goBuildy

Legal

Privacy Policy

Last updated: May 15, 2026

1. Who We Are

goBuildy ("goBuildy," "we," "our," or "us") operates the website at gobuildy.com and the AI-powered website generation service described in our Terms of Service. This Privacy Policy explains what personal information we collect, why we collect it, and how we use, share, and protect it.

For questions about this policy, please use our contact form.

2. Information We Collect

Information you provide directly

  • Email address — provided when you generate a site. Used to deliver your site, send transactional notifications, and create your account.
  • Prompt text — the description of your business you enter to generate a site. Sent to our AI provider to produce your website HTML.
  • Clarification answers — optional follow-up answers you provide when our AI asks for more detail about your business.
  • Domain registrant contact — if you purchase a domain through goBuildy (T2 Domain Purchase plan), ICANN regulations require us to collect your name, address, phone number, and email as the registered domain owner. This information is submitted to Route 53 (Amazon Web Services) as your domain registrar.
  • Payment information — we do not store your payment card details. Our payment processor handles all payment data under their own privacy policy and PCI-DSS compliance.

Information collected automatically

  • IP address — captured when you submit a generation request. Used for rate-limiting (up to 10 free generations per hour per IP) and abuse prevention. Stored in DynamoDB with a 2-hour TTL and not used for any other purpose.
  • Browser fingerprint — a randomly generated ID stored in your browser's localStorage. Used solely to deduplicate concurrent generation requests from the same browser session and to avoid charging you twice if you accidentally submit the same request. Not used for tracking or cross-site identification.
  • Cloudflare Turnstile challenge token — a cryptographic proof-of-work token generated by Cloudflare's Turnstile service when you submit a generation request. Verified server-side to distinguish humans from bots. Not stored beyond the verification request.

Information we do NOT collect

  • We do not use Google Analytics, Meta Pixel, or any third-party advertising trackers.
  • We do not set any tracking cookies. We use no cookies at all except those set by Cloudflare Turnstile during the bot-prevention flow.
  • We do not collect or infer demographic information, browsing history, or behavioral profiles.

3. How We Use Your Information

  • Providing the service — generating your website, provisioning your domain or subfolder, and delivering your live site.
  • Transactional email — magic-link login, provisioning status updates, and urgency reminders about your 72-hour free preview expiry.
  • Billing — creating checkout sessions and managing your subscription.
  • Abuse prevention — checking your email against a list of known disposable email services, rate-limiting by IP, and verifying Cloudflare Turnstile tokens to prevent AI-spend abuse.
  • Legal compliance — complying with applicable laws, responding to legal requests, and enforcing our Terms of Service.

We do not sell, rent, or trade your personal information with third parties for their marketing purposes.

4. Our Service Providers (Sub-processors)

We use the following third-party services to operate goBuildy. Each is bound by contractual data-processing terms:

ProviderPurposeData shared
Amazon Web Services (AWS)Hosting, storage, email delivery, domain registrationAll user-submitted data; processed in us-east-1
Google (Gemini AI)AI-powered website generationPrompt text and clarification answers
Anthropic (Claude AI)AI-powered website generation (alternate vendor)Prompt text and clarification answers
dLocal GoPayment processing and subscription managementEmail address; payment data handled directly by our payment processor
Cloudflare (Turnstile)Bot and abuse preventionIP address; no personal data stored by Cloudflare beyond the challenge

5. Data Retention

  • Free previews — site HTML, preview tokens, and associated prompt data are deleted 72 hours after generation.
  • Paying subscriber accounts — your email, site slug, and subscription metadata are retained while your subscription is active and for 30 days after cancellation (to allow reactivation), then permanently deleted.
  • IP rate-limit counters — deleted automatically after 2 hours via DynamoDB TTL.
  • Domain registrant contact — retained for the duration of domain ownership and transferred to the new registrar if you request a domain transfer-out. Deleted from our systems 30 days after a completed transfer.
  • Transactional email logs — AWS SES delivery receipts are retained for 30 days for bounce/complaint handling, then purged.

6. Your Rights

Depending on where you live, you may have rights to access, correct, delete, or export your personal data. To exercise any of these rights, submit a request via our contact form with the subject "Privacy Request." We will respond within 30 days.

California residents (CCPA/CPRA): You have the right to know what personal information we collect, the right to delete it, the right to opt out of sale (we do not sell personal information), and the right not to be discriminated against for exercising these rights.

7. Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256 via AWS). Our DynamoDB tables have Point-in-Time Recovery (PITR) and deletion protection enabled. Secrets (API keys, JWT signing keys, payment signing secrets) are stored in AWS Secrets Manager and never appear in environment variables or logs.

No security system is perfect. If you discover a vulnerability, please report it responsibly via our contact form.

8. Children

goBuildy is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy as our service evolves. We will notify active subscribers by email at least 14 days before any material change takes effect. The "Last updated" date at the top of this page always reflects the current version.

Terms of Service← Back to goBuildy