Privacy Policy

This Privacy Policy explains how Buildrok ("Buildrok", "we", "us", or "our") collects, uses, shares, and protects information when you use our website located at buildrok.com and our website-building service (together, the "Service"). Buildrok is based in Austin, Texas, United States.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree, please do not use the Service.

1. Information we collect

1.1 Information you provide directly

• Account information: your name and email address when you create an account or sign in (including via Google OAuth).
• Site and draft content: business name, descriptions, phone numbers, addresses, images, and other content you enter to build, edit, preview, or publish a website.
• Domain information: domain names you search for, purchase, or connect, plus the technical details we need to configure DNS and connect your domain to your hosted site.
• Support communications: messages, names, and email addresses you submit via our contact form or by emailing support@buildrok.com.
• Payment information: payment processing is handled entirely by Stripe, Inc. We do not receive or store your full card number, CVV, or bank account details. We may receive limited metadata such as payment status, transaction identifiers, the last four digits of the card, and card brand.

1.2 Information collected automatically

• Server and access logs: standard server logs may include IP addresses, browser type, operating system, referring URLs, request timestamps, and HTTP status codes. These are used for security, debugging, and abuse prevention.
• Custom page-view analytics (for published customer sites): when a visitor views a website published through Buildrok, we record a page view. We hash the visitor's IP address and user agent using a daily-rotating SHA-256 hash — the raw IP address is not stored. We record the page path, referring domain (hostname only), and device type (mobile, tablet, or desktop). This lightweight system does not use persistent cookies or fingerprinting and is designed to be privacy-respecting.
• Browser storage (localStorage): we store your authentication token (JWT) and email address in your browser's localStorage to keep you signed in. We also store your preferred color scheme (light or dark mode) in localStorage. This data is stored locally on your device and is not a cookie.
• Authentication cookies: when you sign in via OAuth (e.g., Google), our authentication provider (Neon Auth) may set a session cookie on its own domain to support the OAuth login flow. This cookie is scoped to the authentication provider's domain and is used solely for the sign-in process.

2. How we use information

• Provide, operate, and maintain the Service (drafts, editing, previewing, publishing, domain management)
• Process payments, manage subscriptions, and prevent fraud
• Respond to support requests and communicate with you about your account
• Send transactional emails (e.g., support replies) — we do not send promotional marketing emails without your separate consent
• Improve the reliability, performance, and user experience of the Service
• Detect and prevent abuse, fraud, and unauthorized access
• Comply with legal obligations

3. How we share information

We do not sell your personal information. We share information only as necessary to provide the Service or as required by law.

3.1 Service providers (sub-processors)

• Stripe, Inc. — payment processing and subscription billing. Stripe's privacy policy governs how Stripe handles payment data. Confirm actual Stripe data processing terms before publishing.
• Neon (Neon Inc.) — database hosting (PostgreSQL) and authentication (OAuth flows). Your account data, site content, and draft data are stored in a Neon-hosted database.
• Vercel, Inc. — website hosting, DNS management, and serverless function execution. Vercel serves your published site and processes requests to our application.
• OpenSRS (Tucows Inc.) — domain registration. If you purchase a domain through Buildrok, the domain is registered via OpenSRS as the underlying registrar. OpenSRS's terms and ICANN policies apply.
• Resend (Resend, Inc.) — transactional email delivery. We use Resend to send support reply emails. Your name and email address may be transmitted to Resend for delivery purposes.

3.2 Legal disclosures

We may disclose information if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Buildrok, our users, or others.

3.3 Business transfers

If Buildrok is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via a notice on the Service or by email before your information becomes subject to a different privacy policy.

4. Data retention

We retain your account and site data for as long as your account is active or as needed to provide the Service. Draft sites may expire and be deleted after a period of inactivity. Transaction records, billing history, and related logs may be retained for a period consistent with accounting and legal requirements (typically up to seven years). You may request deletion of your account and personal data at any time (see Section 6).

5. Cookies and tracking technologies

We do not use third-party advertising cookies or tracking pixels. The Service uses minimal browser storage:

• localStorage (authentication): your JWT and email are stored locally to maintain your session.
• localStorage (preferences): your light/dark mode preference is stored locally.
• OAuth session cookie (Neon Auth): a short-lived session cookie may be set by our authentication provider during the Google sign-in flow. It does not track you across other sites.

For more detail, see our Cookie Policy.

6. Your rights and choices

Depending on where you live, you may have certain rights regarding your personal information. These may include the right to access, correct, delete, or obtain a copy of your personal data. To exercise any of these rights, please contact us using the information in Section 9 below.

• You can edit or delete your drafts and published sites from the dashboard.
• You can delete your account from your account settings (Danger Zone tab). Deleting your account will remove your profile and disable access to the Service. Some transaction records may be retained for legal and accounting purposes.
• You can contact us to request access to, correction of, or deletion of your personal information.

Texas residents

The Texas Data Privacy and Security Act (TDPSA), effective July 1, 2024, provides Texas residents with certain rights with respect to personal data, including rights to access, correct, delete, obtain a copy of, and opt out of certain processing of your personal data. To submit a request under TDPSA, contact us at support@buildrok.com. We will respond within 45 days as required. We do not sell personal data and do not use personal data for targeted advertising or profiling for decisions that produce legal or similarly significant effects.

7. Children's privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately so we can take appropriate steps to delete it.

8. Security

We use reasonable administrative, technical, and organizational measures designed to protect your information from unauthorized access, disclosure, alteration, or destruction. However, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where feasible, provide notice within the Service or by email. Your continued use of the Service after changes are posted constitutes acceptance of the updated Policy.

10. Contact us

If you have questions or concerns about this Privacy Policy or how we handle your information, please contact us:

• Email: support@buildrok.com
• Contact form: buildrok.com/contact
• Business location: Austin, Texas, United States