OpenBasket mascotOpenBasket
Back

Privacy Policy

Last Updated: March 15, 2026 · Version 2026-03-15

Draft — under review. Not legal advice. Have a lawyer review before going live with real users.

Short Summary

  • What we collect: Your email (via Google), display name, neighborhood, the produce you list, your BeeCoins balance, garden posts, and photos you upload.
  • What we do with it: Run the platform. Match you to your neighborhood community. Show your listings and garden posts to neighbors. Moderate content for safety using AI.
  • What we don't do: Sell your data. Share it with advertisers. Track you across other websites.
  • Your rights (California): You can see what we have, fix it, delete it, or ask us to stop sharing it. Email privacy@openbasket.app.
  • Who sees your data: Supabase (database), Vercel (hosting), Google (login), and our AI provider (content screening).

1. Who We Are

OpenBasket ("we", "us", "our") is a neighborhood produce-sharing platform operated by its founders. For privacy inquiries, contact us at privacy@openbasket.app.

2. Scope

This Privacy Policy applies to the OpenBasket web application at openbasket.app and any related services. It does not cover third-party sites we link to.

3. Cookies and Tracking

We use session cookies and authentication tokens (set by Supabase) to keep you logged in. These are strictly necessary for the Platform to function. We do not use advertising cookies, retargeting pixels, or third-party analytics trackers.

Do Not Track: We do not currently respond to browser “Do Not Track” signals because we do not track users across third-party websites regardless of this setting.

4. Information We Collect

3.1 Information You Provide

  • Account identity: Display name, avatar photo (optional)
  • Email address: Via Google OAuth — used to authenticate and send notifications
  • Location / neighborhood: City and neighborhood name to match you to a community
  • Produce listings: Crop types, descriptions, photos, pickup location hints
  • Open Baskets: Crop types, location hint, optional map pin
  • Garden posts and photos: Title, description, crop list, season, photos
  • Exchange activity: Requests, completions, ratings, and reviews
  • Community join requests: Optional message submitted when requesting membership
  • Reports: Details you submit when reporting another member
  • Suggestions / feedback: Text submitted in the suggestions feature
  • Event details: Title, description, location, start/end times

3.2 BeeCoins Activity

We maintain records of your BeeCoins balance and transaction history. BeeCoins have no monetary value and are not financial data, but are subject to your data rights under this policy.

3.3 AI Moderation Logs

We use AI to screen content before it is published. When you submit text or images, that content may be sent to our AI provider for moderation analysis. We store:

  • A moderation event record (content text, moderation score, category, outcome)
  • An AI call log (call type, context, timestamp) for rate limiting
  • A moderation strike count if content is auto-blocked

Community leaders can view moderation events for their communities. Admins can access the AI call log. Blocked content is not publicly visible.

3.4 Automatically Collected Information

  • Log data: IP address, browser type, pages visited, timestamps
  • Authentication tokens: Session cookies managed by Supabase
  • Device information: OS and browser version

We do not use persistent cross-site tracking cookies or advertising pixels.

3.5 From Third Parties

Google OAuth: When you sign in with Google, we receive your email address, display name, and profile photo URL. We do not receive your Google password or broad account access. Google's data use is governed by Google's Privacy Policy.

5. How We Use Your Information

  • Operating the Platform and authenticating you
  • Matching you to neighborhood communities
  • Displaying your listings and posts to neighbors
  • Facilitating exchanges and BeeCoins transactions
  • Moderating content for safety
  • Sending notifications per your preferences
  • Investigating reports and enforcing community rules
  • Improving the Platform (aggregated analytics only)
  • Complying with legal obligations

We do not use your data for advertising, sale to data brokers, or building profiles for third-party use.

6. Information Sharing

We share your information only as follows:

  • With neighbors in your community: Your display name, listings, garden posts, and exchange profile are visible to members of your community
  • With community leaders: Leaders can see membership requests, moderation events, and member profiles within their community
  • With service providers: Supabase (database and auth), Vercel (hosting), Google (authentication), our AI provider (content moderation) — all under data processing agreements
  • For legal compliance: If required by law, legal process, or to protect the safety of users

We do not sell personal data. Ever.

7. Data Retention

  • Active accounts: Retained as long as your account exists
  • Deleted accounts: Most personal data deleted within 30 days; some records (exchange history for other parties' benefit, moderation logs for safety) may be retained longer in anonymized form
  • Moderation logs: Retained for 12 months
  • AI call logs: Retained for 90 days

8. Security

We use industry-standard security practices including HTTPS, encrypted storage (Supabase), row-level security policies, and session management. However, no system is perfectly secure. If you discover a vulnerability, please report it to security@openbasket.app.

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law (including California Civil Code § 1798.82), without unreasonable delay.

9. Your Rights (California / CCPA)

California residents have the right to:

  • Know what personal information we collect and how it's used
  • Access a copy of your personal information
  • Correct inaccurate information
  • Delete your personal information (with some exceptions)
  • Opt out of sale of personal information (we don't sell)
  • Non-discrimination for exercising your rights

To exercise these rights, email privacy@openbasket.app or delete your account directly via Settings → Account → Delete Account.

10. Children

OpenBasket is not directed at children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us personal information, contact us at privacy@openbasket.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via in-app notice. Continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

12. Contact

For privacy questions or requests: privacy@openbasket.app