Privacy Policy

1. Information We Collect

Account information. When you sign up, we collect your email address (required), and optionally a display name, preferred language, and home city you choose in the app.

Location information. The map shows your location only if you grant the browser's geolocation permission. Coarse location (your device-derived city) is used server-side to decide which city's data to surface. We do not continuously track your location and we do not store precise coordinates beyond what is needed to fulfil an in-session request.

Usage and diagnostic data. We use PostHog to measure product usage (page views, feature interactions, conversion funnels) and Sentry to capture errors. Both are configured with IP truncation where supported and without full-session replay. Usage analytics are associated with your account identifier so we can distinguish signed-in cohorts from anonymous visitors.

Payment information. If you subscribe to a paid plan, Stripe collects and processes your payment details directly. Payment card numbers never touch Brody's servers. We store a Stripe customer identifier so we can open your billing portal and keep your subscription status in sync with our records.

Community reports (if you submit them). Any parking report, correction, or comment you submit is stored and associated with your account. We use reports to improve predictions and, where appropriate, display them to other users.

Cookies and local storage. We use first-party cookies for authentication (Supabase Auth session) and a small set of PostHog cookies for analytics. We do not use cross-site advertising cookies. You can block cookies in your browser, but the Service will not work without authentication cookies enabled.

2. How We Use Your Information

We use your information to: (a) operate and deliver the Service (including predictions, personalization, and account management); (b) process payments and handle subscriptions; (c) send transactional emails (magic links, receipts, policy-change notices) — never marketing without opt-in; (d) detect, prevent, and respond to abuse, fraud, and security incidents; (e) improve the Service through aggregate analytics and model training; and (f) comply with legal obligations.

3. Service Providers (Sub-processors)

Brody relies on the following third parties to deliver the Service. Each processes personal information only as needed for the stated purpose and under a data-processing agreement where applicable:

Supabase (database, authentication) — hosts your profile and application data. Stripe (payments, billing) — processes payment cards and manages subscriptions. Mapbox (maps) — renders the interactive map; your browser requests map tiles directly from Mapbox. PostHog (product analytics) — collects usage events. Sentry (error monitoring) — collects crash reports and stack traces. Resend (transactional email) — sends magic links and policy notices. Upstash (rate limiting) — stores short-lived counters to prevent abuse.

We review sub-processors periodically. A current list is available on request from askbrody.app@gmail.com.

4. Sharing With Others

We do not sell personal information. We do not share personal information with third parties for their own marketing purposes. We share information only: (a) with the sub-processors listed above to operate the Service; (b) when required by law or valid legal process; (c) to protect our rights, safety, or property, or that of others; or (d) in connection with a merger, acquisition, or sale of assets, in which case continued handling will remain subject to a comparable privacy commitment.

5. Data Retention

We keep your account information for as long as your account is active. If you delete your account, we remove identifying profile fields within 30 days and aggregate or anonymize remaining usage data within 90 days, except where retention is required by law (for example, financial records for tax purposes). Aggregate analytics that cannot be associated with an individual may be retained indefinitely.

6. Your Rights

You may request to access, correct, export, or delete your personal information by emailing askbrody.app@gmail.com. We will respond within the timeframe required by applicable law (typically 30 days). To verify the request we may need to confirm ownership of the email address on the account.

7. California Residents (CCPA / CPRA)

If you reside in California, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the right to: (a) know what personal information we have collected about you and how we use it; (b) request deletion of personal information, subject to certain exceptions; (c) correct inaccurate personal information; (d) opt-out of the sale or sharing of personal information for cross-context behavioral advertising; and (e) not be discriminated against for exercising these rights.

Brody does not sell or share personal information as those terms are defined under the CCPA. To exercise any of the rights above, email askbrody.app@gmail.com. We will respond as required by law and will not discriminate against you for making a request.

8. Argentina Residents (Ley 25.326)

If you reside in Argentina, Ley 25.326 de Protección de los Datos Personales gives you the right to access, rectify, update, and delete personal information we hold about you, under the conditions of the law. To exercise these rights, contact us at askbrody.app@gmail.com. The Agencia de Acceso a la Información Pública is the supervisory authority with jurisdiction to receive complaints about our handling of personal data of Argentine residents.

9. Children

The Service is not directed to children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us at askbrody.app@gmail.com and we will delete it promptly.

10. Security

We apply commercially reasonable administrative, technical, and physical safeguards to protect personal information, including encryption in transit, access controls on production databases, and row-level security policies that restrict each user's data to that user. No system is completely secure; we cannot guarantee that unauthorized parties will never gain access.

11. International Transfers

Brody's production infrastructure is hosted in the United States. If you access the Service from outside the United States, your information will be transferred to, processed, and stored in the United States and potentially in other jurisdictions where our sub-processors operate. By using the Service, you acknowledge this transfer.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make a material change, we will notify you by email or in-product and update the "Last updated" date above. Your continued use of the Service after the change takes effect constitutes acceptance of the updated Policy.

13. Contact

Smarts Digital Products LLC. Questions about this Privacy Policy or your personal information? Email us at askbrody.app@gmail.com.