Skip to main content

Privacy Policy

Last updated: December 1, 2025

BuilderBox ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our developer productivity platform, including our website, CLI tools, and MCP server integrations.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Password (stored as a secure hash—we never store plain text passwords)
  • Account preferences and settings

User-Generated Content

When you use our Service, we store:

  • Tasks, projects, and boards you create
  • Comments and activity logs
  • Calendar events and schedules

Usage Data

With your consent (via our cookie consent banner), we may collect:

  • Pages and features you visit
  • Time spent on different sections
  • Actions taken within the application
  • Error logs and crash reports

Device Information

We automatically collect:

  • Browser type and version
  • Operating system
  • IP address (for security and abuse prevention)
  • Device identifiers

2. CLI and MCP Data Collection

This section is particularly important. BuilderBox offers optional command-line interface (CLI) tools and MCP (Model Context Protocol) server integrations that track your coding activity. This feature is opt-in and requires you to actively install and configure these tools.

What Data is Collected

When you use the BuilderBox CLI or MCP integration, we collect:

  • File Paths: The paths of files you edit (e.g., /src/components/Button.tsx)
  • Project Names: The name of the project or repository you're working in
  • Programming Languages: The language of files you edit (detected by extension)
  • Editor/IDE: The name of your code editor (e.g., VS Code, Cursor, Neovim)
  • Operating System: Your OS name and version
  • Machine Identifier: A unique identifier for your computer
  • Timestamps: When you started and stopped editing
  • Line Counts: Number of lines in files and cursor position
  • Branch Names: Git branch names (if working in a git repository)
  • Dependencies: Package/import names detected in your files

Important: We do NOT collect the actual contents of your files. We only collect metadata about your coding activity. Your source code stays on your machine.

How to Control CLI/MCP Data Collection

  • Don't install: Simply don't install the CLI tools if you don't want this tracking
  • Uninstall: Remove the CLI tools or MCP server configuration at any time
  • Revoke API Key: Delete your API key in Settings → Coding Activity to stop all data collection
  • Exclude Projects: Configure .builderboxignore files to exclude specific projects
  • Delete Data: Request deletion of your coding activity data at any time

Why We Collect This Data

Coding activity data is used to:

  • Display your coding statistics and activity charts
  • Track time spent on different projects and languages
  • Provide productivity insights and streak tracking
  • Help you understand your coding patterns

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Store and display your tasks, projects, and coding activity
  • Improve the Service: Analyze usage patterns to improve features and user experience
  • Communicate with You: Send service updates, security alerts, and support messages
  • Ensure Security: Detect and prevent fraud, abuse, and security incidents
  • Comply with Law: Meet legal obligations and respond to lawful requests

We do NOT sell your personal information to third parties. We do NOT use your data for advertising purposes. We do NOT share your coding activity data with employers or other users.

5. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Database: Hosted on Supabase infrastructure in the United States (AWS us-west-2)
  • Encryption at Rest: All data is encrypted using AES-256 encryption
  • Encryption in Transit: All connections use TLS 1.2 or higher
  • Access Controls: Role-based access controls limit who can access data
  • Backups: Regular automated backups with point-in-time recovery
  • Password Security: Passwords are hashed using bcrypt with appropriate work factors

6. Third-Party Services

We use the following third-party services to operate BuilderBox:

Supabase

Database hosting, authentication, and real-time subscriptions. Privacy Policy

Sentry

Error tracking and performance monitoring to improve service reliability. Privacy Policy

Future: Analytics Provider

We may integrate a privacy-focused analytics service (such as Plausible or PostHog) in the future. Analytics will only be enabled with your consent.

7. Data Retention

We retain your data for the following periods:

  • Active Accounts: Data is retained for as long as your account is active
  • Deleted Accounts: Account data is permanently deleted within 30 days of account deletion
  • Coding Heartbeats: Raw heartbeat data is retained for 1 year, then aggregated or deleted
  • Aggregated Statistics: Daily/weekly summaries may be retained indefinitely for your reference
  • Backups: Backups containing your data may persist for up to 30 days after deletion
  • Legal Requirements: Some data may be retained longer if required by law

8. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights:

GDPR Rights (EU/EEA/UK Residents)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

CCPA Rights (California Residents)

  • Right to Know: Know what personal information is collected and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights

To exercise any of these rights, please contact us at privacy@builderbox.app. We will respond to your request within 30 days.

9. Cookies and Local Storage

We use cookies and local storage for:

  • Essential Cookies: Session management and authentication (required for the Service to function)
  • Preference Cookies: Storing your theme, font size, and other settings
  • Analytics Cookies: Understanding how the Service is used (only with your consent)

When you first visit BuilderBox, you'll see a cookie consent banner. Analytics cookies are only enabled if you click "Accept." You can change your preference at any time in Settings.

We also use browser localStorage to store your preferences locally. This data never leaves your device unless you explicitly sync it to your account.

10. Children's Privacy

BuilderBox is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@builderbox.app, and we will delete such information.

11. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the US.

We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Data processing agreements with all third-party providers
  • Technical and organizational security measures

12. Security Incident Response

In the event of a data breach that affects your personal information, we will:

  • Notify affected users via email within 72 hours of becoming aware of the breach
  • Describe the nature of the breach and types of data affected
  • Explain the steps we're taking to address the breach
  • Provide recommendations for protecting yourself
  • Report to relevant supervisory authorities as required by law

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date at the top
  • Sending an email to the address associated with your account (for material changes)

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@builderbox.app

General Inquiries: support@builderbox.app

Address: BuilderBox Inc., San Francisco, CA, United States

Response Time: We aim to respond to all privacy inquiries within 30 days

By using BuilderBox, you acknowledge that you have read and understood this Privacy Policy.