Privacy Policy

gibbor ("gibbor", "we", "us", or "our") is operated as a solo founder project. If you have questions about this policy, contact us at hi@gibbor.dev.

2.1 Information you provide

• Account information — when you sign up via Google or magic link we receive your email address, display name, and (for Google) your profile photo URL.
• Profile details — handle, bio, build idea, social links, and interest categories you enter during onboarding.
• Submitted content — product listings, descriptions, tags, and any other content you publish on gibbor.

2.2 Information collected automatically

• Usage data — pages visited, features used, clicks, and session duration, collected via server logs and analytics.
• Device information — browser type, operating system, and IP address for security and abuse prevention.

2.3 Information from third parties

• Google Sign-In — when you authenticate with Google we receive your Google account ID, email, name, and profile picture as provided by Google. We do not receive your Google password.

• Create and maintain your gibbor account.
• Display your profile and submitted products to other users.
• Send transactional emails (magic links, product status notifications).
• Detect and prevent spam, abuse, and fraud.
• Improve platform features and fix bugs.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data to serve you targeted advertising.

4.1 Public profile data

Your handle, display name, profile photo, bio, and submitted products are visible to all gibbor visitors by default.

4.2 Service providers

We share data with the following sub-processors only to the extent necessary to operate the service:

• Supabase — authentication and database hosting (EU / US regions).
• Vercel — infrastructure and CDN.
• Google LLC — sign-in via Google OAuth 2.0.

4.3 Legal requirements

We may disclose information if required by law, court order, or to protect the rights and safety of gibbor, its users, or the public.

We retain your account data for as long as your account is active. If you delete your account, we remove your personal information within 30 days, except where retention is required by law or for legitimate fraud-prevention purposes.

Depending on your location, you may have the right to:

• Access a copy of your personal data.
• Correct inaccurate data.
• Delete your account and associated data.
• Object to or restrict certain processing.
• Data portability.

To exercise any of these rights, email hi@gibbor.dev. We will respond within 30 days.

gibbor uses cookies and local storage solely for authentication session management. We do not use advertising or tracking cookies. You may clear cookies via your browser settings, though this will sign you out.

gibbor is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have inadvertently collected such data, we will delete it promptly.

We use industry-standard measures including TLS in transit and encrypted storage at rest. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

We may update this policy from time to time. We will notify you of material changes by posting a notice on gibbor or by emailing you at the address on your account. Continued use of gibbor after changes take effect constitutes acceptance of the updated policy.

Questions or requests regarding this policy: hi@gibbor.dev