Privacy Policy

Nicheloom (“we”, “us”, “our”) operates the website at nicheloom.com. We help entrepreneurs discover and build niche SaaS products. Questions about this policy can be sent to support@nicheloom.com.

We collect the following information when you use Nicheloom:

• Account data: your name, email address, and profile picture, provided when you sign in via Google, GitHub, or email magic link.
• Usage data: which ideas you save, claim, or generate previews for — stored to power your saved and claimed idea lists.
• Payment data: credit purchase history (pack purchased, amount, date). We do not store card numbers — all payment processing is handled by Stripe.
• Session data: a session token stored in a secure HTTP-only cookie to keep you signed in.

We do not collect location data, device fingerprints, or behavioural tracking beyond what is described above.

• To authenticate your account and maintain your session.
• To display your saved, claimed, and generated content.
• To process credit purchases and track your credit balance.
• To send transactional emails (magic link sign-in, receipts) via Resend. We do not send marketing emails without your explicit consent.

We share data with the following third parties only to the extent necessary to operate the service:

• Supabase — our database host. Your account and usage data is stored on Supabase infrastructure (US West region).
• Stripe — payment processing. Stripe receives your email and payment details when you purchase credits. Stripe's privacy policy applies to data they collect.
• Anthropic — AI generation. When you generate a product preview or CLAUDE.md, we send idea content (title, description, category, pain points) to Anthropic's API. No personal account data is included in these requests.
• Google / GitHub — OAuth providers for sign-in. Their respective privacy policies apply to the authentication flow.
• Resend — transactional email delivery for magic link sign-ins.

We do not sell your data to any third party.

We use one cookie: a session token set by NextAuth to keep you signed in. This cookie is HTTP-only (not accessible to JavaScript), is scoped to nicheloom.com, and expires when your session ends or after 30 days, whichever comes first. We do not use advertising or tracking cookies.

We retain your data for as long as your account is active. If you delete your account, we remove your personal data (name, email, saved and claimed ideas, credit history) within 30 days. Anonymised, aggregated statistics may be retained indefinitely.

You have the right to access, correct, or delete your personal data at any time. To exercise these rights, email us at support@nicheloom.com. We will respond within 30 days.

If you are in the European Economic Area, you have additional rights under GDPR including data portability and the right to lodge a complaint with your local supervisory authority.

All data is transmitted over HTTPS. Database credentials and API keys are stored as environment variables and are never exposed in client-side code. We use Supabase's managed infrastructure which includes encryption at rest.

We may update this policy from time to time. We will note the “Last updated” date at the top of this page. Continued use of Nicheloom after changes constitutes acceptance of the updated policy.

Questions, requests, or concerns: support@nicheloom.com