Legal

Privacy policy

Last updated: May 11, 2026 · Effective May 11, 2026

1. Definitions

Where capitalised below, these words have specific meanings used throughout this policy.

  • Personal Data —information that identifies you or could reasonably be linked to you (name, email, account ID, IP address).
  • Customer Data —what you submit to Briques: prompts, Mini App definitions, the records and files you store inside a Mini App.
  • Service Data —operational telemetry generated by your use of the service: page views, action logs, performance metrics, billing events.
  • AI Provider —a third-party model API we route prompts to (today: OpenAI and Anthropic).
  • Sub-processor —a third party we engage to process Personal Data on our behalf to deliver the service (Supabase, Cloudflare, AI Providers, Resend, Apple, Google).
  • Data Protection Laws —privacy laws that apply to you and to us, including the EU and UK General Data Protection Regulations (GDPR / UK GDPR), the Swiss FADP, the California Consumer Privacy Act (CCPA / CPRA) and similar US state laws, the Canadian PIPEDA, the Australian Privacy Act 1988, and India's Digital Personal Data Protection Act 2023 (DPDP Act).

2. Overview

Briques ("we", "us") is an AI-powered tool for building small, single-user mobile apps from natural-language descriptions. This policy explains what we collect when you use Briques on iOS, on Android, or on this website, what we do with it, what we send to AI Providers, and what choices you have. We aim to collect only what's needed to deliver a reliable, secure service.

Briques apps are single-user and private to you. Generated apps and the data inside them are not shared with other users, indexed publicly, or made available to anyone else without your action.

3. What we collect

Information you provide

  • Account information. Name and email when you sign in with Google or, on iOS, Sign in with Apple.
  • Prompts. The natural-language descriptions you submit to generate or modify Mini Apps.
  • App content. The Mini Apps you create (their structure and logic) and the data you store inside those apps (records you add, files you upload, edits you make).
  • Communications. Anything you send us through support, feedback, or email.

Information collected automatically

  • Usage data. Pages and features used, actions taken, approximate session duration.
  • Device & log data. Device model, operating system, app version, IP address, crash reports.
  • Server logs. Request logs (no prompt content) for security and abuse detection.

Information from app stores

  • Purchase confirmations. When you purchase a subscription or credit pack, Apple or Google shares the transaction with us so we can grant access. We do not see your full payment information; the store handles billing.
  • Subscription status changes. Apple and Google notify us when subscriptions renew, lapse, are refunded, or are cancelled, so we can update your account.

Cookies and tracking

The briques.app website uses only the cookies it needs to function. We currently use two categories:

  • Strictly necessary. Sign-in session cookies, theme preference, CSRF protection. These are always on; the site cannot run without them.
  • Functional. Remembering settings you've changed (for example, your selected theme).

We do not currently use analytics, advertising, or third-party tracking cookies on the website. The Briques iOS app does not present an App Tracking Transparency prompt because it does not track you across other apps or websites.

If we add analytics in future (for example, a privacy-focused tool such as Plausible), we will update this section before enabling it and provide a way to opt out where required by law.

For users in the EEA, the UK, Switzerland, and other jurisdictions that require us to identify a legal basis under Data Protection Laws, we rely on the following bases:

  • Performance of a contract. Operating your Account, generating Mini Apps, storing your data, processing your subscriptions. Without this processing we can't provide the service.
  • Legitimate interests. Detecting abuse and fraud, securing the service, debugging, measuring aggregated product usage. We've balanced this against your interests and concluded the processing is proportionate.
  • Consent. Optional cookies (if any), marketing emails (if you opt in), and any AI-related processing where consent is the relevant basis under your local law. You can withdraw consent at any time without affecting prior processing.
  • Legal obligation. Tax records, anti-fraud and anti-money-laundering checks, and responses to lawful requests by competent authorities.
  • Vital interests / public interest. Rarely, to protect a person's life or comply with a public-interest obligation.

5. How we use it

We use the information we collect to:

  • Provide, operate, and maintain Briques.
  • Generate and modify Mini Apps using AI models (see section 6).
  • Validate purchases, grant entitlements, and reconcile subscription state with Apple and Google.
  • Improve product quality, debug issues, and measure feature performance using aggregated, de-identified data only.
  • Send service-related emails: account notices, security alerts, and important updates.
  • Detect, prevent, and respond to abuse, fraud, and security incidents.
  • Comply with legal obligations.

