Privacy Policy

1. Who we are

ParentsPick is operated by BGB ISLAND LLC ("we", "us"), the data controller for the personal data described below.

For privacy questions or to exercise the rights described in this policy, contact privacy@bgbisland.com.

2. Data we collect — at a glance

The summary below mirrors the "Data Collected" section of our App Store listing. The sections that follow explain each item in detail.

• Phone number — only if you create an account in the app
• Purchases — subscription status (no card data; payments handled by Apple)
• Crash data — automatic crash and error reports from the app
• Usage data — pages visited, scans performed, searches run, taps on key buttons
• Product interaction — which books you scan or search for, your saved preferences

We do not collect your name, email, address, contacts, photos, microphone, precise location, health data, or financial card details. We do not use iOS's advertising identifier (IDFA) and do not request App Tracking Transparency (ATT) permission.

3. When you use our website

On parentspickapp.com we use the following:

• Google Analytics 4 (GA4): measures pageviews and a small number of custom events (app_store_click, book_search) so we can see which pages and books are useful. GA4 sets cookies and processes a truncated IP address and a randomly-generated client ID; we do not enable Google Signals or ad personalization.
• Meta (Facebook) Pixel: records a PageView on each page and a Lead event when you tap an App Store link, so we can measure the effectiveness of any ads we run on Meta platforms. The pixel sets cookies and may share hashed event data with Meta.
• Server & CDN logs: the site is hosted on Vercel, which keeps short-lived request logs (IP address, user agent, requested URL) for security, abuse-prevention, and debugging.

You can block these by using your browser's tracking-protection settings, an ad blocker, or by enabling "Do Not Track".

4. When you use our app

Account & sign-in

Some features (saving preferences, subscribing) require an account. You sign in with your phone number via a one-time passcode sent by SMS. We store your phone number and a Supabase-issued user ID. We do not collect or store the SMS code itself, and we do not use your phone number for marketing.

Camera (barcode scanning)

The camera is used only to read a book's ISBN barcode. The video stream is processed on-device; we do not save photos, video, or audio.

Product analytics (Mixpanel)

We use Mixpanel to record app events such as screen views, successful and failed scans, searches you run, errors, onboarding and subscription events. When you are signed in, these events are associated with your Supabase user ID. Mixpanel may also receive standard device-level identifiers (a Mixpanel-assigned device ID, app version, OS version, device model). Analytics are disabled in development builds.

Advertising measurement (Meta SDK)

We use the Meta (Facebook) SDK to log a small set of events used to measure the effectiveness of any ads we run on Meta platforms: registration completion, subscription purchase, subscription restore. IDFA collection and automatic event logging are disabled, no user ID is set with Meta, and we do not request App Tracking Transparency (ATT) permission.

Crash & error reporting (Sentry)

When the app crashes or hits an unexpected error, Sentry collects a stack trace, the in-app actions leading up to the crash ("breadcrumbs"), and standard device metadata (OS version, device model, app version). When you are signed in, the report is associated with your Supabase user ID so we can debug issues affecting specific accounts.

Subscriptions (RevenueCat & Apple)

Payments are handled entirely by Apple — we never see your card details. We use RevenueCat to verify your subscription status with Apple and to track subscription lifecycle events (start, renew, cancel, refund). RevenueCat receives a Supabase user ID, your subscription product, and Apple-issued receipt data.

Saved preferences & book interactions

If signed in, your saved preferences (themes you want flagged) and your interactions with books (saves, history) are stored in our Supabase database against your user ID, so they sync across devices. If you do not sign in, this data is kept on your device only.

5. Third-party processors

We rely on the following processors. Each processes only the data described above and is bound by their own published terms.

• Supabase — auth (phone OTP), database (preferences, book interactions), edge functions
• Vercel — website hosting and request logs
• Google (GA4) — website analytics
• Meta Platforms — website pixel and app-side advertising measurement
• Mixpanel — in-app product analytics
• Sentry — crash and error reporting
• RevenueCat — subscription management and receipt verification
• Apple — App Store delivery, in-app purchases, push notifications

6. How long we keep data

• Account data (phone number, preferences, book interactions): retained until you ask us to delete your account.
• Mixpanel product analytics: 12 months, then deleted.
• Sentry crash & error data: 90 days, then deleted.
• Google Analytics (GA4): 14 months (the GA4 default).
• RevenueCat & Apple subscription records: retained for the length of any active subscription, the refund window, and as required for tax and accounting (typically 7 years).
• Server / CDN logs: short-lived (typically days to weeks), per Vercel's defaults.

7. Children's privacy (COPPA)

ParentsPick is a tool for parents, teachers, and librarians to review children's books — it is not directed at children. We do not knowingly collect personal information from children under 13. The app requires a phone number to create an account, which functions as a practical age gate.

If you believe a child under 13 has created an account, contact privacy@bgbisland.com and we will delete the account and any associated data.

8. Your rights — EEA & UK (GDPR)

If you are in the EEA or the UK, you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data ("right to erasure")
• Restrict or object to processing
• Receive your data in a portable format
• Withdraw consent where processing is based on consent
• Lodge a complaint with your national data protection authority

Our legal bases for processing are: contract (account, subscription, app functionality), legitimate interests (security, debugging, product analytics), and consent (advertising measurement via Meta). To exercise any of these rights, email privacy@bgbisland.com.

9. Your rights — California (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, the right to delete it, the right to correct it, and the right to opt out of any "sale" or "sharing" of personal information.

We do not sell personal information. Our use of Meta Pixel and the Meta SDK for advertising measurement may, however, be considered "sharing" for cross-context behavioral advertising under the CPRA. To opt out of this sharing, email privacy@bgbisland.com or use a Global Privacy Control (GPC) signal in your browser; we honor GPC where it applies to our website.

We will not discriminate against you for exercising any of these rights.

10. International data transfers

We are based in the United States. The processors listed above operate primarily in the United States and the European Economic Area. Where personal data is transferred from the EEA, UK, or Switzerland to the United States, we rely on the recipient's published transfer mechanisms (Standard Contractual Clauses, the EU-US Data Privacy Framework, or equivalent).

11. Security

We use TLS for all network requests, scoped database access via Supabase Row Level Security, and limit employee access to production data. No system is perfectly secure; if you become aware of a vulnerability, please report it to privacy@bgbisland.com.

12. Changes to this policy

When we change this policy materially, we will update the "Last updated" date at the top of this page. For significant changes — for example, a new processor or a new category of data — we will note the change in the app or on the website.

13. Contact

BGB ISLAND LLC
Privacy enquiries: privacy@bgbisland.com
General enquiries: info@bgbisland.com