Privacy Policy
Effective date: 26 February 2026
This Privacy Policy describes how Bobble Designs ("Bobble", "we", "us", or "our") collects, uses, and protects information when you access or use the Bobble web application and related services (collectively, the "Service") available at bobbledesigns.com.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of the Service.
1. Information We Collect
1.1 Account Information
When you choose to sign in via Google OAuth, we receive the following from your Google account:
- Email address
- Display name
- Profile photograph URL (where available)
We do not receive or store your Google password.
1.2 Project Data
When you use the Service, we may store:
- Crochet chart data, colour palettes, and project settings created within the application
- Images you upload for chart conversion (processed in-browser; only a compressed thumbnail is stored server-side for Pro users)
1.3 Subscription and Billing Data
If you subscribe to Bobble Pro, payment processing is handled entirely by Stripe, Inc. We store only your subscription status (active, cancelled, etc.) and plan type. We do not receive, process, or store credit card numbers, bank account details, or other payment instrument data.
1.4 Automatically Collected Information
We do not use analytics trackers, advertising pixels, or third-party tracking cookies. We do not collect IP addresses, device fingerprints, or browsing behaviour for profiling purposes. Essential session cookies are used solely for authentication.
2. How We Use Your Information
We use the information collected for the following purposes:
- To provide, operate, and maintain the Service
- To authenticate your identity and manage your account
- To synchronise your projects across devices (Pro plan)
- To process and manage your subscription via Stripe
- To respond to support enquiries and service-related communications
- To comply with applicable legal obligations
3. Legal Basis for Processing (GDPR)
Where the General Data Protection Regulation applies, we process your personal data on the following bases:
- Performance of a contract — to provide the Service you have requested
- Legitimate interests — to maintain and improve the Service, and to ensure its security
- Consent — where you have given explicit consent (e.g. signing in with Google)
- Legal obligation — where required to comply with applicable law
4. Third-Party Services
The Service integrates with the following third-party providers, each of which operates under its own privacy policy:
- Supabase, Inc. — database hosting and authentication infrastructure (Privacy Policy)
- Stripe, Inc. — payment processing and subscription management (Privacy Policy)
- Google LLC — OAuth sign-in (Privacy Policy)
- Cloudflare, Inc. — hosting, content delivery, and DNS (Privacy Policy)
We do not sell, rent, or share your personal data with any parties other than those listed above, and only to the extent necessary to operate the Service.
5. Data Storage and Security
Project and account data is stored on Supabase-managed infrastructure located in the European Union (Frankfurt, eu-central-1). All data in transit is encrypted using TLS/HTTPS. Access to user data is restricted by row-level security policies, ensuring that only you can access your own projects and account information.
While we implement commercially reasonable security measures, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your data.
6. Data Retention
We retain your personal data only for as long as necessary to provide the Service and fulfil the purposes described in this policy. Specifically:
- Account data — retained until you delete your account
- Project data — retained until you delete individual projects or your account
- Subscription records — retained as required for financial record-keeping obligations
Free-tier users who do not create an account have no data stored on our servers. All data remains in your browser's local storage and is subject to your own device's retention policies.
7. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Portability — download your data in a machine-readable format (JSON) via Account settings
- Rectification — request correction of inaccurate data
- Erasure — delete your account and all associated data via the "Delete my account" function in Account settings
- Restriction — request that we restrict the processing of your data in certain circumstances
- Objection — object to processing based on legitimate interests
To exercise any of these rights, contact us at hello@bobbledesigns.com. We will respond to all requests within 30 days.
8. Cookies
The Service uses only strictly necessary cookies required for user authentication (session tokens). We do not deploy analytics cookies, advertising cookies, or any form of cross-site tracking technology.
9. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected such data, we will take steps to delete it promptly. If you believe a child under 16 has provided us with personal data, please contact us at hello@bobbledesigns.com.
10. International Data Transfers
Your data may be processed in jurisdictions outside your country of residence, including within the European Union. Where applicable, we rely on adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms to ensure appropriate safeguards are in place.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The revised policy will be posted on this page with an updated effective date. For material changes, we will make reasonable efforts to notify you via the email address associated with your account.
Your continued use of the Service following the posting of changes constitutes your acceptance of such changes.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: hello@bobbledesigns.com