Privacy Policy

Last updated: December 25, 2024

1. Introduction

BuildrLab ("we", "our", or "us") operates BuildrFlags, a feature flag management platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you register, we collect:

  • Email address
  • Name (optional)
  • Organization name (optional)
  • Password (stored securely hashed)

Usage Data

We automatically collect:

  • API request logs (flag evaluations, excluding user context data by default)
  • Feature usage patterns within our dashboard
  • Device and browser information
  • IP addresses (for security and rate limiting)

Customer Data

Feature flags, segments, and experiment configurations you create are stored securely and are never shared with third parties. End-user context data passed during flag evaluation is not stored unless you explicitly enable event tracking.

3. How We Use Your Information

  • Provide and maintain the Service
  • Process transactions and send billing-related communications
  • Send product updates and marketing communications (with opt-out)
  • Monitor and analyze usage to improve the Service
  • Detect, prevent, and address technical issues and abuse
  • Provide customer support

4. Data Sharing

We do not sell your personal data. We may share data with:

  • Service Providers: AWS (infrastructure), Stripe (payments), email services
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

5. Data Security

We implement industry-standard security measures:

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • API keys stored as SHA-256 hashes
  • SOC 2 compliant infrastructure
  • Regular security audits and penetration testing
  • Access controls and audit logging

6. Data Retention

  • Account data: Retained while your account is active, deleted within 30 days of account closure
  • Audit logs: 7 days (Starter), 30 days (Pro), custom (Enterprise)
  • Billing records: Retained as required by law (typically 7 years)

7. Your Rights

You have the right to:

  • Access and receive a copy of your personal data
  • Correct inaccurate personal data
  • Request deletion of your personal data
  • Object to processing of your personal data
  • Data portability (export your data)
  • Withdraw consent for marketing communications

To exercise these rights, contact us at privacy@buildrflags.com

8. International Transfers

Our Service is hosted on AWS in the United States. If you access the Service from the EU/EEA, your data may be transferred to the US. We ensure appropriate safeguards through AWS's compliance with data protection frameworks.

9. Cookies

We use essential cookies for authentication and session management. We do not use third-party tracking cookies. You can configure your browser to reject cookies, but this may affect Service functionality.

10. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance.

12. Contact Us

For privacy-related questions, contact our Data Protection team at privacy@buildrflags.com