Legal

Privacy policy

Last updated: April 2026

What we collect

When you sign in with GitHub, we receive and store:

  • Your GitHub username and display name
  • Your email address (from your GitHub account)
  • Your GitHub avatar URL
  • A GitHub OAuth token (used to automate repo setup — creating branches and inviting collaborators)

Once you use the platform, we also store:

  • Seeds you create and the details you enter
  • Nodes you join and your contributions
  • Messages and updates you post within seeds
  • Achievement and score history

What we do not collect

We do not collect passwords — authentication is handled entirely by GitHub OAuth.

We do not store payment card details. Payments go through PayPal or Binance Pay directly — we only receive a confirmation that a payment succeeded.

We do not read the contents of your private GitHub repositories. The OAuth token we store is used only to create branches and invite collaborators, not to read or copy your code.

How we use your data

We use your data to run the platform. Specifically:

  • Your email is used to send platform notifications and the optional weekly digest
  • Your GitHub token is used for repository automations when you approve a node
  • Your contribution history is used to calculate your score and level
  • Your profile data is shown to other builders on the platform

We do not sell your data. We do not use it for advertising. We do not share it with third parties except as described below.

Third parties we use

Running this platform requires a few external services:

  • Supabase — our database. Your data is stored on Supabase's infrastructure. Their privacy policy applies.
  • GitHub — for authentication and repository automation. GitHub's privacy policy applies to what they receive during OAuth.
  • Gmail / Google SMTP — we use a Gmail account to send platform emails. Google's terms apply to email transit.
  • PayPal / Binance Pay — for processing seed creation payments. Your payment details go directly to them, not to us.
  • Vercel — our hosting provider. Request logs may be retained by Vercel per their own policy.

Cookies

We use one cookie: bf_user. It stores your session (user ID, GitHub username, avatar, email) so you stay signed in. It is httpOnly and expires after 30 days. We do not use tracking cookies or analytics cookies.

How to delete your account

We do not have a one-click delete button yet. Email us at hello@broke-founders.com and we will delete your account and associated data within 7 days.

Note: contributions you made to other people's seeds may remain as anonymised records (e.g. "a contributor joined this node") even after your account is deleted.

Changes to this policy

If we change what data we collect or how we use it in a meaningful way, we will send an email to all users before the change takes effect. Minor wording updates will not be notified.