Privacy Policy
Privacy Policy
Last updated: May 3, 2026
This Privacy Policy describes how Breakpoint collects, uses, shares, and protects information about you when you use the Service. The Service is operated by Nolan Donovan, a sole proprietor based in North Carolina, United States (“Breakpoint”, “we”, “us”, or “our”). By using the Service you agree to this Policy and to our Terms of Service, available at /terms. We honor the rights described in Section 9 for all users, regardless of where you live.
1. INFORMATION WE COLLECT
Information you provide
Your email address and a hashed password. Passwords are hashed by our authentication provider; we never see or store your plaintext password.
Optional profile information such as a display name and avatar image.
For Members, the blog (Publisher) you submit, including its URL, name, contact email, brand color, and any metadata we extract or you provide.
Reading-list contents, liked posts, and your subscriptions to publishers and categories.
Messages you send through the contact form or by emailing us.
Information collected automatically
Server log data such as IP address, user agent, request paths, and timestamps, used for operating and securing the Service.
Aggregate product analytics via Vercel Analytics (page views, basic device and browser type). We do not use Vercel Analytics to build cross-site advertising profiles.
Information from third parties
Billing metadata from our payment processor (Stripe), such as your name, country, the last four digits of your card, and subscription status. We do not see or store your full payment-card number.
2. HOW WE USE INFORMATION
We use the information we collect to:
Operate, maintain, and secure the Service, including authenticating you and preventing abuse.
Deliver the curated feed and search experience, and to schedule, run, and display the results of automated scraping of submitted blogs.
Process Member subscription billing through our payment processor.
Send transactional email such as account confirmations, password resets, billing receipts, scrape failures affecting your Publisher, and notices about changes to these documents.
Process submitted blog content using third-party AI services for purposes such as metadata extraction, content moderation, search indexing, and the generation of vector embeddings.
Enforce our Terms of Service, respond to legal claims, and comply with applicable law.
3. MARKETING EMAIL
We will only send you marketing email (such as newsletters or promotional offers) after you explicitly opt in and confirm your email by clicking a verification link. You can withdraw your consent at any time using the unsubscribe link in any marketing email or by contacting contact@breakpoint.blog. Opting out of marketing email does not stop transactional messages, which are required to operate your account.
4. COOKIES AND LOCAL STORAGE
The Service uses the following categories of browser storage:
Strictly necessary. Authentication and session cookies set by our authentication provider. These are required for sign-in and cannot be disabled while using authenticated features.
Functional. Local-storage entries we use to cache your preferences and recent API responses, so the app feels fast and remembers your choices between visits.
Third-party. Stripe sets cookies on its hosted checkout and billing-portal pages, governed by Stripe's privacy policy.
Analytics. Aggregate, non-identifying usage measurement via Vercel Analytics.
You can clear or block cookies and local storage in your browser settings, but doing so may prevent you from signing in or using certain features.
5. HOW WE SHARE INFORMATION
We do not sell your personal information, and we do not share it with third parties for their own advertising. We share information only with the following categories of recipients:
Payment processor — to handle subscription billing.
Hosting and edge providers — to host and deliver the Service.
Database and authentication provider — to store your account, content, and session.
AI service providers — to extract metadata from submitted content, moderate content, and generate vector embeddings used for search.
Analytics provider — to measure aggregate Service usage.
Email provider — if and when we introduce one, to send transactional and (with your consent) marketing email.
Legal and regulatory recipients — when we are required to do so by law, subpoena, or court order, or to protect the rights, property, or safety of Breakpoint, our users, or others.
Successors — in connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, in which case the recipient must continue to honor commitments made in this Policy or provide you notice and a chance to opt out.
Each provider acts as our service provider or processor and is subject to confidentiality obligations and to handling your information only on our instructions and for the purposes described here.
6. INTERNATIONAL USERS AND DATA LOCATION
We are based in the United States, and we store and process information in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, which may have different data-protection laws than your country. Where required by applicable law, we rely on appropriate safeguards (such as standard contractual clauses) to govern transfers of personal data out of the European Economic Area, the United Kingdom, or Switzerland.
7. DATA RETENTION
We retain personal information for as long as your account exists. When you delete your account through the in-app Delete Account action, or when we terminate it, we hard-delete your profile, reading lists, liked posts, subscriptions, and other personal information from active systems immediately, and your Publisher (if any) is set to Removed and its posts are hidden from the feed.
Some information is retained longer because we are required to keep it:
Billing records (invoices, charges, refunds, tax records) are retained by our payment processor and by us for approximately seven (7) years to satisfy tax, accounting, and audit obligations.
Backups and derived data, such as vector embeddings and search indexes, may persist for a brief additional period before being expired or recomputed.
We may retain a minimal record of the deletion event itself (for example, account ID and deletion timestamp) to demonstrate compliance with deletion requests.
8. SECURITY
We use reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS) and password hashing performed by our authentication provider. We limit access to personal information to people who need it to operate the Service.
No system is perfectly secure, and we cannot guarantee absolute security. Please use a strong, unique password and notify us at contact@breakpoint.blog if you suspect your account has been compromised.
9. YOUR RIGHTS
Subject to applicable law and to verifying your identity, you have the following rights with respect to your personal information:
Access and portability — request a copy of the personal information we hold about you in a portable format.
Correction — ask us to correct inaccurate or incomplete information.
Deletion — delete your account and associated personal information through the in-app Delete Account action, or by contacting us. Some data may be retained as described in Section 7.
Objection and restriction — object to, or ask us to restrict, certain processing of your information.
Withdraw consent — where processing is based on consent (for example, marketing email), you may withdraw consent at any time without affecting the lawfulness of prior processing.
Complain to a supervisory authority — users in the European Economic Area, the United Kingdom, or Switzerland may lodge a complaint with their local data-protection authority.
California residents (CCPA/CPRA)
California residents additionally have the right to know what personal information we collect and disclose, the right to delete it, the right to correct it, and the right to opt out of the “sale” or “sharing” of personal information. We do not sell or share your personal information for cross-context behavioral advertising, but we honor opt-out requests in any case. We will not discriminate against you for exercising any of these rights.
How to exercise your rights
For deletion, use the in-app Delete Account action under Dashboard → Account Settings. For all other requests, email contact@breakpoint.blog. We may ask you to verify your identity (for example, by replying from the email address on your account) before we act on a request, and we will respond within the time required by applicable law. You may use an authorized agent where the law permits.
10. CHILDREN
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact contact@breakpoint.blog and we will promptly delete it. Paid Membership is limited to users 18 and older as described in our Terms of Service.
11. DATA BREACHES
If a security incident affects your personal information, we will notify affected users without undue delay and as required by applicable law, and we will describe the nature of the incident, the likely consequences, and the steps we have taken or will take to address it.
12. CHANGES TO THIS POLICY
We may update this Policy from time to time. For material changes that affect paid Members, we will provide approximately 30 days' advance notice by email to the address associated with your Membership; the changes take effect at the end of that notice period. Non-material changes (such as clarifications or contact details) take effect when posted, and we will update the “Last updated” date at the top of this page. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.
13. CONTACT
Questions, requests under Section 9, complaints, and other privacy matters may be sent to contact@breakpoint.blog.