BullyMyIdea
Legal

Privacy Policy.

Last updated: April 30, 2026

BullyMyIdea ("we", "us", "the platform") is operated as a personal project. This Privacy Policy explains what information we collect, how we use it, and the choices you have. By using the platform you agree to the practices described below.

1. Information we collect

  • Account data. When you register we store your email address (for authentication and password recovery) and a self-chosen username. Optional profile fields you provide (bio, avatar) are stored as you submit them.
  • Content you publish. Ideas, critiques, votes, reports, uploaded images, optional whitepaper PDFs, and YouTube links you attach are stored in our database and object storage. Content marked "active" is publicly visible.
  • Anonymous sessions. Visitors who critique without registering may supply only a display name. We do not store an email for anonymous critiques.
  • Technical data. Your IP address is hashed (one-way) and stored for rate-limiting and spam mitigation. We do not retain raw IP addresses.
  • Cookies. A small number of cookies are set by Supabase Auth to keep you signed in. We do not use third-party advertising or analytics cookies.

2. How we use information

  • To operate the core features: posting ideas, critiques, votes, and reports.
  • To authenticate you and keep your session active.
  • To detect abuse, spam, and rate-limit excessive activity.
  • To respond to your support requests sent to abbasboranaktas@gmail.com.

We do not sell your data, do not share it with advertisers, and do not use it to train AI models.

3. Service providers

The platform runs on Supabase (database, authentication, file storage) and a hosting provider for the web application. These providers process data strictly to deliver the service to you and are bound by their own privacy commitments. No other third parties receive your data.

4. Public content notice

Anything you publish — idea, critique, comment, uploaded image, attached PDF, profile bio, avatar — is intentionally public. Do not post information you are not willing to share with the world. Once public, content may be cached, indexed by search engines, or copied by third parties beyond our control.

5. Retention

Account data is retained while your account is active. Public content remains until you delete it or the platform is shut down. Hashed IP rate-limit records are kept on a rolling 24-hour window. Deleted ideas, critiques, and accounts are removed promptly; backups may retain copies for a short period before being overwritten.

6. Your rights

Depending on your jurisdiction (e.g. GDPR / KVKK / CCPA), you may have the right to access, correct, port, or delete your personal data, and to withdraw consent. To exercise any right, email abbasboranaktas@gmail.com from the address associated with your account. We respond within 30 days where required by law.

7. Security

We use industry-standard measures: TLS in transit, hashed credentials, row-level security on the database, and signed access to file storage. No system is perfectly secure. If you suspect a vulnerability, please report it privately to abbasboranaktas@gmail.com.

8. Children

The platform is not directed at children under 13. If you are under 13, do not register or post. If we learn an account belongs to a child under 13, we will delete it.

9. International transfers

Our service providers may process data on servers located outside your country. By using the platform you consent to such transfers, which we keep limited to providers offering adequate protections.

10. Changes to this policy

We may update this policy as the platform evolves. Material changes will be reflected in the "last updated" date above. Continued use after changes constitutes acceptance.

11. Contact

For privacy questions, data requests, or anything else legal-adjacent: abbasboranaktas@gmail.com.