Bolder VibesBack to home

Privacy Policy

Last updated: April 17, 2026

Bolder Vibes (“we”, “our”, “us”) takes your privacy seriously. This policy describes what information we collect when you use our Service, how we use it, and the choices you have.

1. Information We Collect

Information you provide

  • Account data — email, display name, and an encrypted password hash (never the password itself).
  • Project content — prompts you send to the AI, project files, and build artifacts (APKs, AABs, iOS archives).
  • Third-party credentials — optional tokens you save (e.g. your Expo personal access token). These are encrypted at rest with AES-256-GCM using a server-side key that is never exposed to the browser.

Information we collect automatically

  • Usage telemetry — HTTP request metadata (method, path, status, duration) with a short-lived request correlation ID. Used for debugging and capacity planning.
  • