Privacy Policy
Last updated: March 10, 20261. Introduction
This Privacy Policy explains how Pixel Rainbow Inc., doing business as Builds.io ("we", "us", "our", "Builds.io"), collects, uses, shares, and protects your personal information when you use the builds.io website and any related services (collectively, the "Service").
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
Data Controller:
Pixel Rainbow Inc. dba Builds.io
700 North Fairfax Str. STE 614, Alexandria, Virginia 22314, USA
Email: legal@builds.io
2. Information We Collect
We collect the following categories of personal information:
Account Information
- What: Name, email address, encrypted password
- Why: To create and manage your account, authenticate your identity, and communicate with you
Device Identifiers
- What: UDID (Unique Device Identifier), device type (e.g., iPhone, iPad), iOS version
- Why: To register your device with Apple's Development Program and link your subscription to your device. This information is collected through the Configuration Profile you install during setup.
Payment Information
- What: Payment transactions are processed by Stripe. We store subscription plan type, billing dates, and transaction amounts.
- Why: To process payments, manage subscriptions, and maintain billing records. We do not store your credit card number or full payment details — these are handled directly by Stripe.
Usage Data
- What: App installation history, download dates, app categories
- Why: To provide the Service, improve recommendations, and monitor service performance
Technical Data
- What: IP address, browser type, operating system, internet service provider
- Why: Security, fraud prevention, analytics, and troubleshooting
Marketing Data
- What: Referral source (referrer URL), UTM parameters, cookie consent preferences
- Why: To understand how users find our Service and to improve marketing efforts (with your consent for marketing communications)
Authentication Data
- What: Google account identifier (if you sign in via Google OAuth)
- Why: To enable sign-in through your Google account
3. How We Use Your Information
We use your personal information for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing and operating the Service | Performance of contract |
| Processing payments and managing subscriptions | Performance of contract |
| Sending service-related communications (account status, device status changes, subscription updates) | Performance of contract |
| Sending marketing communications | Your consent (you may opt out at any time) |
| Analytics and service improvement | Legitimate interest |
| Security, fraud prevention, and abuse detection | Legitimate interest |
| Complying with legal obligations (e.g., tax records, law enforcement requests) | Legal obligation |
4. Information Sharing and Third Parties
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
We share personal information with the following categories of service providers, solely to operate and improve the Service:
| Service Provider | Data Shared | Purpose |
|---|---|---|
| Stripe | Email, payment details, subscription data | Payment processing and subscription management |
| Mandrill (Mailchimp) | Email address, name, subscription status | Sending transactional and marketing emails |
| Google Analytics | IP address (anonymized), usage data, cookies | Website analytics and performance monitoring |
| Apple | UDID, device type, iOS version | Device registration in Apple's Development Program |
| Google account identifier | Authentication via Google OAuth (if chosen by you) |
We may also disclose your information if required by law, legal process, or government request, or to protect our rights, safety, or property.
5. Cookies and Tracking Technologies
We use the following types of cookies and similar technologies:
- Essential Cookies: Required for the Service to function (e.g., session management, authentication). These cannot be disabled.
- Analytics Cookies: Used by Google Analytics to understand how visitors interact with the Service. These collect anonymized usage data.
- Marketing Cookies: Used to track referral sources and marketing campaign performance (e.g., UTM parameters).
Managing Cookies: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may prevent the Service from functioning properly. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
6. Data Retention
We retain your personal information for the following periods:
| Data Category | Retention Period |
|---|---|
| Account information | For the duration of your account, plus 1 year after deletion |
| Device identifiers | For the duration of your account, plus 1 year after deletion |
| Payment and billing records | Up to 7 years after the transaction (as required by tax and financial regulations) |
| Usage data | For the duration of your account, plus 1 year after deletion |
| Technical and analytics data | Up to 26 months |
| Marketing data | For the duration of your account, plus 1 year after deletion |
After these periods, data is permanently deleted or anonymized. You may request deletion of your data at any time (see Section 8 or 9 below).
