Privacy Policy
Last updated: March 2026
At iAppLabs, we are committed to protecting your privacy and personal data. This Privacy Policy explains what data we collect through the Buildr. platform, how we use and protect it, and your rights under the EU General Data Protection Regulation (GDPR) and Brazil's Lei Geral de Protecao de Dados (LGPD).
1. Data Controller
iAppLabs ("Company", "we", "us") is the data controller responsible for processing your personal data in connection with the Buildr. platform ("Service"). If you have questions about how your data is processed, contact our Data Protection team at privacy@iapplabs.com.
2. Data We Collect
We collect the following categories of personal data: (a) Account Data — email address, username, display name, and profile information you provide during registration; (b) Payment Data — billing details processed securely through Stripe (we do not store full credit card numbers on our servers); (c) Usage Data — pages visited, features used, interactions, timestamps, and session duration; (d) Technical Data — IP address, browser type and version, operating system, device identifiers, and referring URLs; (e) Communication Data — messages, feedback, and support requests you send to us. We collect data directly from you, automatically through your use of the Service, and from third-party services (e.g., OAuth providers when you sign in with GitHub or Google).
3. Legal Basis for Processing (GDPR/LGPD)
We process your personal data based on the following legal grounds: (a) Contractual Necessity — processing required to provide the Service and fulfill our agreement with you; (b) Legitimate Interest — analytics and service improvement, fraud prevention, and security monitoring; (c) Consent — marketing communications and non-essential cookies (you may withdraw consent at any time); (d) Legal Obligation — compliance with applicable laws, regulations, and legal processes. Under Brazil's Lei Geral de Protecao de Dados (LGPD) and the EU General Data Protection Regulation (GDPR), you have specific rights regarding your personal data as detailed in Section 8.
4. How We Use Your Data
We use your personal data to: (a) provide, maintain, and improve the Service; (b) process payments and manage subscriptions; (c) send transactional communications (account confirmations, password resets, billing notifications); (d) personalize your experience on the platform; (e) monitor and analyze usage trends to improve functionality and user experience; (f) detect, prevent, and address fraud, security issues, and technical problems; and (g) comply with legal obligations. We do not sell, rent, or trade your personal data to third parties for their marketing purposes.
5. Cookies & Tracking Technologies
Buildr. uses the following types of cookies: (a) Strictly Necessary Cookies — required for authentication, session management, and security (cannot be disabled); (b) Analytics Cookies — help us understand how you use the Service (e.g., page views, feature usage) using privacy-friendly analytics; (c) Preference Cookies — remember your settings and preferences (e.g., theme, language). We do not use third-party advertising cookies or cross-site tracking. You can manage non-essential cookies through your browser settings. Disabling certain cookies may affect the functionality of the Service.
6. Third-Party Services
We rely on trusted third-party service providers to operate the Service. These providers process your data only on our behalf and in accordance with our instructions: (a) Stripe — payment processing (PCI DSS Level 1 compliant); (b) Supabase — authentication, database, and storage services; (c) Vercel — hosting and content delivery; (d) Resend — transactional email delivery. Each provider is contractually bound to protect your data and has its own privacy policy. We do not share your data with any provider beyond what is necessary to operate the Service.
7. Data Retention & Deletion
We retain your personal data for as long as your account is active or as needed to provide the Service. If you delete your account, we will permanently erase your personal data within 30 days, except where retention is required by law (e.g., tax records, legal proceedings). Anonymized, aggregated data that cannot identify you may be retained indefinitely for analytics and service improvement purposes. Backup copies may persist in our systems for up to 90 days after deletion before being fully purged.
8. Your Rights (GDPR & LGPD)
Under the GDPR and LGPD, you have the following rights regarding your personal data: (a) Right of Access — request a copy of the personal data we hold about you; (b) Right to Rectification — request correction of inaccurate or incomplete data; (c) Right to Erasure — request deletion of your personal data ("right to be forgotten"); (d) Right to Data Portability — receive your data in a structured, machine-readable format; (e) Right to Restrict Processing — request that we limit how we use your data; (f) Right to Object — object to processing based on legitimate interest; (g) Right to Withdraw Consent — withdraw consent at any time where processing is based on consent; (h) Right to Non-Discrimination — exercising your rights will not result in any discriminatory treatment. To exercise any of these rights, email us at privacy@iapplabs.com. We will respond within 15 business days (LGPD) or 30 days (GDPR). You also have the right to lodge a complaint with your local data protection authority (ANPD in Brazil, or your national supervisory authority in the EEA).
9. International Data Transfers
Your data may be processed and stored in servers located outside your country of residence, including in the United States and the European Economic Area. When transferring data internationally, we implement appropriate safeguards in accordance with GDPR and LGPD requirements, including Standard Contractual Clauses (SCCs) and ensuring that recipients maintain adequate data protection standards.
10. Data Security
We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include: encryption in transit (TLS/SSL) and at rest, regular security assessments, access controls and authentication, and secure development practices. While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong, unique passwords for your account.
11. Children's Privacy
The Service is not directed to children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@iapplabs.com and we will promptly delete the information.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting a prominent notice on the Service or by sending you an email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: iAppLabs — Data Protection Team — privacy@iapplabs.com. We aim to respond to all inquiries within 5 business days.