Privacy Policy

Last Updated: November 7, 2025

Your privacy is important to us. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use BuildWithAI and our suite of products and services.

About BuildWithAI

BuildWithAI is a unified platform that helps builders ship AI apps 10x faster. When you create an account with BuildWithAI, you gain access to our entire ecosystem of products and services, including:

  • Braindumper: AI-powered tool for structuring and validating app ideas
  • BuildBrief: Weekly newsletter with AI tools, app building tips, and success stories
  • Educational Content: Courses, tutorials, and learning resources (available with Plus subscription)
  • Community: Access to our Discord community and exclusive member benefits
  • Future Tools: Additional micro-tools and features as we expand our platform

By signing up for BuildWithAI, you create one unified account that works across all our products and services. This means you automatically gain access to BuildBrief newsletter, product updates, and our community resources. By creating an account, you agree to receive BuildBrief and product updates. You can adjust these preferences anytime in your account settings or unsubscribe using links in our emails.

Information We Collect

  • Account Information: Name, email address, password, and profile details
  • Payment Information: Billing details and payment method (processed securely through Stripe)
  • Usage Data: How you interact with our tools (Braindumper generations, app projects, course progress)
  • AI Generation Data: App ideas, braindumps, and project information you create using our tools
  • Communication Preferences: Newsletter subscriptions and notification settings
  • Technical Data: IP address, browser type, device information, and usage analytics

How We Use Your Information

  • Service Delivery: Provide access to Braindumper, courses, and all BuildWithAI products
  • Email Communications: Send BuildBrief newsletter, product updates, feature announcements, and marketing communications
  • Account Management: Manage your unified account across all our products and services
  • AI Processing: Process your braindumps and app ideas to generate structured outputs
  • Subscription Management: Handle billing, usage limits
  • Product Improvement: Analyze usage patterns to improve our tools and services
  • Customer Support: Respond to your inquiries and provide assistance
  • Legal Compliance: Comply with applicable laws and regulations

Analytics and Cookies

We use privacy-friendly analytics tools to understand how users interact with our services and to improve user experience.

Essential Cookies

  • Authentication cookies (required for login functionality)
  • Preference cookies (remember your settings)
  • Security cookies (protect against fraud and abuse)

Analytics Tools

We use the following analytics services:

  • Vercel Analytics: Privacy-friendly, cookieless analytics for page views and performance. No personal data collected. GDPR-compliant by default.
  • Vercel Speed Insights: Performance monitoring to ensure fast page loads. No cookies, no personal data.
  • PostHog: Product analytics to track feature usage and user flows (authenticated users only). Includes session recordings to identify usability issues. EU-hosted and GDPR-compliant.

We process this data based on our legitimate interest in providing and improving our services (GDPR Article 6(1)(f)). All analytics data is:

  • Processed in compliance with GDPR and CCPA
  • Not sold or shared with third parties for advertising
  • Anonymized for users who are not logged in
  • Retained only as long as necessary for service improvement
  • Collected using privacy-preserving methods (most tools are cookieless)

You can opt out of PostHog analytics through your account settings or by using browser privacy extensions.

Legal Basis for Processing (GDPR Compliance)

We process your data based on your consent, contractual necessity, or our legitimate interests in providing educational services.

Data Processors and Sharing of Information

We do not sell your personal information. We may share data with trusted third parties who assist us in operating our services. Each third-party service provider acts as a data processor under GDPR Article 28, processing personal data only under our instructions and in compliance with appropriate safeguards:

  • Payment Processors: Stripe for secure payment processing
  • Email Service Providers: Resend for delivering BuildBrief newsletter and product updates
  • AI Service Providers: OpenAI and Anthropic for processing Braindumper generations
  • Analytics Providers: Vercel Analytics and PostHog for usage analytics
  • Infrastructure Providers: Supabase for database and authentication services

All third-party service providers are bound by confidentiality agreements and process data only as necessary to provide their services. We ensure that all data processors comply with applicable data protection laws and maintain appropriate technical and organizational security measures.

Your Rights

You have the following rights regarding your personal data:

  • Access and Update: View and update your account information at any time through your account settings
  • Data Portability: Export your braindumps and app project data
  • Email Preferences: Unsubscribe from BuildBrief newsletter and marketing emails via the unsubscribe link in any email
  • Account Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
  • Data Access Request: Request a copy of all personal data we hold about you

To exercise any of these rights, contact us at kristoffer@buildwithai.io

Data Security and Storage

All your data is stored securely in Supabase, a enterprise-grade database platform built on PostgreSQL. We implement industry-standard security measures to protect your information:

Secure Authentication

  • Supabase Auth: Enterprise-grade authentication system with secure password hashing (bcrypt)
  • Google OAuth: Sign in securely with your Google account
  • Discord OAuth: Authenticate using your Discord account
  • Password Protection: All passwords are hashed and never stored in plain text
  • Session Management: Secure session tokens with automatic expiration

Data Protection

  • Encrypted Storage: All data stored in Supabase is encrypted at rest
  • Secure Transmission: All data in transit is encrypted using HTTPS/TLS
  • Row Level Security: Database-level security policies ensure users can only access their own data
  • Regular Backups: Automated backups to prevent data loss
  • Access Controls: Strict access controls and monitoring for our systems
  • PCI Compliance: Payment processing through Stripe meets PCI-DSS standards

While we strive to protect your data using industry best practices, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but continuously work to improve our security practices and infrastructure.

Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations:

  • Account Data: Retained while your account is active and for a reasonable period after deletion
  • Braindumper Data: Your app ideas and projects are retained as long as your account exists
  • Email Communications: Newsletter subscription data retained until you unsubscribe
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Analytics Data: Aggregated and anonymized data may be retained indefinitely for service improvement

International Data Transfers

BuildWithAI operates globally, and your information may be transferred to and processed in countries other than your own, including the United States and European Union. We ensure appropriate safeguards are in place for international data transfers in compliance with GDPR and other applicable data protection laws.

When personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or reliance on adequacy decisions where applicable. Our third-party service providers are contractually required to maintain equivalent data protection standards.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we make material changes, we will notify you by email or through a prominent notice on our platform. Your continued use of BuildWithAI after such changes constitutes acceptance of the updated policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at kristoffer@buildwithai.io