Data Processing Overview
Last updated July 11, 2026
1. Scope
This Data Processing Overview describes the categories of data Idea to Life processes, the subprocessors we engage, the purposes for which each processes data, and the technical measures that protect data in our systems. It is intended to help customers complete vendor assessments and to serve as a plain-language companion to our Privacy Policy. Customers requiring a signed data processing agreement (DPA) with standard contractual clauses can request one through our support contact.
2. Categories of Data
- Identity and account data: name, email address, authentication identifiers, plan and subscription status.
- Project content: natural-language idea descriptions, generated blueprints and specifications, build inputs and outputs, and metadata about repositories, deployments, and databases created for you.
- Usage and telemetry data: application events, build lifecycle events, error diagnostics, IP addresses and user-agent strings from server logs, and audit log entries.
- Credentials and secrets: OAuth tokens and API keys you connect for GitHub, Render, Supabase, and (optionally) your own OpenAI or Anthropic keys, plus environment secrets destined for your deployed applications.
- Billing data: subscription records and credit balances. Full payment card details are processed only by our payment processor and never stored on our systems.
3. Protection of Secrets
All connected credentials and environment secrets are encrypted at rest using AES-256-GCM with authenticated encryption; encryption keys are managed separately from the database and rotated according to our key management procedures. Secrets are decrypted only at the moment of use inside the build and deployment pipeline, are masked in logs and user interfaces, and are never included in prompts sent to AI providers except where a specific integration explicitly requires a value you have designated for that purpose.
4. Row Level Security and Access Control
Our primary datastore enforces Postgres Row Level Security (RLS) so that every query is scoped to the authenticated user's own rows; there is no application code path that reads another customer's projects, builds, or secrets. Administrative access is limited to a small number of operators, gated by strong authentication, and recorded in audit logs. Build workloads run in isolated sandboxes with restricted command allowlists, as described further in our Security Overview.
5. Subprocessors and Purposes
We engage the following subprocessors. Each receives only the data needed for its purpose:
- OpenAI (USA): processes project descriptions, blueprints, and build context to generate plans, code, and tests via API.
- Anthropic (USA): processes project descriptions, blueprints, and build context to generate plans, code, and tests via API.
- GitHub (USA): stores generated source code in repositories created in your account; receives repository content and account linkage data.
- Render (USA): hosts deployed applications in your account; receives deployment configuration and application artifacts.
- Supabase (USA/EU regions): provides the platform database and authentication, and provisions databases for your generated applications; processes account data, project content, and encrypted secrets at rest.
- Resend (USA): delivers transactional email; processes recipient email addresses and message content.
- Payment processor: processes billing and payment card data on our behalf under its own PCI-DSS compliant systems.
Where you connect your own accounts (GitHub, Render, Supabase, or your own AI keys), those providers act as services you contract with directly for the resources in your accounts, in addition to any processing they perform for us.
6. International Transfers, Retention, and Deletion
Subprocessors may process data in the United States and other countries; where required, transfers rely on appropriate safeguards such as standard contractual clauses. Retention follows the schedule in our Privacy Policy: project content persists while your account is active, operational logs are retained for a bounded window, and credentials are deleted immediately upon disconnection or account deletion. Account deletion triggers erasure or anonymization of personal data within a reasonable period, subject to legal retention duties and rolling backup expiry.
7. Changes to Subprocessors
We maintain this list as our current, complete subprocessor list. Before adding a new subprocessor that processes customer personal data, we will update this document and provide notice through the Service, giving customers an opportunity to raise objections. Questions about this overview, DPA requests, and security questionnaires can be directed to the privacy contact listed in the application.