Privacy Policy

Effective Date: April 8, 2026

Last Updated: May 5, 2026

Introduction

BranchBound ("we," "our," "us," or "Company") operates the BranchBound website and related services (the "Service"), including interactive, branching stories that use artificial intelligence to generate narrative content based on your choices.

We are committed to protecting your privacy and handling your personal information responsibly.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or interact with our services. Please read this policy carefully.

By accessing or using our Service, you consent to the data practices described in this policy.

If you do not agree with the terms of this Privacy Policy, please do not access or use our Service.

Your use of the Service is also governed by our Terms of Service.

For rules about acceptable content and enforcement, see our Content Policy.

Information We Collect

Account and authentication

When you create or use an account, we collect information needed to operate sign-in and your profile, including:

  • Sign-in

    If you sign in with Google, we receive account identifiers and profile details that Google shares with us according to your Google account settings (for example, your email address and name). Google's use of information is described in Google's privacy policy.

    Google Privacy Policy
  • Profile information

    A username you choose, a profile picture you select from the in-app avatar library, and your birth year. Birth year is collected to verify that you meet the minimum age requirement to use the Service and is not used for any other purpose.

  • Sessions and security

    Authentication tokens, session data, and related technical data used to keep you signed in securely and protect the Service.

Gameplay and AI-generated experiences

To run interactive stories, we process data you generate while using the Service, such as:

  • Story and session data

    Your choices, progress, saved sessions, and related metadata needed to continue or resume experiences.

  • Preferences and settings

    Content preferences you configure (such as preferred genres, story tones, and character traits), gameplay settings (such as your default AI model and start screen behavior), and display settings (such as font and text size). These are stored to personalise and customize your experience.

  • Content sent for AI processing

    To generate scenes, choices, summaries, and related narrative outputs, we send prompts and context derived from the story, your selections, and game state to our AI inference providers. That material can include fictional story content and descriptions of what has happened in your session. It is processed to provide the Service, not for unrelated advertising.

  • Public sessions

    If you mark a story session as public, parts of your playthrough (such as scene text, choices, and session metadata) may be visible to other users of the Service. You control this setting and can change it at any time. When a session is private, its content is accessible only to you.

Subscriptions and billing

If you purchase or manage a subscription, payment details are handled by our payment processor. We receive limited billing-related information (for example, subscription status, plan, and transaction identifiers) needed to provide access to paid features.

Personal Information You Provide

  • Contact Information

    If you contact us or communicate with us, we may collect your email address and any information you include in your message.

  • Communication Records

    Content of messages, emails, or other communications you send to us.

  • Feedback

    Suggestions, feedback, or feature requests you voluntarily submit.

Information Automatically Collected

  • Usage Data

    Pages visited, time spent on pages, navigation patterns, and interactions with our website and app surfaces.

  • Device Information

    Public IP address, browser type and version, operating system, device type, and screen resolution.

  • Session Information

    Date and time of visits, session duration, and pages or features accessed during each session.

Cookies and Tracking Technologies

We use cookies and similar technologies as needed for authentication, security, preferences, and analytics. In production we may use PostHog for product analytics when our environment is configured with the required keys; Google Analytics is used only when we explicitly enable it.

  • Essential cookies

    Cookies or local storage that support sign-in, session management, load balancing, or security.

  • PostHog (product analytics)

    When our production deployment is configured with PostHog, it uses cookies or local storage to distinguish browsers and devices. PostHog helps us understand navigation and feature usage through automatic events (such as page views with the current URL—including query parameters where present—and when you leave a page) and custom events we send for product actions (such as creating a story session, selecting choices, switching in-session display modes, updating gameplay settings, claiming login rewards, subscription or billing actions, and account deletion flows). When you are signed in, we may use PostHog's identify feature with your account identifier and an internal support reference id so we can analyse usage in context. PostHog is configured for U.S. ingestion endpoints in our app (for example us.i.posthog.com).

    PostHog privacy policy
  • Google Analytics

    When we enable Google Analytics, it uses cookies and similar technologies to help us understand how visitors use the Service (for example, pages viewed, session duration, and referral sources). You can limit some tracking through your browser settings and Google's tools.