7. Data Security
We implement reasonable administrative, technical, and physical safeguards to protect your personal information, including:
- Encryption of data in transit (TLS/SSL)
- Encryption of stored passwords
- Access controls limiting data access to authorized personnel
- Regular monitoring of our systems for security vulnerabilities
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
8. Your Privacy Rights — California Residents (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA/CPRA"), provides you with the following rights:
- Right to Know: You may request the categories and specific pieces of personal information we have collected about you, the sources, the purposes, and the third parties with whom we shared it.
- Right to Delete: You may request that we delete your personal information, subject to certain exceptions (e.g., legal obligations, ongoing transactions).
- Right to Correct: You may request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. Therefore, there is no need to opt out, but we honor opt-out requests as a matter of policy.
- Right to Limit Use of Sensitive Personal Information: You may request that we limit the use of sensitive personal information to purposes necessary to provide the Service.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
How to Submit a Request:
Email us at legal@builds.io with the subject line "California Privacy Request." Please include your name and email address associated with your account.
Verification: To protect your privacy, we will verify your identity before fulfilling your request. We will match the information you provide with the information we have on file (e.g., email address associated with your account). If we cannot verify your identity, we may ask for additional information.
Response Time: We will respond to verified requests within 45 days. If we need additional time, we will notify you and may extend the response period by up to 45 additional days (90 days total).
Authorized Agents: You may authorize an agent to submit a request on your behalf by providing a signed written authorization or a power of attorney.
Disclosure for the Past 12 Months:
| Category | Collected | Sold | Shared for Advertising | Disclosed for Business Purpose |
|---|---|---|---|---|
| Identifiers (email, name, UDID) | Yes | No | No | Yes (Stripe, Mandrill, Apple) |
| Commercial information (subscriptions, payments) | Yes | No | No | Yes (Stripe) |
| Internet/electronic activity (usage data, IP) | Yes | No | No | Yes (Google Analytics) |
| Device information | Yes | No | No | Yes (Apple) |
9. Your Privacy Rights — EEA and UK Residents (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) and UK GDPR provide you with the following rights:
Data Controller: Pixel Rainbow Inc. dba Builds.io, 700 North Fairfax Str. STE 614, Alexandria, Virginia 22314, USA. Contact: legal@builds.io.
Legal Basis for Processing:
We process your personal data based on the following legal grounds:
- Contract: Processing necessary to provide the Service you requested (account management, device registration, payments)
- Consent: Marketing communications (you may withdraw consent at any time)
- Legitimate Interest: Analytics, security, fraud prevention, and service improvement
- Legal Obligation: Retention of financial records as required by law
Your Rights:
- Right of Access: Request a copy of your personal data.
- Right to Rectification: Request correction of inaccurate data.
- Right to Erasure ("Right to Be Forgotten"): Request deletion of your data, subject to legal retention requirements.
- Right to Restriction of Processing: Request that we limit how we use your data in certain circumstances.
- Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format.
- Right to Object: Object to processing based on legitimate interest (we will cease processing unless we demonstrate compelling legitimate grounds).
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
- Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.
How to Exercise Your Rights:
Email us at legal@builds.io. We will respond within 30 days.
Automated Decision-Making: We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
10. International Data Transfers
Your personal data is stored and processed in the United States. If you are located outside the United States (including the EEA or UK), your data will be transferred to, and processed in, the United States.
For transfers of personal data from the EEA/UK to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism to ensure an adequate level of protection for your data.
11. Children's Privacy
The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly. If you believe that we may have collected information from a child under 16, please contact us at legal@builds.io.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a notice on the Service at least 15 days before the changes take effect. Your continued use of the Service after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
- Privacy and data requests: legal@builds.io
- General inquiries: hello@builds.io
- Support: help@builds.io