Privacy Policy

This Privacy Policy describes how Appmake AI Limited (“Appmake,” “we,” “us”) collects, uses, shares, and protects personal information when you use our platform, website, APIs, and related services (the “Services”). It applies to users in all jurisdictions, including those protected by the GDPR (EEA, UK, Switzerland), CCPA/CPRA (California), PIPEDA (Canada), and similar privacy frameworks.

1. Personal Data We Collect

“Personal data” means any information relating to an identified or identifiable individual. We collect personal data in the following ways:

Information You Provide Directly

• Account registration details (name, email address, password).
• Payment and billing information processed through our payment provider (Stripe). We do not store full credit card numbers on our servers.
• Content you submit through the Services, including prompts, code, project files, and chat messages.
• Communications you send to us (support requests, feedback).

Information Collected Automatically

• Technical data: IP address, browser type and version, operating system, device identifiers, screen resolution.
• Usage data: pages visited, features used, generation requests, deployment events, session duration, referral source.
• Performance data: error logs, load times, API response times.

Information From Third Parties

• OAuth providers (Google, GitHub, Microsoft) when you sign in via a social account.
• Integration data from services you connect (e.g., Supabase, GitHub repositories).

2. How We Use Your Information

We process your personal data for the following purposes:

• Service delivery: To provide, operate, and maintain the Services, including AI code generation, project management, and deployments.
• Account management: To create and manage your account, authenticate your identity, and process payments.
• Product improvement: To analyze usage patterns, diagnose technical issues, and develop new features.
• Security and fraud prevention: To detect, investigate, and prevent unauthorized access, abuse, and fraudulent activity.
• Communications: To send transactional notifications (e.g., account confirmations, billing receipts) and, with your consent, marketing communications.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.

3. Legal Bases for Processing

Where required by law (e.g., under the GDPR), we rely on the following legal bases:

• Contract performance: Processing necessary to provide the Services you have requested.
• Legitimate interests: Processing for purposes such as improving our Services, preventing fraud, and ensuring security, where these interests are not overridden by your rights.
• Consent: Where you have given explicit consent, for example for marketing communications or optional analytics.
• Legal obligation: Where processing is required by applicable law.

4. Data Sharing and Sub-Processors

We do not sell your personal data. We share personal data only with trusted third-party service providers (“sub-processors”) who assist in delivering the Services, including:

• Payment processing: Stripe (billing and subscription management).
• Infrastructure and hosting: Cloud hosting providers for application delivery and data storage.
• AI model providers: Third-party AI services used to power code generation features.
• Analytics: Tools used to understand usage patterns and improve the Services.

All sub-processors are bound by contractual obligations to protect your data and process it only in accordance with our instructions.

5. International Data Transfers

Your data may be transferred to and processed in countries outside your jurisdiction. Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and the Swiss Federal Data Protection Act addendum to ensure an adequate level of protection for your personal data.

6. Disclosure and Investigations

We may disclose your information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, or legal process; (b) protect the rights, safety, or property of Appmake, our users, or the public; (c) detect, prevent, or address fraud, security issues, or technical problems. Where legally permitted, we will provide you with notice of such disclosures.

7. Data Retention

We retain your data in accordance with the following schedule:

• Account data: Retained for the duration of your account. Upon account deletion, personal data is removed within thirty (30) days.
• Customer Data (projects, files, code): Retained for up to ninety (90) days after account termination to allow for data recovery, then permanently deleted.
• Operational logs: Retained for up to ninety (90) days for performance monitoring and security purposes.
• Backups: May persist for up to ninety (90) days before being purged.

8. Cookies and Tracking Technologies

We use the following categories of cookies:

• Strictly necessary: Required for core functionality (authentication, security). No consent required.
• Analytics: Help us understand how the Services are used. Consent required in applicable jurisdictions (EEA, UK, Switzerland).
• Functional: Remember your preferences and settings. User-configurable.
• Marketing: Used for relevant advertising. Requires your consent; we respect opt-out signals including Global Privacy Control (GPC).

Analytics cookies are retained for up to thirteen (13) months, after which they are deleted or anonymized.

9. Information Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (TLS) and at rest (AES-256).
• Role-based access controls and multi-factor authentication for internal systems.
• Regular security audits and vulnerability assessments.
• Incident response procedures with a target of seventy-two (72) hour breach notification where required by law.

10. Third-Party Links and Integrations

The Services may contain links to or integrations with third-party platforms (e.g., GitHub, Supabase, Vercel, Netlify). These services are governed by their own privacy policies. We encourage you to review the privacy practices of any third-party service you connect to through Appmake.

11. Communications

By creating an account, you consent to receiving transactional emails related to your account and use of the Services (e.g., billing receipts, security alerts, service announcements). You may opt out of marketing and promotional communications at any time through your account settings or by using the unsubscribe link in any marketing email.

12. AI-Generated Content Disclaimer

Code and content generated by the AI Services are produced by machine learning models and may contain inaccuracies, errors, or security vulnerabilities. AI-generated output does not constitute professional software engineering, legal, or financial advice. You are solely responsible for reviewing, testing, and validating all generated content before use.

13. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request that we correct inaccurate or incomplete personal data.
• Deletion: Request that we delete your personal data, subject to legal exceptions.
• Portability: Request your data in a structured, machine-readable format.
• Restriction: Request that we limit how we process your data in certain circumstances.
• Objection: Object to processing based on legitimate interests.
• Consent withdrawal: Withdraw your consent at any time where processing is based on consent.
• Opt-out of sale/sharing: We do not sell personal data. If this changes, you will have the right to opt out.

To exercise any of these rights, contact us at [email protected]. We aim to respond within thirty (30) days.

14. Regional Provisions

United States (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act and the California Privacy Rights Act. The categories of personal information we collect include: identifiers, commercial information, internet or network activity, and inferences. We do not sell or share personal information for cross-context behavioral advertising. You may designate an authorized agent to submit requests on your behalf.

European Economic Area, UK, and Switzerland

If you are located in the EEA, UK, or Switzerland, you have additional rights under the GDPR or equivalent local law, including the right to lodge a complaint with your local data protection authority. International data transfers are protected by Standard Contractual Clauses and the UK International Data Transfer Addendum as applicable.

Canada

If you are a Canadian resident, your personal information is handled in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, and challenge compliance with respect to your personal information.

15. Governing Law

This Privacy Policy is governed by the laws of the Cayman Islands, without regard to conflict-of-law principles. Mandatory local consumer protection laws take precedence where applicable.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated at least thirty (30) days in advance via email or an in-product notification. Your continued use of the Services after changes take effect constitutes acceptance of the updated policy.

17. Severability

If any provision of this Privacy Policy is found to be invalid or unenforceable, the remaining provisions shall continue in full force and effect.