Privacy Policy

Last Updated: April 15, 2026

At The Bird Bath, we are committed to protecting your privacy and ensuring that your personal information is handled securely and responsibly. This Privacy Policy explains how we collect, use, and share your information when you visit our website, https://thebirdbath.io, The Bird Bath Terminal web platform and Chrome extension, operated by First 100 Consulting LLC ("First 100," "we," "us").

1. Information We Collect

Account Information

When you register, we collect your email address and a password (stored as a bcrypt hash). We also record the invite code used to create your account.

Usage Data

  • Session data: We store session tokens and IP addresses to manage login sessions.

  • API usage: We log which API endpoints you access (not the content of your queries) for rate limiting and security monitoring.

  • Ask Terminal queries: Your chat questions and the AI-generated responses are stored to enable conversation history and follow-up queries. These are associated with your session, not your identity.

  • Watchlists: Practice IDs you save to watchlists are stored in our database.

Chrome Extension

The Chrome extension sends the current page's domain to our server to check for practice matches. We do not log these lookups. Widget preferences are stored locally in your browser.

2. Information We Do NOT Collect

  • We do not collect browsing history beyond the current page domain (extension only)

  • We do not use third-party analytics, tracking pixels, or advertising SDKs

  • We do not sell or share personal data with third parties

  • We do not use cookies for advertising or cross-site tracking

3. How We Use Your Information

  • Authentication: To verify your identity and manage your session

  • Feature delivery: To provide chat history, watchlists, and export functionality

  • Rate limiting: To enforce fair usage and prevent abuse

  • Security: To detect unauthorized access and protect the platform

4. Cookies

We use a single session cookie (pokemon_session) to keep you logged in. This cookie is:

  • HttpOnly (not accessible to JavaScript)

  • Secure (only sent over HTTPS)

  • SameSite=Lax (prevents cross-site request forgery)

  • Expires after 7 days

We do not use third-party cookies, analytics cookies, or advertising cookies.

5. Data Storage and Security

Account data is stored in a PostgreSQL database hosted on Render. Practice data is stored in SQLite. All connections use TLS encryption. Passwords are hashed using bcrypt with unique salts.

6. Data Retention

  • Account data: Retained until you delete your account or request removal

  • Chat history: Retained for the life of your account

  • Session logs: Retained for 90 days for security purposes

7. Your Rights

You may request:

  • A copy of data we hold about you

  • Deletion of your account and associated data

  • Correction of inaccurate information

Contact ryan@first100.io to exercise these rights.

8. Third-Party Services

  • Render: Web hosting and database (render.com)

  • Anthropic: AI processing for Ask Terminal queries (anthropic.com)

  • Google Fonts: Typography (fonts.googleapis.com)

No other third-party services receive your data.

9. Changes to This Policy

We may update this policy as the platform evolves. Material changes will be communicated via email or in-app notification.

10. Contact

Questions about this privacy policy? Contact us at ryan@first100.io.