:

• Provide the service — store your dictionaries, authenticate you, display your content
• Send transactional emails — collaboration invitations
• Maintain security and prevent abuse

We do not sell your data, use it for advertising, or share it with data brokers.

4. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA) or UK, we process your data based on:

• Contract: processing necessary to provide the service you signed up for
• Legitimate interest: service security and abuse prevention
• Consent: optional features such as Google sign-in

5. Third-party services

We use the following services to operate Bramblet:

• Supabase — database, authentication, and file storage (privacy policy)
• Resend — invitation emails (privacy policy)
• Google — OAuth sign-in, when enabled (privacy policy)
• Vercel — hosting (privacy policy)

These services may process your data in countries outside your own. Where applicable, transfers are covered by standard contractual clauses or equivalent safeguards provided by these services.

6. Data sharing

Your data may be visible to others in these situations:

• Public links: if you enable a public link for a dictionary, its content is accessible to anyone with the URL
• Collaboration: collaborators on a shared dictionary can see each other's email addresses and display names
• Attribution: if enabled, entry creators' nicknames are visible within the dictionary

We do not share your data with anyone else, except where required by law.

7. Your rights

Depending on where you live (including under GDPR, Australian Privacy Principles, and US state privacy laws), you have the right to:

• Access your data
• Correct inaccurate data
• Delete your data and account
• Export your data — use the backup/download feature built into the app
• Withdraw consent for optional processing
• Lodge a complaint with your local data protection authority

To exercise any of these rights, contact us at privacy@bramblet.app.

8. Data retention

• Active account: your data is kept for as long as you use the service
• Deleted dictionaries: backups are retained for up to 30 days, then permanently removed
• Account deletion: all your data is removed within 30 days of your request

9. Cookies

Bramblet only uses essential cookies for authentication (keeping you signed in). We do not use analytics, tracking, or advertising cookies. Because these cookies are strictly necessary for the service to function, no consent banner is required.

10. International data transfers

Your data is processed by our third-party service providers, which may operate infrastructure outside your country. For users in the EEA, UK, or Australia, these transfers are protected by standard contractual clauses and equivalent safeguards maintained by our providers.

11. Children

Bramblet is not directed at anyone under 18 years of age. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. Changes to this policy

We may update this policy from time to time. The “last updated” date at the top will reflect changes. For material changes, we will notify you via email or an in-app notice.