Privacy Policy
Last updated: [DATE — set on publish]
1. Local-first: what never leaves your machine
Explain My Build reads your code and files locally — in your browser (using the File System Access API), or via the command line. Your source code and your app's data are not uploaded to us. To write the guides, the Service sends a small, de-identified summary to the AI provider you choose, using your API key — that summary goes to them, not to us, and is governed by their privacy terms. If you use a local model, nothing leaves your machine at all.
2. What our servers do collect
| Data | Why |
|---|---|
| Email address | To create your account and send account/billing messages |
| IP address & browser user-agent | Security, abuse-prevention, and basic diagnostics on account and sign-up requests |
| Stripe customer, subscription & payment IDs | To take a card on file and process any upgrade you choose (card details are held by Stripe, not us) |
| A device code and a signed license token | To activate your paid plan and confirm it without re-checking on every use |
| Timestamps & plan status | To operate the subscription lifecycle |
When you create an account, we store your email plus the IP and user-agent of that request, and the time.
3. What we do NOT collect
We do not collect your source code, your app's contents, your users' data, or protected health information (PHI). The de-identification step is provided as a convenience and is not a HIPAA Business Associate Agreement.
4. Your browser's local storage
The browser app stores your provider choice and local-model URL in your browser's localStorage, and your AI API key in session storage (cleared when you close the tab, never sent to us and never written to disk by us). We do not use tracking or advertising cookies.
5. Service providers
We share the limited data above with providers who help us run the Service: Stripe (payments), Cloudflare (content delivery and edge security), and your chosen AI provider (which receives the de-identified summary described above). We do not sell your personal information.
6. Retention
We keep account data while your account is active and as needed to comply with legal, tax, and accounting obligations. Waitlist entries are kept until you ask us to remove them or you unsubscribe.
7. Your rights
Depending on where you live (e.g. GDPR in the EU/UK, CCPA/CPRA in California), you may have the right to access, correct, delete, or export your personal data, and to object to certain processing. To exercise these rights, contact us at the address below; we will respond as required by applicable law. [EU/UK representative and any region-specific disclosures — to confirm with counsel.]
8. Children
The Service is not directed to children and is not intended for anyone under 16.
9. Changes
We may update this policy; material changes will be posted here with a new date.
10. Contact
Privacy questions or data requests: [[email protected] — mailbox to be provisioned before publish]. Operated by [LEGAL ENTITY — to confirm], Privacy Officer: Michael John Ryan.