Privacy Policy

We collect the following categories of information:

a) Information from Google OAuth

When you sign in using your Google account, Google shares the following data with us under your authorisation:

• Your display name
• Your email address
• Your Google profile picture URL

We do not receive, store, or have access to your Google password or any Google account data beyond what is explicitly listed above.

b) Information you provide directly

• A username ("nickname") that you choose when setting up your Nanobahana account

c) Content and activity data

• Excuse messages generated through the Service
• Votes cast on excuses submitted by other users
• Badges earned through usage milestones
• Aggregate usage statistics (e.g., number of excuses generated)

d) Automatically collected technical data

• IP address (used only for abuse prevention and rate limiting)
• Browser type and operating system (standard server logs)
• Pages visited and time spent on the Service

We use the information we collect for the following purposes:

• Authentication: To verify your identity and maintain your logged-in session via Google OAuth.
• Account management: To create and maintain your Nanobahana profile, including your chosen username.
• Core functionality: To generate and save excuses, attribute them to your account, and display them on your public profile (if you choose to publish them).
• Social features: To operate leaderboards, badge systems, voting, and public profiles.
• Analytics: To understand aggregate usage patterns and improve the Service. These analytics are based on anonymised or aggregated data wherever possible.
• Security: To detect and prevent abuse, spam, or unauthorised access.

We do not use your data for targeted advertising. We do not sell, rent, or trade your personal information to any third party.

Your data is stored in a managed PostgreSQL database provided by Supabase, hosted on infrastructure within the United States. Authentication sessions are managed by Supabase Auth.

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), row-level security policies on the database, and access controls that restrict data access to authorised server-side processes only.

We retain your account data for as long as your account is active. If you request deletion of your account, we will permanently remove your personal data within 30 days, subject to the exceptions noted in Section 5 (Public Content).

No method of transmission over the internet or electronic storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

We use the following third-party services to operate the Service. Each has its own privacy policy governing how they handle data.

• Google OAuth (Google LLC) — used solely for user authentication. Governed by the Google Privacy Policy.
• Supabase (Supabase Inc.) — used for database storage and authentication session management.
• OpenRouter / AI providers — used to generate excuse text. Prompts sent to the AI service include your chosen archetype and scenario inputs, but not your name or email address.
• Vercel (Vercel Inc.) — used to host and serve the web application. Standard access logs may be retained by Vercel per their data retention policies.

We do not integrate advertising networks, tracking pixels, or social media widgets that collect data without your knowledge.

Certain features of the Service allow content to be made public. Specifically:

• Your username and public profile page (at nanobahana.xyz/u/[username]) are visible to anyone, including unauthenticated visitors.
• Excuses you generate may appear on public leaderboards or the Hall of Chaos if they receive sufficient votes.
• Badges earned on your account are displayed on your public profile.

You are responsible for the content of excuses you generate and choose to publish. Once content has been publicly indexed by search engines or cached by third parties, we cannot guarantee its complete removal upon deletion.

Your email address, Google profile picture, and other private account details are never made public.

You have the right to access, correct, or delete your personal data. To exercise any of these rights, contact us at cb7chaitanya@gmail.com.

Upon a verified deletion request, we will:

• Delete your account and all associated private data within 30 days
• Remove your personally identifiable information (name, email, profile picture) from our systems
• Anonymise or remove your username from public content where technically feasible

You may also revoke Nanobahana's access to your Google account at any time via your Google Account Permissions page. Revoking access will sign you out of the Service but will not automatically delete your stored data.

If you are located in the European Economic Area (EEA) or United Kingdom, you may have additional rights under the GDPR or UK GDPR, including the right to data portability and the right to lodge a complaint with your local supervisory authority.

If you are a California resident, you may have rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and the right to request deletion. We do not sell personal information as defined under the CCPA.

The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at cb7chaitanya@gmail.com and we will delete that information promptly.

Users between the ages of 13 and 18 should review this policy with a parent or guardian before using the Service.

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes, we will make reasonable efforts to notify users, such as by displaying a notice within the Service.

Your continued use of the Service after a policy update constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate privacy-related inquiries within 30 days.