Privacy Policy

Last updated: April 26, 2026

Buildfast AI ("Buildfast", "we", "us") operates the website buildfast-ai.com(the "Service"). This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data.

1. Information we collect

• Account information. Name, email address and profile picture provided through Google or other authentication providers (via Clerk).
• Workflow data. The natural-language prompts you submit, the workflows you generate, the integrations you connect, and the execution metadata stored to deliver the Service.
• Third-party tokens. When you connect an integration (e.g. Gmail, Slack, Notion), we store an encrypted OAuth access token strictly to call the third-party API on your behalf within the workflow you authorized.
• Usage data. Standard logs (IP address, browser type, pages viewed, timestamps) for security and reliability.

2. How we use Google user data

When you authorize Buildfast to access your Google account through OAuth, we request only the scopes required to run the workflows you create. Currently:

• gmail.send — to send emails on your behalf when a workflow includes a Gmail step.
• spreadsheets — to read from and append rows to Google Sheets you specify.
• drive.file — to manage only the files your workflows explicitly create or interact with.
• userinfo.email — to confirm the connected Google account.

Google user data accessed through these scopes is used solely to execute the automation you configured. Buildfast does not use Google user data for advertising, does not sell or transfer it to third parties for any purpose other than running your workflows, and does not allow humans to read it except where required to comply with applicable law, secure our systems, fix a bug, or with your explicit consent.

Buildfast's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How data is stored and protected

• OAuth tokens are encrypted at rest using AES-256-GCM before being written to our database (Supabase).
• All traffic is served over HTTPS (TLS 1.2+).
• Access to production systems is restricted to authorized personnel and protected by 2FA.
• You can revoke any integration at any time from your Buildfast settings, which deletes the stored token.

4. Data retention & deletion

Account and workflow data are retained while your account is active. If you delete your account, all associated workflows, executions and stored OAuth tokens are permanently removed within 30 days.

To request deletion outside the in-app flow, email hello@buildfast-ai.com.

5. Cookies

We use first-party cookies for authentication (session cookies set by Clerk) and to remember preferences. We do not use advertising or third-party tracking cookies.

6. Third-party services

Buildfast relies on the following sub-processors. Each handles data under their own privacy policies:

• Clerk — authentication
• Supabase — database hosting
• Stripe — payment processing
• Make.com — workflow execution engine
• OpenRouter / OpenAI — AI generation

7. Your rights

Depending on your jurisdiction (e.g. GDPR, CCPA), you may have the right to access, correct, export or delete your personal data, and to object to certain processing. Contact hello@buildfast-ai.com to exercise these rights.

8. Children

The Service is not intended for individuals under 16. We do not knowingly collect data from minors.

9. Changes to this policy

We may update this Privacy Policy occasionally. Material changes will be communicated by email or through an in-app notice prior to taking effect.

10. Contact

Questions about this policy? Email hello@buildfast-ai.com.