Privacy Policy

Last Updated: 10/11/2025

1. Data Controller Information

Bundle Names ("we," "us," or "our") operates the Bundle Names website and baby name generation service. For questions about this Privacy Policy, please contact us at privacy@bundlenames.com.

2. Information We Collect

Personal Information

  • Email address: Required for account creation and authentication
  • Display name: Optional for personalization of your experience
  • Authentication data: Password hash and OAuth tokens (stored securely by Supabase)

Usage Data

  • Search preferences: Cultural origins, name characteristics you select
  • Saved names: Names you choose to save to your account
  • Collections: Custom collections you create to organize names
  • Generation history: Record of name generation requests for your account
  • Credit usage: Tracking of your free credits and usage patterns

Technical Data

  • IP address: For security, rate limiting, and regional compliance
  • Browser information: User agent for technical compatibility
  • Device information: Screen size and capabilities for responsive design
  • Usage analytics: Page views and feature usage (only with your consent)

3. How We Use Your Information

  • Account management: Creating and maintaining your user account
  • Service delivery: Providing personalized name generation based on your preferences
  • Data persistence: Saving your preferences, names, and collections
  • Service improvement: Understanding usage patterns to enhance our features
  • Security: Protecting against fraud, abuse, and unauthorized access
  • Communication: Sending important account-related notifications
  • Legal compliance: Meeting our legal obligations and protecting rights

4. Legal Basis for Processing (GDPR)

  • Consent: Account creation, optional analytics, and marketing communications
  • Contractual necessity: Providing the name generation service you requested
  • Legitimate interests: Security, fraud prevention, and service improvement
  • Legal obligation: Compliance with applicable laws and regulations

5. Data Sharing and Third Parties

We only share your information with trusted service providers necessary to operate our service:

  • Supabase: Authentication, database hosting, and data storage
  • OpenAI/Anthropic: AI-powered name generation (preferences only, no personal data)
  • Vercel: Application hosting and performance optimization
  • Google: OAuth authentication (if you choose to sign in with Google)

We do not sell, rent, or trade your personal information to third parties.

6. Data Retention

  • Account data: Retained until you request deletion of your account
  • Usage analytics: Aggregated data retained for up to 12 months
  • Security logs: IP addresses and security events retained for 6 months
  • Inactive accounts: May be deleted after 3 years of inactivity with notice

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of all personal data we hold about you
  • Rectification: Correct any inaccurate or incomplete information
  • Erasure: Request deletion of your account and associated data
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your information
  • Objection: Opt out of certain types of data processing
  • Withdraw consent: Remove consent for analytics and marketing

To exercise these rights, visit your account settings or contact us at privacy@bundlenames.com.

8. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: All data transmitted via HTTPS/TLS encryption
  • Authentication: Secure password hashing and OAuth integration
  • Access controls: Role-based database access with row-level security
  • Regular updates: Security patches and dependency updates
  • Monitoring: Continuous monitoring for suspicious activity

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for login, security, and basic functionality
  • Functional cookies: Remember your preferences and saved selections
  • Analytics cookies: Understand usage patterns (only with your consent)

You can manage your cookie preferences through our cookie settings.

10. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are under 13, please do not provide any information to us. If we learn we have collected information from a child under 13, we will delete that information immediately.

11. International Data Transfers

Your information may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses and adequacy decisions where applicable.

12. California Privacy Rights (CCPA)

California residents have additional rights:

  • Right to know: What personal information we collect and how it's used
  • Right to delete: Request deletion of your personal information
  • Right to opt-out: We don't sell personal information, but you can opt out of analytics
  • Right to non-discrimination: We won't discriminate for exercising your rights

See our Do Not Sell page for more information.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email to your registered address
  • Updating the "Last Updated" date above

Continued use of our service after changes constitutes acceptance of the updated policy.

14. Contact Information

For questions about this Privacy Policy or our data practices, contact us:

  • Email: privacy@bundlenames.com

EU Representative: If you are in the European Union and have concerns about our data processing, you may also contact your local data protection authority.