Privacy Policy
Last updated: March 2, 2026
1. Data Controller
This Privacy Policy describes how your personal data is collected, used, stored, and protected by:
RYTORA AI TECHNOLOGY & SOLUTIONS LTDA - ME
CNPJ: 62.234.242/0001-05
Contact: privacy@rytora.ai
This policy complies with the Brazilian General Data Protection Law (LGPD — Lei n. 13.709/2018) and applicable international data protection regulations.
2. Data We Collect
| Category | Data | Purpose |
|---|---|---|
| Account Data | Name, email, profile picture | Account creation and authentication |
| Authentication | OAuth tokens (GitHub, Google), hashed passwords | Secure login |
| Billing Data | CPF/CNPJ, Stripe customer ID, subscription details | Payment processing and tax compliance |
| Usage Data | Credit consumption, generation history, projects created | Service delivery and billing |
| Technical Data | IP address, user agent, browser info | Security, audit logs, fraud prevention |
| Content Data | Prompts, chat messages, generated code | AI code generation service delivery |
3. Legal Basis for Processing (LGPD Art. 7)
We process your personal data based on the following legal grounds:
- Consent — When you create an account and accept these terms (Art. 7, I)
- Contract performance — To provide the BuildLabs service you subscribed to (Art. 7, V)
- Legitimate interest — For security monitoring, fraud prevention, and service improvement (Art. 7, IX)
- Legal obligation — Tax compliance and regulatory requirements (Art. 7, II)
4. How We Use Your Data
- To provide, maintain, and improve the BuildLabs platform
- To process payments and manage subscriptions via Stripe
- To generate code based on your prompts using AI (Claude API)
- To enforce rate limits, prevent abuse, and ensure platform security
- To send transactional emails (account, billing, security alerts)
- To comply with legal and regulatory obligations
- To provide enterprise features (audit logs, SSO, SCIM provisioning)
5. Data Sharing
We do not sell your personal data. We share data only with the following categories of service providers, strictly for service delivery:
| Provider | Purpose | Data Shared |
|---|---|---|
| Anthropic (Claude API) | AI code generation | Prompts, chat context |
| Stripe | Payment processing | Email, billing info, CPF/CNPJ |
| Neon | Database provisioning for apps | Database metadata (no personal data) |
| Vercel / Railway | App deployment | Generated code (at user's request) |
| GitHub / Google | OAuth authentication | OAuth tokens (via user consent) |
6. International Data Transfers
Your data may be processed in servers located outside of Brazil, including the United States (cloud infrastructure providers). Such transfers are conducted in compliance with LGPD Art. 33, using appropriate safeguards including contractual clauses and adequacy decisions.
7. Data Retention
- Account data: Retained while your account is active, plus 30 days after deletion request
- Generated code & projects: Retained while your account is active. Deleted 30 days after account cancellation
- Billing records: Retained for 5 years as required by Brazilian tax law
- Audit logs: Retention period configured per workspace (30 to 365 days, or unlimited for enterprise)
- Chat/prompts: Retained as part of project conversation history while the project exists
8. Your Rights (LGPD Art. 18)
As a data subject under the LGPD, you have the right to:
- Confirmation & Access — Know whether we process your data and access it
- Correction — Request correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion — Of unnecessary or excessive data
- Portability — Receive your data in a structured format (code export, data download)
- Deletion — Request deletion of data processed with your consent
- Revocation of consent — Withdraw consent at any time (may affect service availability)
- Opposition — Object to data processing that does not comply with LGPD
To exercise these rights, contact us at privacy@rytora.ai. We will respond within 15 business days.
9. Cookies & Tracking
BuildLabs uses the following cookies:
| Cookie | Type | Purpose |
|---|---|---|
| next-auth.session-token | Essential | User authentication session |
| next-auth.csrf-token | Essential | CSRF protection |
| next-auth.callback-url | Essential | OAuth redirect handling |
We do not use third-party analytics, advertising, or tracking cookies.
10. Security Measures
We implement industry-standard security measures to protect your data:
- Encrypted data in transit (TLS/HTTPS) and at rest
- Hashed passwords (bcrypt)
- Encrypted API tokens and secrets (AES-256-GCM)
- Rate limiting on authentication endpoints
- IP allowlisting for enterprise workspaces
- Audit logging of security-relevant events
- Container isolation for project previews
- Role-based access control (RBAC) for team workspaces
11. AI & Data Processing
When you use BuildLabs, your prompts and conversation context are sent to Anthropic's Claude API for code generation. Important details:
- Prompts are sent to Anthropic solely for generating your requested code
- We do not use your prompts to train AI models
- Anthropic's data retention and privacy policies apply to data processed by their API
- Generated code is stored in your project and is not shared with other users
12. Children's Privacy
BuildLabs is not intended for children under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us for immediate removal.
13. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification at least 15 days before taking effect. The “Last updated” date at the top reflects the most recent revision.
14. Data Protection Officer (DPO)
For LGPD-related inquiries, you may contact our Data Protection Officer at:
15. Supervisory Authority
You have the right to file a complaint with the Brazilian National Data Protection Authority (ANPD) if you believe your data protection rights have been violated: www.gov.br/anpd