Every app has a privacy policy. Most of them are written by lawyers for lawyers, buried three links deep in a footer, and designed to cover the company's legal liability rather than actually inform users about what happens to their data. I have read hundreds of privacy policies for apps I use, and I can count on one hand the number that I understood on the first reading.
GameSetBrick is a tool built by a LEGO collector for LEGO collectors. If you are not yet familiar with what the app does, the launch post covers every feature, and the GameSetBrick hub page provides a complete overview. It is not backed by a venture capital firm that needs to monetize user data. It is not harvesting behavioral profiles to sell to advertisers. It is not sharing your collection information with third parties for profit. But I do not expect you to take my word for that based on a legal document full of defined terms and cross-references. I expect you to take my word for it based on a plain-language explanation of exactly what we collect, exactly what we do not collect, exactly how your data is stored, and exactly what rights you have over that data.
This post is that explanation. No legal jargon. No intentionally vague language. No buried clauses. Just a collector telling you how his app handles your information, in the same conversational tone I use for everything else on this site. If something here is unclear, that is my failure, not a deliberate obfuscation.
GameSetBrick collects exactly three categories of information from users who create an account. If you use the app without creating an account, we collect nothing at all - your data stays entirely on your device in localStorage.
Email address. When you create a GameSetBrick account, you provide an email address. This is used for authentication (logging in), password resets, and occasional product update emails. We do not sell your email address. We do not share it with third parties. We do not add it to marketing lists operated by other companies. You will receive emails from GameSetBrick about GameSetBrick features and updates, and you can unsubscribe from those at any time. Your email is stored in Firebase Authentication, which is Google's authentication service.
Display name. You can optionally set a display name for your account. This is used when you share wishlists or collections - the shared link shows "Robert's Wishlist" instead of a random string. If you do not set a display name, shared links work fine without one. Your display name is stored in your Firebase user profile alongside your email.
Collection data. This is the core of what GameSetBrick stores: the sets in your Vault, the sets on your wishlist, your purchase prices if you entered them, your notes on individual sets, and your app preferences (like dark mode setting, sort preferences, and notification settings). This data is stored in Google Firestore, which is a cloud database operated by Google as part of the Firebase platform.
That is it. Three categories: email, optional display name, and your collection data. There is no fourth category. There is no hidden data collection happening in the background. The app does not silently harvest information beyond what is listed above.
This section matters more than the previous one. Any app can tell you what it collects. Fewer are willing to explicitly state what they do not collect. Here is the list of information GameSetBrick deliberately does not access, store, or transmit.
Location data. GameSetBrick does not request your location. It does not use GPS, Wi-Fi triangulation, IP-based geolocation, or any other method to determine where you are. The app does not know which city you live in, which store you are shopping at, or which country you are browsing from. Location data is not needed for any GameSetBrick feature and we have no plans to change this.
Contacts. GameSetBrick does not access your phone's contact list. The sharing feature generates a URL that you copy and send through whatever messaging app you choose. We never see your contacts, never import them, never suggest friends based on your phone book. The app has no social network component that would benefit from contact access.
Browsing history. GameSetBrick does not track which websites you visit before or after using the app. There are no tracking pixels, no cross-site cookies, no fingerprinting scripts. When you leave GameSetBrick, we do not follow you around the internet.
Purchase history from other apps or retailers. GameSetBrick only knows about purchases you manually enter. If you bought a set on Amazon, GameSetBrick does not know about it unless you add that set to your Vault and enter the purchase price yourself. We do not integrate with retailer purchase histories or credit card transaction data.
Device identifiers. GameSetBrick does not collect your device ID, IMEI, advertising identifier, or any hardware-level identifier that could be used to track you across apps. Firebase generates an anonymous installation ID for push notification delivery, but this is not linked to your identity and cannot be used to track you outside of GameSetBrick.
