Privacy Policy

Last updated: 04-19-2026

1. Introduction

BrickProof is owned and operated by Asset Proof Technologies LLC.

BrickProof (“we,” “us,” “our”) operates the BrickProof service (the “Service”) for managing collections (e.g. LEGO® sets and related items), storing receipts and images, generating insurance-related documents, and related features. This Privacy Policy describes how we collect, use, store, and protect your information when you use the Service. By using the Service, you agree to the practices described here. If you do not agree, do not use the Service. We may update this policy; we will post the current version at brickproof.com/privacy and may notify you of material changes by email or in-app notice.

2. Information We Collect

2.1 Information You Provide

  • Account information: When you register or sign in (we use Auth0; you may sign in with email or identity providers such as Google), we collect your name, email address, profile identifier from the provider, and any other information the provider shares with us in accordance with your consent. If the Service is invite-only, we may also collect and store invite-related information (e.g. that you accepted an invite and when).
  • Collection and content: Data you create or upload in the Service, including collection items (e.g. set names, product types, purchase details), receipts, images, notes, valuations, order and invoice numbers, and any other content you add.
  • Communications: If you contact us for support or feedback, we collect the content of your messages and any contact details you provide.
  • Payment information (when applicable): If we offer paid plans, we may collect billing name, address, and payment method details. Payment processing is handled by Stripe; we do not store full card numbers. We may retain transaction identifiers and billing metadata as needed for accounting and support. Stripe’s privacy policy is available at stripe.com/privacy.

2.2 Processing of Your Content by Third-Party Services

When you use certain features, we send your content to trusted service providers solely to operate those features:

  • OCR (receipt images and scanned PDFs): If you upload receipts as images or scanned PDFs, we send the image content to Google Cloud Vision to extract text so we can parse and link the receipt to your collection. Google processes the image only for that purpose.
  • AI receipt parsing and MSRP confirmation: When you use Smart Import or AI-assisted features, we may send receipt text or product descriptions to Google Vertex AI (Gemini) to identify LEGO® sets and assist with MSRP confirmation. Google processes this content only to provide the service we request.

These services are necessary for certain features of the Service to function (e.g. Smart Import and receipt processing), and those features may not work correctly without such processing.

We do not use your receipt or collection content for advertising or for training third-party AI models beyond the processing described above.

2.3 Information Collected Automatically

  • Usage and technical data: We may collect information about how you use the Service, including pages or features used, actions taken, device type, browser, IP address, and approximate location (e.g. country or region) to operate, secure, and improve the Service.
  • Cookies and similar technologies: We may use cookies, local storage, and similar technologies to maintain your session, remember preferences, and analyze usage. You can control cookies through your browser settings; some features may not work correctly if you disable them.

2.4 Information from Third Parties

  • Sign-in providers: We use Auth0 for authentication. When you sign in (e.g. with email or a provider such as Google), we receive the information Auth0 shares with us (e.g. email, name, unique identifier) in accordance with Auth0’s policies and your consent.
  • Catalog and reference data: We obtain LEGO® set, theme, and related catalog data from Rebrickable and pricing/market data from BrickLink to provide set information, images, and valuations in the Service. This data is used to enhance the Service; we do not send your personal information to these providers for their marketing. You may wish to review Rebrickable’s and BrickLink’s privacy policies.
  • Payment processors: When you pay for a subscription, we may receive transaction status and limited billing information from our payment provider.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and improve the Service (e.g. storing your collections, generating documents, enabling smart import and reports).
  • Process your receipts and documents using third-party services (e.g. OCR and AI parsing) as described in Section 2.
  • Authenticate you and manage your account.
  • Process payments and manage subscriptions when applicable.
  • Respond to your requests, support, and feedback.
  • Send you service-related notices (e.g. account or security alerts, important changes to the Service or policies).
  • Send marketing or product updates only if you have opted in; you may opt out at any time.
  • Comply with legal obligations, enforce our Terms of Use, and protect our rights and the security of the Service.
  • Analyze usage in an aggregated or de-identified way to improve the Service and our business.

