buildinpublic.now is operated as an independent SaaS product. If you have privacy questions, contact us at hello@buildinpublic.now.
Account data. When you sign up, we collect your email address and a hashed password. We do not store plaintext passwords.
GitHub data. When you connect a repository, we receive commit messages, commit authors, file names, diff summaries, and repository names via GitHub Webhooks. We do not access raw source code or private repository contents beyond what your webhook delivers.
Twitter / X tokens. If you connect your X account, we store your OAuth access tokens (encrypted in our database) to post on your behalf. We do not store your X password.
Payment data. Payments are processed by Stripe. We do not store full credit card numbers. We retain a Stripe customer ID and your subscription status.
Usage data. We may collect basic usage metrics (e.g. number of posts generated, errors) to improve the Service. We do not sell this data.
Feedback. If you submit feedback through the dashboard, we store your message and account ID to help prioritise improvements.
We do not use your data to train AI models. Your commit data and generated drafts are not shared with third parties except as described in this policy.
Supabase. Our database and authentication provider. Data is stored in Supabase-managed infrastructure. See Supabase Privacy Policy.
OpenAI. Commit metadata is sent to OpenAI’s API to generate draft posts. OpenAI’s data usage policies apply. We use the API in a way that opts out of training data use (as per OpenAI’s API terms). See OpenAI Privacy Policy.
Stripe. Billing and subscription management. See Stripe Privacy Policy.
GitHub. Commit data arrives via webhooks you configure. GitHub’s own privacy policy governs your use of GitHub.
X / Twitter. Posts are published via the X API using your OAuth tokens. X’s privacy policy governs your use of X.
Vercel. The Service is hosted on Vercel. Request logs may be retained by Vercel. See Vercel Privacy Policy.
We retain your data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required by law to retain it longer.
Generated post drafts are retained until you delete them or your account is closed.
Depending on your location, you may have rights to:
To exercise these rights, email hello@buildinpublic.now. We will respond within 30 days.
We use HTTP-only session cookies to keep you signed in. These cookies are essential for the Service to function and cannot be disabled. We do not use advertising cookies or third-party tracking pixels.
We use industry-standard practices to protect your data: HTTPS for all connections, encrypted credentials at rest, and role-based access controls on our database. However, no system is perfectly secure — use a strong, unique password and enable two-factor authentication where available.
We may update this Privacy Policy periodically. Material changes will be communicated by email or in-app notice. Your continued use after changes take effect constitutes acceptance.
Privacy questions or requests: hello@buildinpublic.now