Privacy Policy

Last updated: November 29, 2025

1. Introduction

This Privacy Policy describes how d88.dev ("we," "our," or "us") collects, uses, and protects your personal information when you use our Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account using Google OAuth, we collect:

  • Email address
  • Full name
  • Profile picture (avatar URL)
  • Unique user identifier from Google

2.2 Project Data

We store the content you create, including:

  • Product Requirements Documents (PRDs)
  • User flow diagrams and specifications
  • UI design specifications
  • Website code and generated assets
  • Synchronization data between PRDs and websites
  • Project metadata (names, descriptions, tags)

2.3 Usage Data

We collect information about how you use the Service:

  • Chat history with AI assistant
  • LLM API call logs (for service improvement and debugging)
  • Token usage and transactions
  • Subscription and payment information
  • User preferences and settings
  • Timestamps of account creation, last access, and project modifications

2.4 Technical Data

We may automatically collect certain technical information:

  • IP address
  • Browser type and version
  • Device information
  • Session cookies

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve the Service
  • Authentication: To authenticate your identity and manage your account
  • Data Storage: To store your projects and enable multi-device access
  • AI Features: To process your requests and generate AI-assisted content
  • Website Building: To generate and maintain websites based on your PRDs
  • Synchronization: To keep PRDs and built websites in sync
  • Billing: To process subscription payments and manage your account
  • Communication: To send service-related notifications and updates
  • Analytics: To analyze usage patterns and improve the Service
  • Security: To detect and prevent fraud, abuse, and security issues
  • Legal Compliance: To comply with legal obligations and enforce our Terms

4. Third-Party Services

We use the following third-party services that may collect or process your data:

4.1 Supabase

We use Supabase for authentication and database hosting. Your data is stored on Supabase's infrastructure. Supabase's privacy policy applies to their handling of your data:https://supabase.com/privacy

4.2 Google

We use Google OAuth for authentication. When you sign in with Google, Google shares your profile information with us. Google's privacy policy applies:https://policies.google.com/privacy

4.3 OpenRouter

We use OpenRouter to provide AI features. Your chat messages and project context are sent to OpenRouter's API, which routes requests to various AI models. The AI models we use are private and do not expose your sensitive data to training. Your data is not used to train or improve the AI models. OpenRouter's privacy policy applies:https://openrouter.ai/privacy

4.4 Stripe

If you make payments, we use Stripe for payment processing. Stripe collects and processes your payment information. Stripe's privacy policy applies:https://stripe.com/privacy

5. Data Storage and Security

We implement industry-standard security measures to protect your data:

  • Data encryption in transit (HTTPS/TLS)
  • Data encryption at rest on Supabase infrastructure
  • Row Level Security (RLS) policies to ensure users can only access their own data
  • Secure authentication using OAuth 2.0
  • HTTP-only cookies for session management
  • Regular security audits and updates

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as necessary to provide the Service:

  • Account Data: Retained while your account is active
  • Project Data: Retained until you delete the project or your account
  • Chat History: Retained to provide conversation continuity
  • LLM Logs: Retained for service improvement and debugging purposes
  • Payment Records: Retained as required by law (typically 7 years)

Upon account deletion, we will delete your personal data within 30 days, except where we are required to retain it by law.

7. Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Export your project data in JSON format
  • Opt-out: Unsubscribe from marketing emails (service emails may still be sent)
  • Data Portability: Receive your data in a structured, commonly used format

To exercise these rights, please contact us through the Service or your account settings.

8. Cookies and Tracking

We use cookies and similar technologies for:

  • Authentication: To maintain your login session
  • Security: To protect against unauthorized access
  • Preferences: To remember your settings

We use HTTP-only cookies that cannot be accessed via JavaScript for security. You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately, and we will delete such information.

10. International Data Transfers

d88.dev operates from Ontario, Canada. Your data may be transferred to and stored on servers located outside your country of residence, including in Canada and other jurisdictions where our service providers operate. By using the Service, you consent to the transfer of your data to countries that may have different data protection laws than your own.

We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA).

11. Data Sharing

We do not sell your personal data. We may share your data only in the following circumstances:

  • Service Providers: With third-party service providers (Supabase, OpenRouter, Stripe) necessary to operate the Service
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to users)
  • Protection of Rights: To protect our rights, property, or safety, or that of our users

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending an email notification for significant changes

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@d88.dev or through the Service.

← Back to Home