PRIVACY POLICY
Last modified: September 4, 2025
This Privacy Policy explains how Constructr, Inc. (“Constructr,” “we,” “us,” or “our”) collects, uses, shares, and protects information when you visit our website, use the Constructr Studio to build applications, and when applications built on Constructr collect data from their end-users. If you do not agree with this policy, please do not use our services.
1. Scope and roles
- Website and Studio: For visitors to our website and users of the Constructr Studio, Constructr is the data controller.
- Customer apps: For end-user data collected by applications our customers build and run on Constructr, the customer is the controller and Constructr is the processor. Customers must provide their own privacy notice to their end-users and, for business customers, execute our Data Processing Addendum (DPA), available on request at [email protected].
2. What we collect
We separate Customer Content (what you or your end-users put into Constructr or apps built on Constructr) from Service/Operational Data (what we collect to run, secure, and improve the services).
2.1 Summary table
| Category | Examples | Source | Why we use it | Retention |
|---|---|---|---|---|
| Account data | Name, email, organization, role | You | Create and manage your account, service notices | While account is active, then delete within 30 days |
| Billing data | Billing contact, invoice details | You; Stripe processes card data | Billing, refunds, tax records | As required by law |
| Customer Content | Prompts, files, app schemas, generated code, app end-user data (if you host with us) | You or your end-users | Provide the core service and run your apps | You control via app or workspace settings; backups age out within 35 days |
| Product telemetry and logs | Usage events, performance metrics, API logs, device and browser info, IP | Automatic | Operate, secure, and improve the Studio and runtime | 12 months |
| Support data | Tickets, recordings or screenshots you share | You | Troubleshooting, quality assurance | 24 months |
| Integration metadata | Connector configuration, minimal tokens/secrets | You | Connect to data sources and services at your request | While enabled; delete on disconnect |
| Prospecting (B2B) | Business contact info from public sources or vendors | Third parties, public sources | Outreach to prospective business customers; manage opt-outs | Until you opt out or data becomes unreliable |
| Cookies and similar | Cookie IDs and similar identifiers | Automatic | Authentication, preferences, analytics (no targeted ads) | See “Cookies” below |
Notes:
- Card numbers are handled by Stripe. We do not store full card numbers.
- We do not knowingly collect information from children under 16.
3. How we use information
- Provide, maintain, and secure the website, Studio, and hosted app infrastructure
- Configure and run integrations you connect
- Communicate about service changes, incidents, and billing
- Improve performance, reliability, and user experience (see “AI training” below)
- Comply with law, enforce terms, and prevent abuse
We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
4. AI training and human review
Training by default. To improve model quality and service reliability, Constructr may use Customer Content and operational signals (for example, prompts, outputs, error logs) to train or fine-tune AI models and to improve heuristics and safety systems.
- Opt-out: Certain plans offer a workspace-level opt-out from using Customer Content for training. Service and security data may still be used to operate and protect the services.
- Third-party models: When we use third-party model providers, we contractually require them not to train on Customer Content unless you have opted in to allow it.
- Human review: When you request support, or as part of periodic quality checks and abuse prevention, authorized staff may review limited Customer Content under strict access controls and audit logging.
If you need a no-training commitment, contact [email protected] about plan options.
5. Your apps and end-users
- Hosting and storage: Constructr can host back-end data stores for apps you generate.
- Customer control: You choose what your app collects from end-users and how long to retain it. You are responsible for providing an appropriate privacy notice to your end-users and for honoring requests from your end-users.
- Processor role: Constructr processes end-user data on your instructions under the DPA and uses sub-processors to provide the service.
6. Sub-processors and vendors
We use service providers for hosting, analytics, email, payments, support, and model inference. We will provide a current list on request at [email protected] and will notify affected business customers by email before material changes when contractually required.
7. International data handling
Our services are operated in the United States. If you choose to provide information from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where privacy laws may be different from those in your jurisdiction.
8. Cookies and similar technologies
- What we use: Session cookies for login, preference cookies, and analytics cookies on the website and in the Studio. We do not use third-party advertising pixels.
- Consent: Where required, we show a banner and will not set non-essential cookies until you consent.
- Global Privacy Control (GPC): We honor GPC where required.
- Manage choices: Use the banner where available or your browser settings to control cookies.
9. Security
We use administrative, technical, and physical safeguards appropriate to the nature of the data, including:
- Encryption in transit and at rest
- Access controls following least-privilege principles
- Audit logging of key administrative actions and access to Customer Content
- Backups with tested restore procedures
- Vulnerability management and dependency patching
- SSO/SAML: planned; contact us if you need this
- Independent audits: we intend to pursue SOC 2 and will update this policy when complete
Incident notice: If we learn of unauthorized access to personal data, we will notify affected customers without undue delay and as required by law.
10. Data retention
Unless a different period is stated in your contract or app settings:
- Customer Content: deleted within 30 days of your request or account termination
- Operational logs: 12 months
- Analytics: 18 months
- Support tickets and artifacts: 24 months
- Backups: roll off within 35 days
We may retain data longer if required by law or to resolve disputes, enforce agreements, or protect our rights.
11. How we share information
We share personal information with:
- Service providers and sub-processors who help us operate the services
- Professional advisors such as lawyers and accountants
- Authorities when required by law or to protect rights and safety
- Business transfers in connection with a merger, acquisition, or asset sale
We do not sell personal information and do not share it for cross-context behavioral advertising.
12. Your privacy rights and choices
Your rights depend on where you live. Subject to applicable law, you may have the right to:
- Access your personal information
- Correct inaccurate information
- Delete your information
- Receive a portable copy
- Object to or restrict certain processing
- Appeal a decision on your request (available for several US states)
How to exercise your rights: Email [email protected]. We may ask for information to verify your identity. If we decline your request, you may appeal by replying to the same email thread and stating “Appeal” in the subject. We will not discriminate against you for exercising your rights.
Authorized agents (California): If you use an authorized agent, we may require proof of authorization and direct confirmation from you.
13. Children's privacy
Constructr is not for children under 16. Do not create an account if you are under 16. Customers building apps on Constructr are responsible for complying with youth-privacy laws for their own end-users.
14. Payments
We use Stripe to process payments. Stripe collects and processes your payment card information on our behalf. We do not store full card numbers.
15. Integrations and third-party sources
You can connect third-party data sources and services to your apps. Where possible, we proxy requests rather than copy source data into our systems. If we must cache data to provide the service, we store the minimum necessary and provide per-connector deletion controls where available.
For B2B marketing, we may collect business contact information from public sources and third-party providers. You can opt out by emailing [email protected] or using unsubscribe links.
16. Changes to this policy
We will post updates to this page and will email account owners for material changes before they take effect. The effective date at the top shows when the policy last changed.
17. Contact
Email: [email protected]
Mailing address: Constructr, Inc., 1484 Pollard Rd, #3006, Los Gatos, CA 95032, USA