Home · Terms · Refunds

Privacy Policy

Last updated: [DATE — set on publish]

DRAFT — legal review required before publishing. Bracketed items (legal entity, contact mailbox, and any regulator-specific representations) must be confirmed by the operator and reviewed by a qualified lawyer before this page goes live.
The short version: Your source code and your app's data never reach us — they are read on your own machine or in your own browser. The only things our servers hold are what we need to run your account and billing: your email, some basic request metadata, and your payment processor's IDs. We do not collect health information (PHI).

1. Local-first: what never leaves your machine

Explain My Build reads your code and files locally — in your browser (using the File System Access API), or via the command line. Your source code and your app's data are not uploaded to us. To write the guides, the Service sends a small, de-identified summary to the AI provider you choose, using your API key — that summary goes to them, not to us, and is governed by their privacy terms. If you use a local model, nothing leaves your machine at all.

2. What our servers do collect

DataWhy
Email addressTo create your account and send account/billing messages
IP address & browser user-agentSecurity, abuse-prevention, and basic diagnostics on account and sign-up requests
Stripe customer, subscription & payment IDsTo take a card on file and process any upgrade you choose (card details are held by Stripe, not us)
A device code and a signed license tokenTo activate your paid plan and confirm it without re-checking on every use
Timestamps & plan statusTo operate the subscription lifecycle

When you create an account, we store your email plus the IP and user-agent of that request, and the time.

3. What we do NOT collect

We do not collect your source code, your app's contents, your users' data, or protected health information (PHI). The de-identification step is provided as a convenience and is not a HIPAA Business Associate Agreement.

4. Your browser's local storage

The browser app stores your provider choice and local-model URL in your browser's localStorage, and your AI API key in session storage (cleared when you close the tab, never sent to us and never written to disk by us). We do not use tracking or advertising cookies.

5. Service providers

We share the limited data above with providers who help us run the Service: Stripe (payments), Cloudflare (content delivery and edge security), and your chosen AI provider (which receives the de-identified summary described above). We do not sell your personal information.

6. Retention

We keep account data while your account is active and as needed to comply with legal, tax, and accounting obligations. Waitlist entries are kept until you ask us to remove them or you unsubscribe.

7. Your rights

Depending on where you live (e.g. GDPR in the EU/UK, CCPA/CPRA in California), you may have the right to access, correct, delete, or export your personal data, and to object to certain processing. To exercise these rights, contact us at the address below; we will respond as required by applicable law. [EU/UK representative and any region-specific disclosures — to confirm with counsel.]

8. Children

The Service is not directed to children and is not intended for anyone under 16.

9. Changes

We may update this policy; material changes will be posted here with a new date.

10. Contact

Privacy questions or data requests: [[email protected] — mailbox to be provisioned before publish]. Operated by [LEGAL ENTITY — to confirm], Privacy Officer: Michael John Ryan.