Privacy Policy

1. Who we are

AutoBricks AI ("we", "us", "our") operates the platform at autobricks.ai (and the legacy autobricksai.com domain, which redirects here). This policy explains how we handle your personal data when you use our website, platform, and services.

2. What we collect

• Account data - name, email address, and avatar (from Google Sign-In or email signup). Stored in our database to identify your account.
• Usage data - chat messages, Creator Hub workflows, API calls. Stored to provide the service and calculate credit usage.
• Payment data - processed entirely by Stripe. We never see or store your card number, CVC, or expiry. We receive a Stripe Customer ID and transaction metadata (amount, timestamp).
• Contact form submissions - name, email, company, phone, and message text submitted through our contact form.
• Technical data - IP address, browser type, and timestamps in server access logs. Retained for security and debugging.

3. How we use your data

• To provide, maintain, and improve the platform
• To authenticate you and secure your account
• To process payments and track credit usage
• To respond to support and sales enquiries
• To send transactional emails (account confirmation, receipts)

We do not sell your personal data. We do not use your data for advertising. We do not share your data with third parties for their own marketing purposes.

4. Third-party services

We use trusted third-party providers for infrastructure, payments, and AI model inference. We only share the minimum data required for each service to function. When you use the Chat feature, your messages are sent to the AI model provider you select (e.g. Anthropic, OpenAI, Google) - each has its own privacy policy governing how they handle data.

5. Social-network integrations

When you connect a social account to one of your AutoBricks bots, we use the platform's official API to read only the data you authorise during the consent flow. We never post, comment, or message on your behalf via these read-only scopes.

Instagram (via Meta Platforms, Inc.)

When you connect your Instagram Business or Creator account, via Meta's Instagram API with Instagram Login:

• Data we read — your Instagram user ID, username, profile picture URL, and account type (Business or Creator); aggregate insights for your account (follower count, reach, impressions, profile views); and for posts you have published: media ID, caption, timestamp, public permalink, like count, comment count, saved count, and reach.
• Data we do not read — comments left by your audience, direct messages, private follower lists, ad spend, or any data about anyone other than yourself.
• Where the access token lives — encrypted on a per-bot volume that only your dedicated AutoBricks bot can read. Tokens are never pooled or shared across users.
• How long — as long as your AutoBricks account is active. Disconnecting Instagram (Dashboard → your bot → Disconnect) or deleting your AutoBricks account revokes the Meta grant and deletes the on-disk token within minutes.
• Revoke directly with Meta — in the Instagram app: Settings → Apps and Websites → Active → AutoBricks AI → Remove. Or visit our Data Deletion page for the full deletion flow.

6. Google API Services User Data Policy

When you connect a Google Workspace account to one of your AutoBricks bots, AutoBricks AI's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We do not use Google user data for any purpose other than providing the AutoBricks AI bot functionality directly requested by you.
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you.
• We do not use Google user data for advertising purposes.
• We do not allow humans to read your Google user data unless we have your affirmative agreement for specific messages, we need to for security purposes (such as investigating abuse), to comply with applicable law, or for our internal operations and even then only when the data has been aggregated and anonymized.
• Google user data fetched by your bot (emails sent on your request, calendar events, Drive files the bot creates, contacts, Sheets/Docs content) is stored only inside your dedicated AutoBricks bot container under your control — it is never copied to AutoBricks-owned databases or analytics systems.
• You can revoke our access at any time from your Auto Bot's detail page (Disconnect Google) or directly at myaccount.google.com/permissions; doing so deletes the on-disk credentials from your bot container within minutes.

7. AI model usage

Do not send sensitive personal data (passwords, financial details, health records) in chat messages. We do not control how AI model providers handle data beyond their published policies.

8. Data retention

• Account data - retained while your account is active. Delete your account via the Data Deletion flow.
• Chat messages - retained until you delete the conversation. Deleted conversations are permanently removed.
• Social-network access tokens - retained while the integration is connected. Disconnecting wipes the on-disk token within minutes.
• Credit ledger - retained permanently for billing audit purposes.
• Server logs - retained for 90 days, then deleted.

9. Your rights

You can:

• Access your data via the Settings page
• Delete your chat conversations at any time
• Disconnect any social-network integration from the relevant bot's detail page (revokes the grant + wipes the on-disk token)
• Request a full data export or account deletion — see Data Deletion

10. Security

We use HTTPS everywhere, encrypt data at rest, and follow security best practices. Session tokens are HttpOnly cookies. Payment data is handled by a PCI DSS Level 1 certified processor - no card data touches our servers.

11. Cookies

We use a single session cookie to keep you signed in. No tracking cookies, no analytics cookies, no third-party cookies.

12. Changes

We may update this policy. Material changes will be communicated via email or a notice on the platform. Continued use after changes constitutes acceptance.

13. Contact

Questions about this policy? Email [email protected].