We do not sell your Personal Data or Customer Data. We do not use the content of your prompts or apps to train our own models. We do not permit AI Providers to train their models on your prompts or app content; we send requests through API endpoints whose terms exclude training, as confirmed by each provider's published policy at the time of integration.

6. AI processing

Briques uses AI models from third-party providers to interpret prompts, generate app structure (pages, data, fields), and write the JSX rendered by the in-app runtime. Today's providers:

  • OpenAI —used for fast generation and embeddings.
  • Anthropic —used for higher-quality reasoning passes.

We may add or change providers over time. The current set is listed here, and any change affecting how your data flows will update the "Last updated" line above.

What we send to providers

  • Your prompt text.
  • The current app's structure (schema, page layout, field names) when relevant to the request.
  • Short context excerpts from your data only when you explicitly ask the AI a question about your data (for example, AI search). Otherwise your records are not sent.

What we don't send

  • Your name, email, account ID, or any direct identifier.
  • Files you upload (images, PDFs, attachments).
  • The bulk contents of your tables outside the relevant excerpt above.

Safety filtering

Prompts are checked against a safety classifier before generation. Prompts requesting clearly disallowed content (sexual content involving minors, instructions for violence, targeted harassment, weapons or drug instructions, regulated advice such as medical or legal direction) are blocked with a message. Generated output is also screened before it's shown to you.

AI-generated content disclosure

Mini Apps and their structure are AI-generated. Generated output may be incorrect, incomplete, or unsuitable for a given use. Briques does not provide medical, legal, financial, or other regulated advice and you should not rely on Briques for those decisions. See our terms for the full disclaimer.

Opt-out from aggregated analysis

We do not use Customer Data for training. Aggregated, fully anonymised usage statistics may inform product decisions; if you don't want even that, contact privacy@briques.app and we will exclude your account.

7. Who we share with

We share information only in these limited cases:

  • Service providers we depend on: Supabase (database and file storage), Cloudflare (DNS, email routing, hosting for this site), OpenAI and Anthropic (AI generation), Resend (transactional email), Apple (App Store payments), Google (Play Store payments and authentication). Each is bound by contractual confidentiality obligations and processes data on our instructions.
  • Legal & safety. If required by law, court order, or to protect the rights, safety, or property of Briques, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, or asset sale, subject to the same protections set out here.

Sub-processor changes

We will list any new Sub-processor that processes Customer Data on this page at least 10 days before giving them access. The "Last updated" date at the top of this page reflects the most recent change. If you object to a new Sub-processor, your remedy is to terminate your Account and request data deletion before the new Sub-processor begins processing.

8. Storage & retention

Your account data, Mini App definitions, and app records are stored in Supabase Postgres. Files you upload are stored in Supabase Storage. Both live in our primary region; we do not replicate user data across regions today.

We retain account data for as long as your Account is active. Plan caps for row data and file storage are listed on the pricing page.

Crash logs and aggregated usage data are retained for up to 24 months. Server-side request logs (no prompt content) are retained for up to 90 days for security and abuse detection. AI Provider request logs are subject to each provider's retention policy; today, OpenAI and Anthropic API requests are not used for training and have provider-side retention windows documented in their public policies.

9. Security

We protect Personal Data and Customer Data using a combination of organisational and technical measures:

  • Encryption in transit. All connections to Briques use TLS 1.2 or higher.
  • Encryption at rest. Database and file storage at our hosting provider (Supabase, on AWS) is encrypted at rest using AES-256.
  • Access controls. Internal access to production systems is limited to engineers who need it, gated by single sign-on with multi-factor authentication, and logged.
  • Least privilege. Service accounts and AI Provider keys are scoped to the minimum permissions needed.
  • Backups. Daily encrypted backups with point-in-time recovery; backups are purged on the same schedule as production data after account deletion.
  • Vulnerability response. We monitor dependency advisories and apply security patches promptly. Report security issues to security@briques.app.
  • Breach notification. If a Personal Data breach is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by law, and will notify affected users without undue delay.

No system is perfectly secure. We make these commitments in good faith but cannot guarantee absolute security.

