buildmax
HomePricingFeaturesIntegrations
Privacy & Security

Your data.
Your rules.

We built Buildmax to give you full ownership of your code and your data. This policy explains exactly what we collect, why, and how it stays safe.

Last updated: 24 May 2026

Overview

The short version.

We collect only what we need to run the platform. We never sell your data. We share workspace content with trusted sub-processors only when needed to provide the Service, such as AI model providers processing your prompts. You can export or request deletion of your data.

Buildmax (“we”, “us”, “our”) is committed to protecting your personal information. This Privacy Policy describes how we collect, use, and protect information from users of buildmax.app and related services (“the Service”).

By using the Service you agree to the practices described in this policy. If you do not agree, please do not use the Service. This policy is incorporated into our Terms of Service.

Data collection

What we collect.

We collect information you provide directly and data generated as you use the Service:

Account information: Email address, display name, and profile photo (when signing in via Google).
Workspace content: Prompts, chat history, generated code, project files, and deployment configurations within your workspace.
Connected service credentials: OAuth tokens and API keys for services you explicitly connect (GitHub, Stripe, Shopify, Supabase, Cloudflare, etc.). Secret payloads are encrypted in the workspace vault.
Payment information: Processed by Polar or Polar's payment infrastructure. We store plan, billing status, credit allocation, billing period, customer references, and webhook metadata — never raw card numbers.
Usage data: Credit consumption, build history, deploy timestamps, feature usage, and error logs to operate and improve the platform.
Technical data: IP address, browser type, device type, and session identifiers for security, fraud prevention, debugging, and service operation.

Purpose

How we use it.

Providing, operating, and improving the Service
Processing builds, deployments, and workspace actions
Charging for credits and managing your subscription via Polar
Sending transactional emails — magic links, build notifications, billing receipts
Detecting fraud, abuse, or security threats
Responding to support requests
Aggregated, anonymised usage analysis to understand feature usage

Buildmax does not train its own AI models on your workspace content without explicit opt-in consent. AI providers process the relevant prompts, code context, and tool results needed to respond to your request, subject to their applicable terms and data-processing commitments.

Security

How we protect your data.

Security is part of the Buildmax architecture. We use workspace isolation, encrypted secret storage, access controls, and least-privilege practices to protect customer data.

Data Isolation

Agent edits run in isolated workspace sandbox copies, and application records are scoped by workspace and user access.

Workspace-scoped access

Encryption at Rest

Connector credentials and workspace secret payloads are encrypted in the Buildmax vault using AES-256-GCM before storage.

Encrypted secret vault

Encrypted in Transit

Buildmax serves the application over HTTPS/TLS and expects production deployment URLs to use HTTPS.

HTTPS/TLS

Secret Vault

API keys and OAuth tokens you add are made available only to the operations and connector calls that need them.

Least privilege

Audit Logging

Key platform events such as builds, deployments, billing syncs, and connector actions are recorded for operation and support.

Operational records

Compliance

We are building toward stronger compliance controls and support access, export, and deletion requests as described in this policy.

Privacy rights support

Third parties

Data sharing.

We never sell your personal data. We share limited information only with trusted sub-processors as needed to provide, secure, and support the Service:

Polar: Billing, checkout, customer portal, subscriptions, invoices, and payment processing. We share what is required to process and manage your plan.
AI model providers: Prompts, workspace context, code snippets, images, and tool results may be sent to large language model APIs to answer your request or build your project.
Cloud infrastructure: Hosting, database, storage, deployment, and operational services used to run the platform.
Transactional email: Email delivery for magic links, billing notices, build notifications, and account messages. Only your email address and the relevant message content are shared.
Usage analysis: Aggregated or anonymised product usage data used to understand performance and feature adoption.
Law enforcement: Only if legally required by a valid court order or law, and only to the minimum extent necessary.

Retention

Retention & deletion.

We retain personal data for as long as your account is active or as needed to provide the Service. Workspace content (code, chat history, builds) is retained until you delete it or close your account.

To delete your account and all associated data, contact us at support@buildmax.app. We will process deletion requests within 30 days. Some backups, security records, billing records, and anonymised usage logs may be retained for a limited period where required for legal, security, fraud-prevention, or billing audit purposes.

You own your code. At any time you can export your full codebase from your workspace settings. Buildmax does not claim any intellectual property rights over the code you generate.

Cookies

Cookies & tracking.

We use cookies strictly necessary to operate the platform:

Session cookies: Keep you signed in across page loads. Expire when you close your browser or sign out.
Auth tokens: Secure, HttpOnly cookies for authentication. Not accessible to JavaScript.
Preference cookies: Remember display preferences (theme, sidebar state). No personal data.

We do not use third-party advertising cookies or cross-site trackers. Most browsers allow you to disable cookies in settings, but doing so may prevent you from signing in.

Your rights

Your rights.

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Rectification: Ask us to correct inaccurate or incomplete data.
Erasure: Request deletion of your personal data (right to be forgotten).
Portability: Export your workspace content and account data in a machine-readable format.
Restriction: Ask us to restrict processing of your data in certain circumstances.
Objection: Object to processing based on legitimate interests.

To exercise any of these rights, email support@buildmax.app. We will respond within 30 days.

Age

Children’s privacy.

The Service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, contact us and we will delete it promptly.

Updates

Policy changes.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by a prominent notice in the dashboard before the change takes effect. Continued use of the Service after a change constitutes acceptance of the updated policy.

The date at the top of this page reflects when the policy was last updated.

Contact

Get in touch.

Questions, concerns, or data requests — we’re here for them.

Buildmax Privacy Team

Email: support@buildmax.app
For account deletion, data exports, or right-to-erasure requests, include your account email and we’ll respond within 30 days.