> PRIVACY POLICY

PRIVACY POLICY

Last updated: 08 Dec 2025

> 1. TL;DR

We collect the minimum amount of data required to run Bloxstack, keep it secure, and improve the product. We never sell your data. You can ask for a copy of, or delete, your data at any time. If you opt-out of codebase analytics we will never store your private code.

> 2. What we collect

  • Account data – email, display name, hashed password (if you sign in with email) or your OAuth provider id.
  • Session data – JWT/session token identifiers and expiry timestamps.
  • Product usage analytics (first-party) – we use PostHog to capture page views, UI interactions, performance metrics, IP address (for geolocation & fraud-prevention), browser & OS version. Analytics traffic is proxied through our domain and stored on PostHog Cloud US. No third-party ad or tracking cookies are used.
  • Content data – any text, images, or files you upload (e.g. chat messages, documents, prompts). Large files are stored on Cloudflare R2. Text content is stored in our Postgres database via Drizzle.
  • Generated artefacts – AI responses, code generations, embeddings & vector indexes created while you use Bloxstack.
  • Error & audit logs – automatically captured by our platform for debugging and security (includes request metadata & stack traces, never message bodies).

> 3. What we don't collect

  • No third-party advertising identifiers or cross-site trackers.
  • No payment card numbers – all payments are handled by Stripe and never touch our servers.
  • No source-code content if you have opted out of codebase indexing and search.

> 4. Why we collect it

  • To authenticate you and keep your account secure.
  • To store and display the content you create (messages, files).
  • To understand how Bloxstack is used and prioritise improvements.
  • To diagnose errors and prevent abuse.

> 5. Storage & security

All data is encrypted in transit (HTTPS/TLS 1.3) and at rest (AES-256). Databases run on Cloudflare D1 / Postgres with automated backups and restricted access. File uploads live on Cloudflare R2 with private buckets. We follow the principle of least privilege across our infrastructure.

> 6. Sub-processors

We rely on a small number of trusted providers to operate Bloxstack:

  • Cloudflare (hosting, R2, D1, CDN, email)
  • PostHog (first-party analytics & error tracking)
  • Stripe (payments)
  • OpenAI / Anthropic (AI completions – content you send for AI tasks)

> 7. Data retention & deletion

Your content stays on our servers until you delete it or close your account. Backups are retained for up to 30 days. Analytics events are retained for 180 days by default.

> 8. Your rights

Depending on where you live, you may have the right to access, correct, download or erase your personal data. Contactcontact@bloxstack.appand we'll respond within 30 days.

> 9. Changes to this policy

We'll post any changes on this page and bump the "Last updated" date above. Significant changes will be announced in-app or via email.