10. International data transfers

Briques is operated from India and uses Sub-processors located in several countries (including the United States and the European Union). When your Personal Data leaves the country where you are located, we rely on transfer mechanisms recognised by the applicable Data Protection Law:

  • EEA / UK / Switzerland to outside. Transfers are protected by the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, and (for Switzerland) the Swiss Addendum, plus supplementary technical and organisational measures where needed.
  • India to outside. Transfers comply with the Digital Personal Data Protection Act 2023, including any country-specific restrictions notified by the Government of India.
  • Other regions. We follow the transfer mechanisms applicable in your jurisdiction (for example, Canadian PIPEDA accountability requirements, Australian Privacy Principles 8 for cross-border disclosure).

A copy of the SCCs we use is available on request from privacy@briques.app.

11. Your rights

Depending on where you live (GDPR in the EEA / UK, CCPA in California, similar laws elsewhere) you may have the right to:

  • Access the Personal Data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your Personal Data and Account.
  • Export your data in a portable format (machine-readable JSON).
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Opt out of "sale" or "sharing" of Personal Data (we do neither, but the right is yours regardless).
  • Lodge a complaint with a supervisory authority.

To exercise any of these rights, email privacy@briques.app. We respond within 30 days. We will not discriminate against you for exercising your privacy rights.

If you are not satisfied with our response, you may lodge a complaint with your local supervisory authority —for example, your national data protection authority in the EU/EEA, the Information Commissioner's Office in the UK, the Office of the Australian Information Commissioner, the Office of the Privacy Commissioner of Canada, the California Privacy Protection Agency, or the Data Protection Board of India.

12. Account & data deletion

You can delete your Briques account at any time:

  • From the iOS or Android app: Account → Delete account. Tap, confirm, done.
  • By email: send a request from the address on your account to privacy@briques.app.

On deletion, we permanently delete your account, Mini Apps, app records, and uploaded files within 30 days from production systems. Backup copies are purged within a further 60 days. Some records (aggregated billing reconciliation, fraud-prevention logs) may be retained longer where required by law; these are scoped, minimised, and not used for any other purpose.

If you have an active subscription, deleting your Briques account does not automatically cancel an Apple- or Google-managed subscription. To stop renewals, also cancel via your Apple ID or Google Play subscription settings.

13. Apple App Store

On iOS, in-app purchases (Pro subscription, credit packs) are processed by Apple through the App Store. Your payment method, billing address, and Apple ID are managed by Apple under Apple's privacy policy; we do not receive or store these. The same applies to Google Play purchases on Android, which are governed by Google's privacy policy.

Apple and Google share with us a transaction identifier, the product purchased, and subscription state changes (renewal, lapse, refund, cancellation) so we can correctly grant access and update your entitlement. We use this only to administer your account.

Refunds for App Store purchases are handled by Apple. Visit reportaproblem.apple.com to request one. Refunds for Google Play purchases are handled by Google through the Play Store. Briques does not have direct authority over store-managed refunds.

14. Children & age rating

Briques is rated 17+ on the App Store because the product generates content using AI, and AI output can be unpredictable. We do not direct Briques to children under 13 (or 16 in the EEA / UK), and we do not knowingly collect personal information from them.

We comply with the United States Children's Online Privacy Protection Act (COPPA): if you believe a child under 13 has provided us personal data, contact privacy@briques.app and we will delete it promptly.

15. EU/UK representative & supervisory authorities

Briques is established outside the EEA and the UK. While we finalise the appointment of a representative under Article 27 of the GDPR and the UK GDPR, EEA and UK residents may contact us directly at privacy@briques.app for any privacy matter, and we will respond within the statutory deadlines. The "Last updated" date above will change when we publish the appointed representative's contact details.

If you live in the EEA or the UK, you also have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA authorities is published by the European Data Protection Board; the UK authority is the Information Commissioner's Office (ICO).

16. Changes

We may update this policy from time to time. If we make material changes (for example, adding a new AI Provider, changing what we share), we'll notify you by email or a prominent in-product notice before the changes take effect. The "Last updated" date above always reflects the most recent revision. Older versions are available on request.

17. Contact

Questions about this policy or your data? Email privacy@briques.app or visit our contact page.