Privacy Policy

Buildly ("we", "us", or "our") operates the platform at https://buildly.click. We provide a marketplace for AI-powered tools that anyone can use or build.

If you have questions about this policy, contact us at privacy@buildly.click.

Account information: When you register, we collect your name, email address, and optionally a profile photo (via Google or GitHub OAuth).

Usage data: We log which tools you run, input/output content, token usage, and timestamps. This powers your run history and our analytics.

Payment information: Payments are processed by Stripe. We store your plan status and transaction history but never your card details.

Developer keys: If you add API keys (e.g. Gemini, OpenRouter), they are encrypted at rest using AES-256-GCM and never exposed in plaintext outside of tool execution.

Newsletter subscriptions: If you subscribe to tool updates, we store your email address and a random unsubscribe token. Nothing else.

Technical data: Standard server logs including IP addresses, browser type, and request metadata for security and debugging.

We use collected information to:

• Provide, operate, and improve the platform
• Process payments and manage subscriptions
• Send transactional emails (run limits, webhook alerts, newsletter if subscribed)
• Detect and prevent fraud or abuse
• Display your run history and analytics in your workspace
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your tool inputs or outputs to train AI models.

We share data only with:

• Google Gemini / AI providers — your tool inputs are sent to the AI provider configured for each tool to generate a response.
• Stripe — for payment processing.
• Resend — for transactional email delivery.
• MongoDB Atlas — our database provider, where all data is stored encrypted at rest.
• Vercel — our hosting provider, which processes requests on our behalf.

All third-party providers are bound by data processing agreements and may not use your data for their own purposes.

We use session cookies to keep you logged in. We do not use third-party advertising trackers or analytics cookies. No cookie consent banner is shown because we do not use non-essential cookies.

We retain your account data for as long as your account is active. Run history is retained for 90 days by default. If you delete your account, your personal data is deleted within 30 days, except where retention is required by law (e.g. payment records).

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Object to or restrict certain processing
• Export your data in a portable format

To exercise any of these rights, email us at privacy@buildly.click.

We encrypt sensitive data (API keys, tokens) at rest using AES-256-GCM. All connections use HTTPS/TLS. We use HMAC-signed CSRF state tokens for OAuth flows. Despite our efforts, no system is 100% secure — please use a strong password and enable 2FA on your OAuth provider.

Buildly is not intended for users under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.

We may update this policy from time to time. We will notify registered users of material changes by email. Continued use of the platform after changes constitutes acceptance of the updated policy.