Photos or camera roll. GameSetBrick includes a barcode scanner that uses your device's camera. The camera is accessed only when you actively tap the scan button, and only for the purpose of reading a barcode in real time. No photos are taken. No images are stored. No camera roll access is requested. The camera feed is processed locally on your device to extract the barcode number, and the video feed is immediately discarded. At no point does any image data leave your device or get transmitted to any server.
Microphone or audio. GameSetBrick does not access your microphone. There is no voice search, no audio recording, no sound-based features of any kind.
Health, fitness, or biometric data. Obviously not relevant to a LEGO app, but I mention it because many apps request these permissions without clear justification. GameSetBrick does not and will not access health-related data.
Financial information beyond what you manually enter. If you enter a purchase price for a set in your Vault, that number is stored as part of your collection data. GameSetBrick does not access your bank accounts, credit cards, payment apps, or any financial service. The app is free to use and processes no payments.
The camera permission deserves its own section because camera access is one of the most sensitive permissions an app can request, and users are right to be cautious about it.
GameSetBrick uses the camera for one purpose: barcode scanning. When you tap the scan button on the search page, the app requests camera access to read the barcode on a LEGO set box. The camera feed is processed locally on your device by a barcode detection library. The library identifies the barcode number (usually a UPC or EAN code), passes that number to the search function, and the camera feed is discarded immediately.
Here is what does not happen during scanning. No photo is taken. No image is saved to your device. No image is uploaded to any server. No facial recognition, object detection, or visual analysis is performed beyond barcode reading. The camera feed never leaves your device in any form. If your internet connection drops during scanning, the barcode still works because it is processed entirely locally.
You can deny the camera permission and GameSetBrick works perfectly fine without it. The barcode scanner is a convenience feature, not a requirement. Every set that can be found by scanning can also be found by typing the set name or number into the search bar. If you prefer not to grant camera access, you lose nothing except the ability to scan barcodes in stores.
The camera permission is requested only when you first tap the scan button, not on app launch or first visit. If you never tap scan, you are never asked for camera access. And if you grant the permission and later revoke it in your device settings, GameSetBrick continues to work normally with the scanner simply disabled.
I built the scanner specifically to avoid the patterns that make camera permissions creepy. No background access. No persistent access. No photo storage. No server transmission. Just point at a barcode, get the number, and the camera shuts off. That is the entire scope of the feature and it will stay that way.
Your account data and collection data are stored in Google Firebase, specifically in Firestore (the database) and Firebase Authentication (login credentials). Firebase is operated by Google and is one of the most widely used backend platforms for mobile and web applications. It is used by apps with billions of users and meets enterprise-grade security standards.
Encryption in transit. All data transmitted between your device and Firebase is encrypted using TLS (Transport Layer Security). This is the same encryption used by banks, email providers, and any website with HTTPS. No one intercepting the network traffic between your device and the server can read your data.
Encryption at rest. Data stored in Firestore is encrypted at rest using AES-256, which is the encryption standard used by the US government for classified information. Your collection data sitting on Google's servers is encrypted and cannot be read by anyone who gains physical access to the storage hardware.
Authentication security. Firebase Authentication handles login security, including password hashing (your password is never stored in plain text), session management, and account recovery. Firebase Auth supports industry-standard security practices and is regularly audited by Google's security team.
Firestore security rules. GameSetBrick's Firestore database has security rules that ensure each user can only read and write their own data. User A cannot read User B's collection, even if they know User B's user ID. The security rules are enforced at the database level, not at the application level, which means they cannot be bypassed by modifying the app's code.
Local storage fallback. If you use GameSetBrick without creating an account, all your data is stored locally in your browser's localStorage. This data never leaves your device. It is not synced to any server. It is not accessible to GameSetBrick or anyone else remotely. The tradeoff is that local-only data does not sync across devices and can be lost if you clear your browser data. But for users who prefer to keep everything on-device, the local storage option is fully functional.
The local storage fallback is also useful as a privacy-first starting point. You can use GameSetBrick entirely locally, add sets to your Vault and wishlist, and decide later whether to create an account for cloud sync. Creating an account migrates your local data to Firebase. If you decide not to create an account, your data stays local indefinitely.
