Privacy Policy

Account information. When you sign up, we collect your email address, a hashed password (we never store passwords in plain text), display name, and the role you select (brand or creator).

Authentication via Google.If you sign in with Google, we receive only the basic OpenID Connect data: a stable Google user identifier (“sub”), your email address, and your public profile information (name and profile picture URL). We request the openid, email, and profilescopes only. We use this data solely to create and manage your Bread&Barter account, in accordance with the Google API Services User Data Policy, including its Limited Use requirements (see section 3).

Profile and listing content. Information you choose to add to your profile (bio, social handles, location, cover photo, avatar), listings you create (title, description, images, category, location, slots, credits), reviews you leave, and any other content you submit through the Service.

Messages and deal proposals. The content of any messages, deal proposals, or completion-proof submissions you exchange with other users on the platform. These are visible to the other party in the conversation and to our staff only as necessary for security, fraud prevention, or to respond to a support request you have raised.

Billing data.If you initiate a Pro subscription, we collect a Stripe customer ID and subscription metadata returned by Stripe. We do not collect or store payment card numbers, CVCs, expiry dates, or bank account information — these are handled directly by Stripe under their own privacy policy.

Communications. Records of your correspondence with us, including support requests and email replies.

Automatic data. IP address, browser type, device type, operating system, referring URL, pages visited, and timestamps. We use server logs and hosting-platform metrics for security, debugging, and abuse prevention.

Cookies. We use first-party cookies strictly necessary to keep you signed in (Supabase session cookies). We do not run third-party analytics, advertising, or tracking cookies.

We use the information we collect to:

• Provide, operate, and maintain the Service, including matching brands and creators, routing messages, and tracking collab status.
• Process Pro subscription payments via Stripe.
• Send transactional emails (account confirmation, welcome email, deal-accepted notification, password reset).
• Detect, investigate, and prevent fraud, abuse, spam, and violations of our Terms of Service.
• Respond to your questions, feedback, or support requests.
• Comply with legal obligations and enforce our agreements.
• Improve the Service, including diagnosing technical issues and analysing aggregated, de-identified usage trends.

We do not sell your personal data. We do not use your personal data to train any machine-learning model, our own or any third party’s. We do not share your data with advertisers.

When you sign in with Google, our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, we:

• Use Google user data only to provide the user-facing features of Bread&Barter.
• Do not transfer Google user data to third parties except as necessary to provide or improve those features, comply with applicable law, or as part of a merger, acquisition, or sale of assets (with appropriate notice to users).
• Do not use Google user data for serving advertisements.
• Do not allow humans to read Google user data unless we have your explicit consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or where the data has been aggregated and anonymised.

With other users. Information on your public profile (display name, avatar, bio, role, social handles, average rating, listings), listings, and reviews are visible to other users. Messages and deal proposals are visible to the other party in the conversation. Contact numbers are stored privately and are never shown to other users.

With service providers. We share data with providers who operate the Service on our behalf:

• Supabase — managed database, authentication, file storage, and realtime, hosted in Singapore.
• Stripe — subscription billing and payment processing.
• Vercel — web hosting and content delivery.
• Resend — transactional email delivery.
• Google — OAuth sign-in (only if you choose to use it).

These providers are contractually bound to handle data only as required to deliver their service to us, in line with applicable data-protection law.

For legal reasons.We may disclose information if required by law, court order, valid subpoena, or other lawful government request, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Bread&Barter, our users, or the public.

Business transfers. If we are involved in a merger, acquisition, restructuring, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any material change to this policy.

The Service is hosted on Vercel’s global edge network. Our primary database and file storage are operated by Supabase in Singapore (ap-southeast-1). Stripe processes payments in jurisdictions appropriate to your billing region. Resend stores transactional email logs in the European Union or the United States depending on its configuration.

If you access the Service from outside Singapore, your information may be transferred to, stored, and processed in Singapore or other countries whose data-protection laws may differ from your own. By using the Service you consent to such transfers.

We retain personal data for as long as your account is active and for as long as needed to provide you with the Service. If you delete your account, we delete or anonymise your personal data within 30 days, except where we are required to retain it longer to (a) comply with legal, accounting, or tax obligations, (b) resolve disputes, (c) enforce our agreements, or (d) prevent fraud or abuse.

Some content (for example, reviews you have left for other users) may persist on the platform in anonymised form so as not to disrupt the integrity of public records.

We protect your data using industry-standard measures including TLS encryption in transit, encryption at rest in our database and storage providers, row-level security (RLS) policies enforced at the database layer, scoped access controls, and regular security reviews of our codebase.

No method of transmission or storage is 100% secure, however, and we cannot guarantee absolute security. If we become aware of a personal-data breach affecting you, we will notify you and the relevant authority in accordance with applicable law.

Depending on where you live, you may have the following rights with respect to your personal data:

• Access — request a copy of the personal data we hold about you.
• Correction — most of your data can be edited directly from the app; for anything else, contact us.
• Deletion — request deletion of your account and associated data, subject to the retention exceptions in section 6.
• Portability — request your data in a structured, machine-readable format.
• Restriction or objection — restrict or object to certain processing activities.
• Withdraw consent — withdraw any consent you have given, without affecting the lawfulness of processing prior to withdrawal.
• Complain— lodge a complaint with your local data-protection authority (e.g., the Personal Data Protection Commission of Singapore, your EU Data Protection Authority, the UK ICO, or the California Attorney General).

To exercise these rights, email hello@breadxbarter.com. We will respond within 30 days. We may need to verify your identity before acting on a request.

The Service is not directed to children under 18. We do not knowingly collect personal data from anyone under 18. If we learn we have collected data from a child under 18, we will delete it promptly. If you believe we may have data about a minor, contact us at hello@breadxbarter.com.

The Service may contain links to third-party websites (e.g., creators’ social profiles, brands’ storefronts). Those sites operate under their own privacy policies. We are not responsible for the content or practices of any third-party site.

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. For material changes, we will notify registered users by email or by prominent notice on the Service before the change takes effect.

Questions, requests, or complaints? Email us at hello@breadxbarter.com and we will respond as soon as we can.