Privacy Policy

Last Updated: April 5, 2026

Effective: April 5, 2026

1. Introduction

Brick Party ("we," "our," or "us") is operated by Andrew Coffin, a sole proprietor based in Oregon, United States.

We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our LEGO set inventory management application (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect your email address, display name, and authentication provider identifier. If you sign up with Google, we receive your email address and display name via Google OAuth (using the openid, profile, and email scopes).

Payment Information

For paid subscriptions, our payment processor Stripe collects payment information. We do not store full credit card details on our servers; we only retain metadata such as your subscription tier and status.

Inventory Data

We store LEGO set numbers, part quantities, and collection preferences.

Identify Feature (Images)

When you use the "Identify" feature, we transmit the image you provide to Brickognize for processing. We do not permanently store these images on our servers.

Usage Information

We collect information about search queries and feature usage counts to enforce tier quotas and improve the application. We use PostHog for anonymous, cookieless product analytics. This collects page views, feature usage events, and basic device information (browser type, screen size). No persistent identifiers or cookies are used for analytics purposes.

3. How We Use Your Information

  • Provide and maintain the inventory tracking service
  • Sync your data across devices when signed in
  • Manage your subscription and process payments via Stripe
  • Send occasional service communications about new features and important updates to the Service
  • Analyze anonymous usage patterns to improve the application
  • Enforce fair use quotas and subscription tier limits
  • Respond to support requests
  • Prevent fraud and abuse

Service Communications

From time to time, we may send you emails about new features, product updates, and important changes to the Service. These are service communications, not marketing — we do not send promotional offers, discounts, or upsell emails.

You can opt out of service communications at any time by clicking the unsubscribe link included in any such email. Opting out will not affect transactional emails required for your account (such as password resets, billing notices, or security alerts).

4. Data Storage and Security

Your data is stored securely using industry-standard encryption. We use Supabase (PostgreSQL) for server-side storage and IndexedDB for local browser storage. Anonymous users' data is stored only locally and is never transmitted to our servers.

5. Third-Party Services

We use the following third-party services:

  • Supabase — Authentication and data storage
  • Stripe — Subscription management and payment processing
  • PostHog — Anonymous product analytics
  • Sentry — Error monitoring and reporting
  • Vercel Analytics — Page view and performance metrics
  • Vercel Speed Insights — Core Web Vitals monitoring
  • Rebrickable — LEGO catalog data
  • BrickLink — Pricing and minifigure data
  • Brickognize — Part identification processing

Each service has its own privacy policy governing the use of your information.

6. Your Data Rights

GDPR Rights (EU Users)

You have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (right to be forgotten)
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time
  • Lodge a complaint with your local supervisory authority

CCPA Rights (California Residents)

You have the right to:

  • Know what personal information is collected
  • Delete personal information
  • Opt-out of sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising privacy rights

All Users

You can:

  • Delete your account and all associated data via account settings
  • Export your data through account settings
  • Contact us for any other data rights request

7. Cookies and Tracking

  • We use essential cookies for authentication and session management.
  • We use local storage (IndexedDB) to cache catalog data and store your inventory preferences locally.
  • PostHog operates in cookieless mode (memory-only persistence, no persistent identifiers).
  • We do not use third-party advertising cookies or tracking pixels.

8. Data Retention

  • Account data is retained until you delete your account. We do not automatically purge inactive accounts.
  • Group session data (Search Party): ended sessions and participant records are deleted 30 days after the session ends.
  • Pricing observations: deleted after 180 days.
  • Usage counters: deleted when the tracking window expires.
  • Webhook events: deleted 30 days after processing.
  • Anonymous users: all data is stored locally in your browser (IndexedDB) and is never transmitted to our servers.

9. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify affected users via email within 72 hours of discovering the breach.

10. International Data Transfers

Our services (Supabase, PostHog) are hosted in the United States. If you access the Service from outside the United States, your data may be transferred to and stored in the United States.

11. Do Not Track

We do not currently respond to Do Not Track browser signals. However, our analytics operate in cookieless mode and do not persistently track users across sessions.

12. Artificial Intelligence

We do not use your personal data or inventory data to train machine learning or artificial intelligence models.

13. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we have collected information from your child, please contact us.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" and "Effective" dates.

15. Contact Us

If you have questions about this Privacy Policy, please contact us through the feedback form in your account settings.

LEGO® is a trademark of the LEGO Group. Rebrickable® is a trademark of Rebrickable Pty Ltd. BrickLink® is a trademark of BrickLink Corporation (LEGO Group). This application is not affiliated with, sponsored by, or endorsed by any of these companies.

Privacy Policy — Brick Party