Privacy Policy

BringBucket is a file management interface that lets you connect and manage your own S3-compatible cloud storage from a single dashboard. We believe in minimal data collection: we only collect what is strictly necessary to run the service. Crucially, your files always remain in your own cloud bucket — BringBucket never copies or stores your file contents on our servers.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have with respect to your information. Please read it carefully. By using BringBucket, you agree to the practices described here.

We collect the following categories of information:

• Account information — Your name and email address, provided via Google OAuth at sign-up. We do not store your Google password.
• Usage data — Pages visited, features used, browser type and version, operating system, and general geographic region (country). This data is aggregated and used to improve the product.
• Billing information — Subscription tier, billing cycle, and payment status. All payment processing is handled by Stripe; we never see or store raw card numbers or full banking details.
• Workspace metadata — The names, regions, and endpoints of cloud storage buckets you configure. We store this metadata to power the dashboard. We do not access or store the contents of your files.
• Storage credentials — Access keys and secrets you provide to connect a storage provider are encrypted at rest using AES-256-GCM before being written to our database. They are never logged and are decrypted only transiently to perform operations you explicitly request.

We use the information we collect to:

• Provide, operate, and improve the BringBucket service.
• Authenticate you and maintain your session securely.
• Send transactional emails such as account confirmations, password resets, and important service updates. We do not send marketing emails without your explicit consent.
• Calculate usage and billing, and process payments via Stripe.
• Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities.
• Respond to your support requests and inquiries.
• Comply with legal obligations, such as responding to valid law enforcement requests.

BringBucket integrates with the following third-party services to deliver its functionality. Each operates under its own privacy policy:

• Google OAuth — Used for authentication. Google receives your consent and issues an identity token; we store only your name and email from that token.
• Stripe — Handles billing and subscription management. Stripe processes and stores payment card information on their PCI-DSS-compliant infrastructure.
• Cloudflare — Provides CDN delivery and DDoS protection. Cloudflare may process request metadata (IP address, headers) as traffic passes through their network.
• AWS SDK — BringBucket uses the AWS SDK to make S3-compatible API calls on your behalf, using only the credentials you provide for your own storage account.
• Resend — Used to deliver transactional emails (e.g., account verification, notifications). Only your email address and the content of the email are shared.

We do not sell your personal data to any third party, and we do not share your data with advertising networks.

We retain your account data for the duration of your active account plus 90 days following account deletion, to allow for recovery and to fulfill any outstanding obligations.

Encrypted storage credentials (access keys, secrets) are deleted immediately and permanently when you disconnect a provider from your workspace.

Application and access logs are retained for 30 days, after which they are automatically purged. Aggregated, anonymized analytics may be kept indefinitely.

Depending on your location, you may have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you.
• Correction — Ask us to correct any inaccurate or incomplete information.
• Deletion — Request erasure of your personal data ("right to be forgotten"). Note that some data may be retained where required by law.
• Portability — Receive your personal data in a structured, commonly used format to transfer to another service.
• Opt-out — Opt out of marketing communications at any time using the unsubscribe link in any email or by contacting us directly.

To exercise any of these rights, please contact us at privacy@bringbucket.com. We will respond within 30 days.

We use strictly necessary session cookies to keep you authenticated while you use BringBucket. We do not use advertising cookies, cross-site tracking pixels, or third-party analytics cookies that profile you across the web.

We also store a lightweight preference cookie for your dark/light mode choice. This cookie does not identify you personally. For full details, please see our Cookie Policy.

BringBucket is not intended for use by anyone under the age of 13, and we do not knowingly collect personal data from minors. If you believe a child under 13 has provided us with personal information, please contact us immediately at privacy@bringbucket.com and we will promptly delete that information.

We may update this Privacy Policy from time to time. If we make material changes — changes that meaningfully affect how we collect or use your data — we will email registered users at least 14 days before those changes take effect.

For non-material changes (e.g., clarifications, fixing typos), we will update the effective date at the top of this page. Continued use of BringBucket after changes take effect constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us:

privacy@bringbucket.com
BringBucket, Inc.