How it worksPricingAI EducationLog inGet started

Privacy Policy

Last updated: June 10, 2026

1. What we collect

Account data: your email address and a securely hashed password (we never store plaintext passwords). Project data: your scoping conversations, project specifications, generated source code, and saved snapshots. Billing data: your plan and Stripe customer and subscription identifiers — card details are handled entirely by Stripe and never touch our servers. Usage data: counts of agent interactions, used to enforce fair-use limits.

2. How we use it

We use your data to run the Service: generating and previewing your apps, saving your work, processing payments, preventing abuse, and responding to support requests. We do not sell your data, and we do not use your project content for advertising.

3. AI processing

When you chat with the builder, your messages and relevant project files are sent to our AI model provider (Anthropic) to generate responses and code. Your project data is not used to train the underlying models. Generated Apps run in isolated sandboxes. If a tool you build calls out to an AI or other provider itself, the data it sends is governed by that provider’s terms — choose integrations with the same care you would any vendor.

4. Third-party processors

We rely on a small set of processors to operate: Anthropic (AI models), E2B (isolated sandboxes for running generated code), Supabase (database and authentication), S3-compatible storage (project snapshots), Stripe (payments), Vercel (publishing Generated Apps), and Resend (email delivery, when you connect it). Each receives only what it needs to perform its function.

5. Data your Generated Apps collect

If you publish an app that collects information (for example, an intake form), those submissions are stored so your app — and you — can read them. You are the controller of that data: you decide what to collect and you are responsible for informing your app’s users and handling their data appropriately.

6. Security

Sessions use signed, httpOnly cookies. Integration API keys you connect are encrypted at rest. Generated code runs in isolated sandboxes, separated from our own systems. No system is perfectly secure, so use judgment about the sensitivity of the data you put into any tool — ours included.

7. Retention and deletion

We keep your account and project data while your account is active. Deleting a project removes it from your account; deleting your account removes your data from our systems, except where we must retain records (for example, billing records required by law).

8. Your rights

You can access, correct, export, or delete your data by using the product or contacting us. Depending on where you live, you may have additional rights under laws such as the GDPR or CCPA; we honor reasonable requests regardless of jurisdiction.

9. Changes

If we make material changes to this policy we will update this page and note the new effective date above.

10. Contact

Privacy questions? Contact us at the email address listed on our site.