Privacy Policy

Introduction

OnlyBroken ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our consumer advocacy platform.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform.

Information We Collect

Personal Information You Provide

We collect information you provide directly:

• Account Information: Name, email address, and profile picture when you sign up using OAuth providers (Google, GitHub, Apple)
• Issue Reports: Details about issues you report, including descriptions, categories, locations, and any evidence you upload
• Comments and Interactions: Comments, votes, and reactions you make on issues
• Communications: Messages you send to us or other users

Information Collected Automatically

When you use our platform, we automatically collect:

• Device Information: Browser type, operating system, and device identifiers
• Usage Data: Pages visited, features used, and interaction patterns
• Log Data: IP address, access times, and referring URLs
• Analytics Data: Aggregated data about platform usage through PostHog

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our platform
• Process and display your issue reports
• Calculate ImpactScores and identify trending issues
• Connect related issues and detect systemic problems
• Send notifications about issues you're watching
• Respond to your comments, questions, and requests
• Monitor and analyze usage patterns to improve user experience
• Detect, investigate, and prevent fraudulent or abusive activity
• Comply with legal obligations

Information Sharing and Disclosure

We may share your information in the following circumstances:

• Public Information: Issue reports, comments, and votes are publicly visible to all users
• Service Providers: We share data with third-party services that help us operate the platform (hosting, analytics, authentication)
• Legal Requirements: We may disclose information when required by law or to protect our rights
• Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties.

Third-Party Services

We use the following third-party services:

• Authentication: Google, GitHub, and Apple for OAuth sign-in
• Analytics: PostHog for usage analytics and feature flags
• AI Services: Anthropic (Claude) for issue analysis and OpenAI for embeddings
• Database: Supabase (PostgreSQL) for data storage
• Hosting: Vercel for application hosting

Each of these services has their own privacy policies governing their use of data.

Cookies and Tracking

We use cookies and similar technologies to:

• Keep you signed in
• Remember your preferences
• Understand how you use our platform
• Improve our services

You can control cookies through your browser settings. Disabling cookies may limit your ability to use certain features.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (HTTPS)
• Secure authentication through OAuth providers
• Regular security audits and updates
• Access controls and monitoring

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your information for as long as your account is active or as needed to provide you services. Issue reports and public content remain visible as part of the public record unless you request deletion.

If you delete your account, we will remove your personal information from our systems within 30 days, except where we are required to retain it for legal purposes.

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data
• Portability: Request your data in a portable format
• Objection: Object to certain processing of your data

To exercise these rights, please contact us at privacy@onlybroken.com.

Children's Privacy

Our platform is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

We encourage you to review this Privacy Policy periodically for any changes.