We do not sell your personal information to third parties for marketing. We do not use your collection content or receipts for advertising targeting.

Where required by law (e.g. in the EEA, UK, or Switzerland), we process your personal data based on lawful grounds such as performance of a contract, legitimate interests, consent, and compliance with legal obligations.

4. How We Share Your Information

We may share your information only in the following circumstances:

  • Service providers: With vendors who help us operate the Service (e.g. hosting, databases, email, payment processing, analytics). These providers are contractually required to use your information only to perform services for us and to protect it appropriately.
  • Legal and safety: When required by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to detect or prevent fraud or abuse.
  • Business transfers: In connection with a merger, sale of assets, or other corporate change; we will notify you and any successor will be bound by this policy or a successor policy.
  • With your consent: Where you have given us clear consent for a specific sharing.

We do not sell or rent your personal information to third parties for their marketing.

5. Data Retention

  • Account and content: We retain your account and content (e.g. collections, receipts, documents) for as long as your account is active and as needed to provide the Service. If you delete your account or request deletion, we aim to process deletion within 30 days, except where we must retain data for legal, regulatory, security, fraud-prevention, accounting, or legitimate business purposes (e.g. resolving disputes, enforcing agreements).
  • Backups and logs: Deleted data may persist in backups or logs for a limited period before being overwritten, which is typically no more than 35 days.
  • Legal holds: We may retain data longer when required by law or a legal hold.

6. Your Rights and Choices

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal or contractual exceptions.
  • Export: Request an export of your data (e.g. in a portable format). We may provide export tools in the Service (e.g. for collection data or documents).
  • Opt-out of marketing: Unsubscribe from marketing emails via the link in each email or through your account settings.
  • Restrict or object: In some jurisdictions, restrict certain processing or object to processing based on legitimate interests.
  • Withdraw consent: Where we rely on consent, withdraw it at any time (this does not affect the lawfulness of processing before withdrawal).

To exercise these rights, contact us via our contact form and include “Privacy Request” in your message along with the account email you use for BrickProof. We will respond within the time required by applicable law. If you are in the European Economic Area (EEA), UK, or Switzerland, you may also have the right to lodge a complaint with a supervisory authority.

7. Security

We implement reasonable technical and organizational measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes secure transmission (e.g. HTTPS), access controls, and secure storage. Where applicable, we use encryption at rest for stored documents (e.g. receipts and uploaded files). While we take reasonable steps to protect your information, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us of any unauthorized access.

8. International Transfers

The Service may be hosted or processed in countries other than your own. If we transfer your information outside your country, we will do so in accordance with applicable law and will ensure appropriate safeguards (e.g. standard contractual clauses and adequacy decisions) where required. By using the Service, you acknowledge that your information may be transferred to and processed in such countries.

9. Children

The Service is not directed to children under 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us and we will delete it promptly.

10. Third-Party Links and Services

The Service may contain links to third-party websites or services (e.g. LEGO®, Rebrickable, BrickLink, or payment providers). We also use the following as service providers to operate the Service: Auth0 (sign-in), Stripe (payment processing and customer billing portal), Rebrickable (catalog and set data), BrickLink (pricing data), Google (Cloud Vision for OCR, Vertex AI for receipt parsing and AI-assisted features), and Microsoft (email delivery for invites and service notifications). This Privacy Policy describes our practices; the privacy policies of those providers apply to their own processing. We are not responsible for the privacy or security practices of third-party services. We encourage you to read their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy at brickproof.com/privacy and update the “Last updated” date. For material changes, we may notify you by email or in-app notice. Your continued use of the Service after the effective date of the changes constitutes acceptance of the updated policy, except where your consent is required by law.

12. Contact

For questions about this Privacy Policy or our privacy practices, or to exercise your rights: