Privacy Policy
Last updated July 11, 2026
1. Overview
This Privacy Policy explains what personal data Idea to Life collects, how we use it, who we share it with, and the choices you have. It applies to the Idea to Life web application and related services. We act as the data controller for the account and usage data described below.
2. Data We Collect
- Account information: your name, email address, authentication identifiers, and subscription and billing status.
- Project ideas and blueprints: the natural-language descriptions you submit, the structured blueprints and specifications derived from them, and build history for your projects.
- Usage events: actions taken in the app, build and deployment events, feature usage, error diagnostics, and approximate device and browser information collected through server logs.
- Encrypted credentials: API keys and OAuth tokens you connect (for example GitHub tokens, Render API keys, Supabase credentials, and bring-your-own OpenAI or Anthropic keys). These are encrypted at rest and are never displayed back in full after you save them.
- Support communications: messages you send us and our responses.
We do not intentionally collect special categories of personal data, and we ask that you do not include sensitive personal information in project descriptions.
3. How We Use Data
We use personal data to provide and operate the Service (generating blueprints, running builds, deploying applications, managing subscriptions and credits), to secure the Service (fraud prevention, abuse detection, audit logging), to communicate with you (transactional email, service announcements, support), and to improve the Service (aggregate analytics and debugging). We process data on the legal bases of contract performance, legitimate interests in operating and securing the Service, legal obligations, and consent where required.
4. Third-Party Processors
We share data with a small set of processors, each only for the purpose described:
- OpenAI and Anthropic: process your project descriptions, blueprints, and related build context to generate plans, code, and tests. Prompts are processed under those providers' API terms; we use API tiers that do not use customer content to train their models where such options are available.
- GitHub: stores generated source code in repositories created in your account.
- Render: hosts deployed applications in your account.
- Supabase: provides databases for your generated applications in your organization, and is used for the platform's own database and authentication.
- Resend: delivers transactional email such as magic links, receipts, and build notifications.
Payment card data is handled by our payment processor and never touches our servers. We do not sell your personal data, and we do not share it with third parties for their own advertising purposes.
5. Retention
We keep account data for as long as your account is active. Project ideas, blueprints, and build history are retained while your account exists so you can revisit and rebuild projects. Usage and audit logs are retained for a limited operational window and then deleted or anonymized. Encrypted credentials are deleted immediately when you disconnect an integration or delete your account. Backups expire on a rolling schedule. When you delete your account we delete or anonymize your personal data within a reasonable period, except where retention is required by law (for example billing records).
6. Your Rights
Depending on your location, you may have rights to access, correct, export, restrict, object to processing of, or delete your personal data. In the app you can export your project data and request deletion of your account directly; deletion of your account removes your data from our systems but does not affect the repositories, deployments, and databases that already live in your own third-party accounts. To exercise any right, contact us at the privacy address listed in the app. You may also lodge a complaint with your local supervisory authority.
7. Security
We protect data using encryption in transit, AES-256-GCM encryption at rest for stored secrets, database Row Level Security, and access controls described in our Security Overview. No system is perfectly secure, so please use a strong, unique password and enable available account protections.
8. International Transfers and Changes
Our processors may store data in other countries; where required we rely on appropriate safeguards such as standard contractual clauses. We will post updates to this policy here and notify you of material changes. Continued use of the Service after the effective date of an updated policy constitutes acceptance.