Transparency about third-party services is where most privacy policies fail. They list dozens of analytics, advertising, and data processing partners in fine print that nobody reads. Here is GameSetBrick's complete list of third-party services and exactly what each one does.
Google Firebase. Authentication, database (Firestore), and cloud functions. Firebase stores your account information and collection data as described above. Firebase's own privacy policy is governed by Google's privacy practices. Google does not use your Firestore data for advertising purposes - this is covered by Firebase's data processing terms.
Netlify. Hosting and content delivery. Netlify serves the GameSetBrick web application files (HTML, CSS, JavaScript, images) to your browser. Netlify sees standard web server logs (IP address, browser type, pages requested) as part of normal web hosting operations. These logs are used for infrastructure monitoring and are not shared with GameSetBrick or used for user tracking.
No analytics service. GameSetBrick does not use Google Analytics, Mixpanel, Amplitude, Heap, or any other user analytics platform on the app itself. There is no tracking of which buttons you tap, which pages you visit within the app, how long you spend on each screen, or what features you use. I made this decision intentionally. Analytics platforms create detailed behavioral profiles that can be valuable for product development but invasive for users. I chose to build features based on direct user feedback rather than behavioral surveillance.
No advertising networks. GameSetBrick does not run ads. There are no ad networks, no tracking pixels, no retargeting scripts. The app is free to use and is not monetized through advertising. If this changes in the future, it will be communicated clearly and the privacy policy will be updated before any advertising is implemented.
No data brokers or resellers. GameSetBrick does not sell, rent, license, or share user data with data brokers, marketing companies, or any entity that would use the data for purposes unrelated to operating GameSetBrick. This is not a conditional statement with exceptions buried in the fine print. It is absolute.
You have two fundamental rights over your GameSetBrick data, and both are available to you at any time without needing to contact support, submit a form, or wait for approval.
Right to export. You can export your entire collection data at any time. The CSV export feature lets you download your Vault, wishlist, and associated data as a standard CSV file that opens in any spreadsheet application. The export includes every piece of data GameSetBrick stores about your collection: set numbers, names, purchase prices, dates added, notes, and status. You own your data and you can take it with you at any time. There is no lock-in, no proprietary format, no "request an export and wait 30 days" process. Tap the export button and the file downloads immediately.
Right to delete. You can delete your GameSetBrick account and all associated data at any time. Account deletion removes your email, display name, and all collection data from Firebase permanently. There is no soft delete, no 90-day retention period, no "we keep anonymized data for analytics" caveat. Deletion is complete and irreversible. Your data is removed from Firestore and Firebase Authentication. Once deleted, it cannot be recovered by anyone, including me.
The deletion process is available in the account settings within the app. It requires confirmation to prevent accidental deletion, but it does not require contacting support, explaining your reason, or jumping through procedural hoops designed to discourage you from leaving. If you want your data gone, it is gone in seconds.
These rights apply regardless of where you live. You do not need to be in the EU to invoke GDPR-style data rights. You do not need to be in California to invoke CCPA-style rights. Every GameSetBrick user, everywhere, has the same ability to export and delete their data at any time. This is not because a law requires it in your jurisdiction. It is because it is the right way to treat people who trust you with their information.
If GameSetBrick ever changes its data practices - adding analytics, introducing advertising, sharing data with new third-party services - those changes will be communicated through an in-app notification and an updated version of this post before the changes take effect. You will never be surprised by a retroactive change to how your data is handled. Transparency is not just a current practice; it is a commitment.
Your data is yours. GameSetBrick collects only what it needs, stores it securely, and gives you full control to export or delete at any time. Try it at gamesetbrick.com - it is free to use, works on any device, and respects your privacy by default.
- GameSetBrick - All Features - See everything GameSetBrick can do
- Introducing GameSetBrick - Full Feature Overview
- The Vault - Your Digital Collection
- Export Your Collection to CSV
- Barcode Scanner Guide