secret blueberry

privacy policy

effective May 5, 2026

secret blueberry is a small, invite-only app for two people to keep a shared calendar, watchlist, and ongoing story. this policy explains what we collect, how it's used, and the few services that touch your data.

overview

secret blueberry is operated as a private, single-couple application. it is not advertising-supported, it does not sell data, and it does not run third-party tracking pixels or marketing analytics. we collect only what the app needs to authenticate you and remember the things you save.

information we collect

account & identity

  • a stable user id and the email address associated with your sign-in, when you authenticate with apple, google, or an email magic link.
  • the phone number you provide when you choose the sms one-time-code option.
  • a role label (such as owner, admin, member, or view-only) and a status flag stored alongside your account record.

session & security

  • a signed session token (an ES256 jwt) stored in an http-only, same-site cookie so we can keep you signed in for up to 30 minutes per session.
  • rate-limit counters keyed to your sign-in attempts, kept briefly to slow down brute-force guessing of pins or codes.

invite & pin access

  • if you arrived via an invite, the invite token, the email it was sent to, the role it grants, and a record of who created it. invite tokens expire after seven days.
  • if you sign in with a pin, the pin itself is configured by the app owner as a server secret — we don't store your pin in a user database and we don't log it.

content you save

  • calendar entries you create — titles, dates, descriptions, and any notes you attach.
  • watchlist items — references to movies and shows you've added or marked as watched.
  • rsvp choices and other interactions you take inside the app.

how we use information

we use the information above to:

  • verify it's you, keep you signed in, and enforce your role.
  • show your shared calendar, watchlist, story, and bracket views to the people who have been invited to your space.
  • deliver the small number of operational messages required to log you in (magic-link emails and sms one-time codes).
  • protect the service from abuse, brute-force attempts, and bots.

we do not use your data for advertising, profiling for third parties, or any form of behavioral targeting.

authentication and account access

authentication is handled by stytch, our identity provider. when you sign in with apple, google, an email magic link, or an sms code, stytch receives the credential you provide and returns a verified user id and (where available) email back to secret blueberry. the apple and google buttons hand you off to those providers' standard oauth flows, which are governed by their respective privacy policies.

our use of stytch is limited to verifying who you are. you can read more about stytch's handling of authentication data in their privacy policy.

calendar, story & bracket data

anything you save inside the calendar, story, or bracket sections is stored as structured data tied to your space. it stays scoped to the people who have been invited to that space. some events are also derived automatically from public sports schedules and merged into your calendar view; that derived data isn't tied to your identity.

watchlist & media

the watchlist stores references to titles you add and which ones you've marked as watched. it does not record your viewing on any third-party streaming service. poster artwork is fetched from public sources (such as tmdb) through a server-side image proxy so the originating service does not see your ip address.

location

the app does not request precise device location. browser geolocation is explicitly disabled at the document level. if a feature ever needs a place (for example, a city for weather), you provide it as text and we do not store the result tied to your account.

notifications

the only outbound messages the app sends are the authentication notifications you trigger yourself: an email magic link or an sms one-time code. we do not send marketing email or push notifications.

analytics & diagnostics

the site is hosted on cloudflare, which provides aggregated request-level analytics (cloudflare web analytics / insights) and standard server logs. these include things like request paths, response codes, approximate region, and user-agent strings. we do not run google analytics, segment, posthog, mixpanel, sentry, or any third-party advertising or tracking sdk.

third-party service providers

the app relies on a small set of services to function:

  • cloudflare — hosting, runtime (cloudflare workers / pages), edge caching, kv key-value storage for accounts and content, and traffic analytics.
  • stytch — authentication for apple, google, email magic links, and sms one-time codes.
  • apple and google — only when you choose their respective sign-in buttons.
  • textbelt — optional sms delivery, used only if the app owner has configured it.

no other third-party processors receive your account data. we do not share or sell your information.

data retention

account records, calendar entries, and watchlist items are retained for as long as your account is active. session tokens expire automatically after 30 minutes. invite records expire after seven days. rate-limit counters are short-lived and roll off on their own.

account deletion

because secret blueberry is a private, invite-only app and there is no self-serve account dashboard, deletion requests are handled manually. to delete your member record, your associated content, or your stored phone number or email, contact the app owner using the support address below and your data will be removed from the underlying key-value store.

consent and permission controls

you control which sign-in method you use. you can revoke access at any time from your apple id, google account, or email provider. signing out of secret blueberry clears your session cookie immediately.

security

session tokens are signed using ecdsa on the p-256 curve and stored only in http-only, same-site cookies served over https. requests that change state are origin-checked. data is stored at rest in cloudflare's managed key-value namespace. no system is perfectly secure, but we apply standard engineering practices to keep your data private to you and the people you've invited.

children

secret blueberry is intended for personal use by adults. it is not designed for, marketed to, or knowingly used by children under 13.

changes to this policy

we may update this policy as the app evolves. when we do, the effective date at the top of this page will change. material changes will be surfaced in-app where reasonable.

contact

questions, deletion requests, or anything else: reach the app owner at hello@secretblueberry.com.