Privacy Policy
Last updated: 2026-05-14
This Privacy Policy explains what data bumetric (the "Service", operated from Ukraine) collects when you visit bumetric.com, why we collect it, and what choices you have.
We try to keep this short and concrete. If something here is unclear, email us at hello@bumetric.com.
1. Who we are
The data controller for bumetric.com is the project's owner,
based in Ukraine. We do not have a registered legal entity at
this stage — that information will appear here once we incorporate. For
privacy questions you can always reach us at the email above.
2. What data we collect
2.1 Data you actively give us
- Email + password
- Only if you create an account at
/login. Password is stored bcrypt-hashed; we never see or store the plaintext. - Optional profile fields
- Name, telegram, avatar, bio — only what you fill in.
- Mailbox credentials
- Only if you are a team admin and configure a mailbox connection. These passwords are encrypted at rest (Fernet, AES-128 in CBC mode with HMAC).
2.2 Data we collect automatically
- HTTP server logs
- IP address, User-Agent, requested URL, timestamp. Used to operate the service, debug, and detect abuse. Retained 30 days.
- JWT session token
- If you log in, a signed token is stored in your browser's
localStorageso you stay logged in. Cleared on logout. - Cookies
- See Cookies Policy for the full list. In short: essential cookies for login persistence, and (planned) Google AdSense cookies for ads — only after you opt in via the cookie banner.
2.3 Public data we ingest from third parties
We aggregate public app catalog data (names, icons, ratings, review counts, descriptions) from the Apple App Store, Google Play Store and YouTube Data API. This is not personal data about you; it's information about apps and channels that those platforms already publish.
3. Why we use the data
- To run your account — sign-in, profile, saved preferences.
- To keep the service safe — rate-limiting, abuse detection from the server logs.
- To improve the product — aggregate analytics on what pages get visited (no individual tracking).
- To pay our bills — once enabled, advertising via Google AdSense (you can opt out — see Cookies).
We do not sell your personal data. We do not have a "data broker" business model.
4. Who we share data with
- Hosting + infrastructure
- Our server provider (currently a single VPS in the EU). They see HTTP traffic for operational purposes only.
- Google (AdSense)
- If you opt in, AdSense places cookies and may share your IP/anonymous identifiers with their advertisers. See Google's privacy policy.
- Google (Vertex AI Search)
- When you load a /p/{app} page, the server-side AI summary feature sends the app name and developer to Vertex AI to fetch citation snippets. We do not send your personal data; only the app identifier you requested.
- Apple / Google Play / YouTube APIs
- For catalog refreshes, our servers (not your browser) query the public APIs. They don't learn anything about you from this.
We don't transfer your personal data outside Ukraine / EU beyond the specific cases above.
5. Your rights (GDPR, CCPA, Ukrainian law)
If you have an account or have visited from the EU / UK / California, you have the right to:
- Access — request a copy of the data we hold about you.
- Rectify — fix anything incorrect.
- Erase — delete your account and the data tied to it.
- Restrict / Object — limit how we use the data.
- Port — export your data in machine-readable form.
- Withdraw consent — for anything we asked permission for (e.g. AdSense cookies).
- Complain — to your local data-protection authority. In Ukraine that's the Office of the Parliament Commissioner for Human Rights.
To exercise any of these, email hello@bumetric.com. We aim to respond within 30 days.
6. Retention
- Account data: kept while your account is active. Deleted within 30 days of account closure.
- HTTP server logs: 30 days.
- Catalog snapshots (app rankings / metrics over time): kept indefinitely — these don't contain personal data.
7. Children
bumetric is not directed at children under 16. We don't knowingly collect personal data from minors. If you believe we have, email us and we'll delete it.
8. Changes
We may update this policy. Material changes will be flagged at the top of this page; the date stamp above the policy reflects the latest revision.
9. Contact
Privacy questions or data-subject requests: hello@bumetric.com.
