ScribbleWords Updated May 12, 2026

Privacy Policy

1. Introduction

This Privacy Policy explains how ScribbleWords (the "Service," "we," "us") collects, uses, and shares information about you when you use our vocabulary learning app at scribblewords.app. It takes effect on May 12, 2026.

We are a small team. We wrote this in plain English to be as clear as we can about what happens with your data.

2. Information we collect

When you create an account and use ScribbleWords, we collect:

Account identifiers — email address, phone number, or the unique identifier from your Google or Apple account, depending on which sign-in method you choose.
Profile information you provide during onboarding: your first name (or nickname), grade level, learning goals, a short reading-level score, your interests, and the days and times you'd like daily reminders.
Usage data — anonymous, aggregated analytics about which pages you visit and how often, collected through a privacy-friendly, cookieless analytics tool (Umami).
Technical data — your device type, browser, and approximate region, captured by our analytics and by our authentication provider for security purposes.

We do not collect payment information. We do not knowingly collect sensitive categories of personal data (health, biometrics, precise location, etc.).

3. How we use information

We use the information above to:

Provide the Service — sign you in, save your progress, and show you the right words for your grade and interests.
Send daily reminders at the time and on the days you chose, if you enabled reminders.
Understand which features are used so we can fix bugs and improve the product.
Keep accounts secure and respond to requests from you.

We do not sell your personal information. We do not use your data to train third-party advertising or marketing systems.

4. Third-party services we use

We rely on a small number of trusted vendors to run the Service. Each one is named so you know exactly where your data lives:

Firebase Authentication (Google LLC) handles sign-in via email/password, Google, Apple, phone SMS, and passwordless email links. Firebase stores your authentication identifiers and hashed credentials.
Supabase stores your profile and learning progress in a managed PostgreSQL database, keyed to the unique ID assigned to you by Firebase.
Umami Cloud provides cookieless, anonymized page-view analytics. Umami does not use cross-site tracking.

These vendors process your data on our behalf under their own privacy and security commitments. We do not share your data with advertisers or data brokers.

5. Local storage on your device

ScribbleWords stores a copy of your onboarding answers in your browser's local storage (key prefix: wn:onboarding:) so the app works smoothly offline and loads instantly on return visits. Firebase also stores a sign-in token locally so you stay logged in between sessions.

We do not use advertising cookies, cross-site tracking pixels, or third-party analytics cookies. You can clear local storage at any time through your browser settings; doing so will sign you out and require the app to re-fetch your profile from Supabase.

6. Children's privacy (COPPA)

ScribbleWords is designed for students in grades 5 through 12. Some users are under the age of 13, which means the U.S. Children's Online Privacy Protection Act (COPPA) applies.

We do not knowingly collect personal information from a child under 13 without verifiable parental consent. We collect only the minimum information needed to provide the learning experience: an account identifier and the optional profile answers above.

If you are a parent or guardian and you believe a child under 13 has signed up without your consent, please email us at [email protected] and we will delete the account and associated data promptly.

7. Your choices and rights

You can:

Review and update your profile answers any time from the Profile screen inside the app.
Sign out from the Profile screen.
Request deletion of your account and all associated data by emailing [email protected] from the address tied to your account.
Request a copy of the personal information we hold about you by emailing the same address.

Depending on where you live, you may also have rights under laws like the EU GDPR, the UK GDPR, or the California Consumer Privacy Act (CCPA/CPRA). We will honor those rights to the extent they apply.

8. Security

All connections to scribblewords.app are encrypted with HTTPS (TLS). Passwords are never stored by us in plaintext; they are hashed and stored by Firebase Authentication using industry standard methods. Profile data in Supabase is protected by row-level security rules keyed to your Firebase user ID.

No system is perfectly secure. If we ever discover a breach affecting your data, we will notify you as required by applicable law.

9. Changes to this policy

We may update this Privacy Policy from time to time. If we make a material change — for example, adding a new third-party processor or a new category of data — we will update the date at the top of the page and, where reasonable, notify you in the app or by email before the change takes effect.

10. Contact

Questions, requests, or concerns about privacy can be sent to [email protected]. We will respond as quickly as we can.

This policy is a best-effort plain-English explanation, not legal advice. For a production launch with a significant user base, we recommend having a lawyer review it.