BYLDCODE

Privacy Policy

Last updated: March 19, 2026

1. Introduction

BYLDCODE ("we," "us," or "our") operates the website byldcode.com and the ByldCode platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name and email address through our authentication provider, Clerk. We do not store your password directly.

Usage Data

We collect information about how you use the Service, including features accessed, content generated, and points consumed. We use Google Analytics to collect anonymized browsing data such as pages visited and session duration.

Payment Information

Payment processing is handled by Stripe. We do not store your credit card number, expiration date, or CVV. Stripe provides us with a transaction ID and confirmation of payment.

Social Media Account Data

If you connect a social media account (Facebook, Instagram, or LinkedIn) to publish content, we collect and store:

  • Your social media profile name and ID
  • OAuth access tokens and refresh tokens (encrypted at rest using AES-256-GCM)
  • Facebook Page names and IDs, and linked Instagram Business account IDs

We use this data solely to publish content on your behalf when you explicitly request it. We do not read your social media feeds, messages, or followers.

Generated Content

Text and images you generate using the Service are processed through OpenRouter (which in turn routes to Google Gemini models). Prompts and generated outputs are not stored persistently on our servers beyond the duration of your session, except for images temporarily uploaded to AWS S3 for the purpose of social media publishing.

3. How We Use Your Information

  • To provide and maintain the Service
  • To process transactions and manage your points balance
  • To publish content to social media platforms you have connected and authorized
  • To send scheduled posts at the times you specify
  • To respond to your inquiries via the contact form
  • To improve the Service based on usage patterns

4. Third-Party Services

We share data with the following third-party services:

  • Clerk — authentication and user management
  • Stripe — payment processing
  • OpenRouter (routing to Google Gemini) — AI content and image generation
  • Amazon Web Services (AWS) — data storage (DynamoDB, S3) and hosting
  • Meta (Facebook/Instagram) — publishing content to your connected pages and accounts
  • LinkedIn — publishing content to your connected profile
  • Resend — sending contact form emails
  • Google Analytics — anonymized usage analytics

Each service processes your data according to their own privacy policy. We encourage you to review them.

5. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Social media OAuth tokens are encrypted at rest using AES-256-GCM
  • All data in transit is encrypted via HTTPS/TLS
  • Access to production systems is restricted and authenticated
  • Payment data is handled entirely by Stripe and never touches our servers

6. Data Retention

  • Account data is retained as long as your account is active
  • Social media tokens are deleted immediately when you disconnect an account
  • Scheduled post data is retained for 90 days after publishing or cancellation
  • Images uploaded for social media publishing are retained for 30 days, then automatically deleted
  • Contact form submissions are retained for up to 12 months

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data and account
  • Disconnect social media accounts at any time, which immediately deletes stored tokens
  • Withdraw consent for data processing

To exercise any of these rights, contact us using the information below.

8. Cookies

We use essential cookies for authentication (via Clerk) and analytics cookies (via Google Analytics). We do not use advertising or tracking cookies.

9. Children's Privacy

The Service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at: byldcode.com/contact