← Back to Bubblist

Privacy Policy

Last Updated: October 29, 2025

1. Introduction

Welcome to Bubblist ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our mobile application and services (collectively, the "Service").

By using Bubblist, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information You Provide

Account Information:

  • Email address (required for account creation and authentication)
  • Username/handle (your unique identifier on Bubblist)
  • Account preferences (notification settings, privacy settings)

Content You Create:

  • Grocery lists and shopping lists you create
  • Items you add to lists (product names, quantities, notes)
  • Comments and notes on shared list items
  • Tags and categories you assign to items

Collaborative Data:

  • Group memberships and roles (admin/member)
  • Invitations sent and received
  • Delete requests and responses on shared items

2.2 Automatically Collected Information

Device Information:

  • Device type (iOS/Android)
  • Operating system version
  • Device identifiers for push notifications
  • App version

Usage Information:

  • Lists you view and interact with
  • Features you use
  • Time and frequency of use
  • Error logs and crash reports

Network Information:

  • IP address
  • Connection type

2.3 Information from Third Parties

We do not collect information from third-party authentication providers. Authentication is handled exclusively through magic links sent to your email address.

3. How We Use Your Information

We use your information to:

3.1 Provide and Improve Services

  • Create and manage your account
  • Enable you to create and share grocery lists
  • Facilitate real-time collaboration on shared lists
  • Send push notifications for list updates and activity
  • Display public lists in the community feed
  • Provide customer support

3.2 Communication

  • Send authentication emails (magic links for sign-in and verification)
  • Send notifications about list activity (when enabled)
  • Respond to your inquiries
  • Send important service updates

3.3 Analytics and Improvement

  • Analyze usage patterns to improve features
  • Monitor app performance and fix bugs
  • Calculate engagement scores for public lists
  • Track list views and popularity

3.4 Security and Compliance

  • Prevent fraud and abuse
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect our users' safety

4. How We Share Your Information

4.1 With Other Users

Public Lists:

If you make a list public, the following is visible to all users:

  • List name and items
  • Your username (not email)
  • Activity timestamps
  • Notes (if you enable public notes)

Private Lists:

  • Only visible to invited group members
  • Members can see all list content and activity

Your Profile:

  • Your username is visible to users who share lists with you
  • Your email is never shared with other users

4.2 Service Providers

We share information with trusted third parties who help us operate:

Hosting and Infrastructure:

  • Railway (backend hosting)
  • Database hosting providers
  • Redis cache providers

Email Service:

  • Resend (for authentication emails)
  • We only share your email address for delivery purposes

Push Notifications:

  • Expo Push Notification Service
  • We share device tokens and notification content

Analytics (if implemented):

  • We may use analytics services to understand app usage

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or subpoenas
  • Government requests
  • Protection of our rights and safety
  • Investigation of fraud or security issues

4.4 Business Transfers

If Bubblist is acquired or merged, your information may be transferred to the new owner.

5. Data Retention

Account Data:

  • Retained while your account is active
  • Deleted within 30 days of account deletion

List Data:

  • Retained while the list exists
  • Deleted when the list creator deletes the list

Notifications:

  • Automatically deleted after 30 days

Backups:

  • May be retained in backups for up to 90 days

6. Your Rights and Choices

6.1 Access and Control

Account Settings:

  • Update your username and email
  • Enable/disable push notifications
  • Set default privacy for new lists
  • Delete your account

List Privacy:

  • Make lists private or public
  • Control who can view list notes
  • Remove members from your lists
  • Leave lists you've been invited to

6.2 Data Rights

Depending on your location, you may have rights to:

  • Access: Request a copy of your data
  • Correction: Update inaccurate information
  • Deletion: Request deletion of your account
  • Portability: Receive your data in a portable format
  • Object: Object to certain processing activities

To exercise these rights, contact us at: support@bubbli.st

6.3 Communication Preferences

Email:

  • Authentication emails cannot be disabled (required for security)
  • Marketing emails can be unsubscribed (if we add them)

Push Notifications:

  • Can be disabled in app settings
  • Can be disabled in device settings

7. Security

We implement security measures to protect your information:

Technical Safeguards:

  • Encryption in transit (HTTPS/TLS)
  • Encrypted database connections
  • Secure authentication tokens (JWT)
  • Rate limiting to prevent abuse

Access Controls:

  • Password-free authentication (magic links)
  • Role-based access for list permissions
  • Automatic session expiration

Operational Security:

  • Regular security audits
  • Prompt security patch deployment
  • Secure development practices

Note: No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Children's Privacy

Bubblist is not intended for children under 13 (or 16 in the EU). We do not knowingly collect information from children. If you believe a child has provided us with information, please contact us at support@bubbli.st and we will delete it promptly.

9. International Data Transfers

Your information may be transferred to and stored on servers located outside your country. By using Bubblist, you consent to such transfers. We ensure appropriate safeguards are in place.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to Know:

  • Categories of personal information collected
  • Sources of personal information
  • Business purposes for collection
  • Third parties we share with

Right to Delete:

  • Request deletion of your personal information

Right to Opt-Out:

  • We do not sell your personal information

Non-Discrimination:

  • We will not discriminate for exercising your rights

To exercise these rights, email: support@bubbli.st

11. European Privacy Rights (GDPR)

If you are in the EU/EEA, you have additional rights:

Legal Basis for Processing:

  • Contract performance (providing the Service)
  • Legitimate interests (improving the Service)
  • Consent (marketing communications, if applicable)

Additional Rights:

  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to lodge a complaint with supervisory authority

Data Controller:

Bubblist
Email: support@bubbli.st

12. Cookies and Tracking

We Do Not Use Cookies in the mobile app.

We May Use:

  • Local storage for authentication tokens
  • Session identifiers for API requests
  • Device identifiers for push notifications

Third-Party Tracking:

  • We do not use third-party advertising or tracking

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the new policy.

We will notify you of material changes via:

  • In-app notification
  • Email to your registered address

14. Contact Us

If you have questions about this Privacy Policy, please contact us:

Email: support@bubbli.st
Website: https://bubbli.st

15. Data We Do NOT Collect

To be transparent, we do NOT collect:

  • Payment information (the app is free)
  • Precise geolocation
  • Photos or camera access (unless you explicitly grant it for future features)
  • Contacts from your device
  • Biometric data
  • Social media activity outside our app
  • Browsing history
  • Purchase history from other sources

16. Your Data, Explained Simply

What we need to make the app work:

  • Email (to verify it's you)
  • Username (your identity in the app)
  • Lists and items (the core content)

What we collect to improve your experience:

  • Device info (to send notifications)
  • Usage patterns (to make the app better)

What we never do:

  • Sell your data
  • Show you ads based on your data
  • Share your email with other users
  • Track you across other apps or websites

This privacy policy is effective as of October 29, 2025.

© 2025 Bubblist. All rights reserved.

HomePrivacy PolicyTerms of Service