Privacy Policy
Last updated: April 2026
Bricksy is operated by Adrian Resler, a sole proprietor based in Poland (the "data controller"). This Privacy Policy explains how we collect, use, store, and protect your personal data when you use Bricksy — including the websites at getbricksy.com and app.getbricksy.com, the desktop applications, and all related services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Polish data protection law.
Information We Collect
We collect different types of data depending on how you use Bricksy. Without an account: device type, operating system, browser type, anonymous usage data (features used, session duration), and crash reports. With an account: email address, display name, hashed password, cloud-stored projects and their metadata. When purchasing Pro: your name, email, billing country, and payment details — collected and processed by Lemon Squeezy as merchant of record (we do not store your full payment card details). We also use cookies and local storage to maintain your session, preferences, and authentication state.
Legal Bases for Processing
We process your personal data on the following legal bases under GDPR Article 6: Contract performance — to provide the Bricksy service, manage your account, deliver Pro features, and store your projects (Art. 6(1)(b)). Legitimate interests — to improve the service, diagnose bugs, prevent abuse, and ensure security (Art. 6(1)(f)). Legal obligation — to comply with tax, accounting, or other legal requirements (Art. 6(1)(c)). Consent — for optional analytics and marketing communications, where applicable (Art. 6(1)(a)). You may withdraw consent at any time without affecting the lawfulness of prior processing.
How We Use Your Information
We use the information we collect to: provide, operate, and maintain Bricksy; manage your account and deliver Pro features; store and sync your projects across devices; process payments (via Lemon Squeezy); diagnose technical issues and fix bugs; improve and optimise the app experience; understand how users interact with our features; send essential service communications (e.g., account security, Terms updates); and comply with legal obligations.
Data Storage & Retention
Without an account, your creations are stored locally on your device — we do not have access to them. With an account, your projects and account data are stored on servers operated by Cloudflare (D1 database and R2 storage) within the European Union / European Economic Area. We retain your account data and projects for as long as your account is active. After account deletion, personal data is removed from active systems within 30 days. Encrypted backups containing your data may persist for up to an additional 30 days before permanent deletion. Payment records are retained as required by tax and accounting law (typically 5–7 years). Anonymous, aggregated analytics data that cannot identify you may be retained indefinitely.
Third-Party Services & Processors
We use the following third-party services that may process your data: Lemon Squeezy (payment processing, merchant of record — processes name, email, billing info, and payment details); Cloudflare (hosting, database, and file storage — stores account data and projects); PostHog (product analytics — collects anonymous usage data). These processors are bound by data processing agreements and process your data only on our instructions. We do not sell your personal data to third parties.
International Data Transfers
Some of our processors (such as Lemon Squeezy and PostHog) may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission, in accordance with GDPR Chapter V.
Your Rights
Under the GDPR, you have the following rights regarding your personal data: Right of access — request a copy of your personal data. Right to rectification — correct inaccurate data. Right to erasure — request deletion of your data ("right to be forgotten"). Right to restriction — restrict processing in certain circumstances. Right to data portability — receive your data in a structured, machine-readable format. Right to object — object to processing based on legitimate interests. Right to withdraw consent — where processing is based on consent. To exercise any of these rights, contact us at contact@yo-adrian.co. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority — in Poland, this is the President of the Personal Data Protection Office (Prezes Urzędu Ochrony Danych Osobowych, UODO).
Children's Privacy
Bricksy is designed to be family-friendly. We do not knowingly collect personal information from children under 16 (or the applicable age in your jurisdiction). Account creation requires users to be at least 16 years old, or to have parental/guardian consent. If you believe we have collected personal data from a child without proper consent, please contact us so we can promptly delete it.
Data Security
We protect your data using encryption in transit (TLS/HTTPS), encrypted backups, access controls, and regular security reviews. While we take reasonable measures to safeguard your information, no system is completely secure, and we cannot guarantee absolute security.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and, for significant changes affecting your rights, notifying you via email or in-app notification at least 14 days in advance.
Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at contact@yo-adrian.co. We aim to respond to all enquiries within 14 business days.