    Learn more about Google's data practices

How We Use Your Information

We use the collected information for the following purposes:

  • Service Operation
    • Maintain and operate the website, accounts, and interactive story experiences
    • Authenticate you, sync your progress, and deliver real-time or saved session features
    • Process subscriptions and manage access to paid features
    • Send service-related communications (for example, billing or security notices) when appropriate
    • Respond to support requests or inquiries
  • AI and product experience
    • Generate and adapt narrative content, choices, summaries, and related outputs based on your interactions
    • Operate, debug, and improve AI-assisted features and reliability
  • Product Development
    • Improve the website and user experience
    • Understand how users interact with our service via product analytics when PostHog is configured, and via Google Analytics when we enable it
    • Develop new features and improvements
  • Security and Legal
    • Protect against fraud, abuse, or security threats
    • Comply with legal obligations
    • Enforce our terms or policies when necessary

Information Sharing and Disclosure

We do not sell, trade, or rent your personal information.

We may share information only in the following limited circumstances:

Service Providers

We may share information with trusted third-party providers that help us operate the Service, such as:

  • Supabase (authentication, database, file storage, and related infrastructure for accounts and app data)
  • OpenRouter and underlying model providers (processing prompts and context to generate AI outputs; providers may include companies such as Anthropic and OpenAI depending on the model selected or used)
  • Stripe (payment processing and subscription management)
  • PostHog, when our production deployment is configured to use it (product analytics including page navigation, usage events, and related diagnostics)
  • Google Analytics, when enabled (additional website analytics)
  • Hosting, email or transactional messaging, logging, and security vendors that support reliability and abuse prevention

These providers process information on our behalf under contractual and technical safeguards appropriate to the service they provide. Their own privacy notices describe how they handle data in their environments.

Legal Requirements

We may disclose your information when required by law, including:

  • Compliance with subpoenas, court orders, or legal processes
  • Protection of our rights, property, or safety
  • Protection of users or the public
  • Investigation of fraud or security issues

Business Transfers

If BranchBound is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction.

Data Security

We implement reasonable technical and organizational measures to protect your information.

These measures may include:

  • Secure website connections (HTTPS / SSL)
  • Access controls limiting who can access data
  • Monitoring systems for potential security threats

However, no internet transmission or electronic storage system can be guaranteed to be completely secure.

Data Retention

We retain personal information only as long as necessary for the purposes described in this policy.

Examples include:

  • Account and profile

    Retained while your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, or as required by law.

  • Gameplay and session records

    Retained as needed to provide saved progress, billing, analytics, and product improvement, and deleted or anonymized when no longer necessary for those purposes unless a longer period is required by law.

  • Contact submissions

    Retained until you request removal or the data is no longer needed for the purposes described in this policy.

  • Communication Records

    May be retained for up to 2 years for support and service improvement.

  • Analytics Data

    When we use PostHog, enable Google Analytics, or use similar analytics tools, data may be retained according to each provider's settings and policies and our project configuration (for example retention windows configured in PostHog or Google Analytics).

  • Billing records

    Payment information is processed by our payment processor; we may retain transaction and subscription records as needed for accounting, tax, and legal compliance.

Your Privacy Rights

Depending on your location, you may have rights regarding your personal information, including:

  • Request access to personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your personal information — you can delete your account directly in Settings > Account, or contact us if you need further assistance
  • Withdraw consent for certain data processing activities (where consent is the legal basis)
  • Opt out of certain uses of personal information, where applicable under local law

We do not sell your personal information for money. Some laws treat certain sharing for targeted advertising as a "sale" or "sharing"; if you believe that applies and wish to opt out, contact us using the information below.

If you are in the European Economic Area, the United Kingdom, or Switzerland, you may also have the right to lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us at support@branchbound.app.

Children's Privacy

Our Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that such information has been collected, we will take steps to delete it.

Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

International Data Transfers

If you access the Service from outside the country where our primary systems are located, your information may be transferred to and processed in other jurisdictions (including the United States) where privacy laws may differ.

Our subprocessors—such as Supabase, Stripe, OpenRouter and AI model providers, PostHog when configured for production analytics (commonly involving processing in the United States), and (when enabled) Google Analytics—may process or store data in multiple regions according to their services and your configuration.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time as BranchBound evolves.

When we make changes, we will:

  • Update the "Last Updated" date at the top of this policy
  • Post the updated policy on this page

We encourage you to review this policy periodically.

Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: support@branchbound.app

We will try to respond to inquiries within 3-5 business days.