Privacy Policy

Last Updated: May 4, 2025

This Privacy Policy describes how Nick Brueggeman ("I", "me", or "my") collects, uses, and discloses your information when you use the `bruegs.com` website and its AI interaction services (the "Service").

1. Information I Collect

• Account Information: When you authenticate using the third-party provider, Auth0 (e.g., via Google Login), I receive your unique User ID (sub claim), email address, and name as provided by Auth0 based on the permissions you grant during signup/login.
• Subscription Information: If you subscribe to the premium tier, the third-party payment processor, Stripe, handles your payment details directly. I receive information from Stripe necessary to manage your subscription, such as your Stripe Customer ID, Subscription ID, and current subscription status (e.g., 'active', 'canceled'). This information is stored linked to your User ID in my database (Google Cloud Firestore). I do not directly collect, receive, store, or process your credit card number, bank account details, or other raw payment instrument information.
• Usage Data: For users accessing features subject to usage limits (like a free tier), I store an aggregated count of specific actions (e.g., AI prompts submitted - usageCount) associated with your User ID in the database (Firestore) solely for the purpose of enforcing those limits.
• AI Interaction Data (Prompts & Responses): The content of your prompts and the AI-generated responses are transmitted to the relevant AI models (hosted on Google Cloud Vertex AI) for processing to provide the Service. This interaction data is not stored long-term by me or associated with your account in the database, beyond what is necessary for the immediate request/response cycle and any temporary session history managed within your browser by the application during your active session.
• Cookies: A necessary session cookie (myapp_session) managed by the `iron-session` library is used to securely maintain your login state after authentication via Auth0. This cookie contains encrypted session data including your User ID and is essential for the site's authenticated features to function. Auth0 may also set its own cookies as part of its authentication process according to its own policies. Third-party tracking or advertising cookies are not used.

2. How I Use Your Information

• To provide, operate, and maintain the Service (including authenticating you, controlling access based on subscription status, and enforcing usage limits).
• To manage your account and subscription status via interactions with Stripe (e.g., initiating checkout, providing access to the Stripe customer portal).
• To communicate with you if you contact me for customer support or regarding essential service updates.
• To monitor overall service health, diagnose technical problems, and prevent fraud or abuse.
• To comply with applicable legal obligations.

3. Data Storage and Security

• Your User ID, associated Stripe IDs, subscription status, and usage count (if applicable) are stored in Google Cloud Firestore, hosted within Google Cloud's secure infrastructure.
• I rely on the security measures implemented by infrastructure and service partners (Google Cloud Platform, Netlify, Auth0, Stripe).
• Payment processing is handled entirely by Stripe, which adheres to the Payment Card Industry Data Security Standard (PCI DSS).
• While I strive to use commercially acceptable means to protect your information, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

4. Third-Party Services

The Service utilizes the following essential third-party services. Please review their respective privacy policies:

• Stripe: Payment processing (Stripe Privacy Policy)
• Auth0: User authentication (Auth0 Privacy Policy)
• Netlify: Website hosting, serverless functions (Netlify Privacy Policy)
• Google Cloud Platform (GCP): Backend hosting (Cloud Run), database (Firestore), AI models (Vertex AI) (Google Cloud Privacy Notice)

5. User Rights

Depending on your jurisdiction, you may have certain rights regarding your personal data, such as rights to access, correct, or request deletion. You can typically manage your subscription details directly via the Stripe customer portal using the "Manage Subscription" link within the service when logged in. To request access to or deletion of your account information stored directly by me (User ID, linked Stripe IDs, subscription status, usage count), please contact me at nicholasbrueggeman@gmail.com.

6. Policy Changes

I may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

7. Contact

If you have any questions about this Privacy Policy, please contact me at nicholasbrueggeman@gmail.com.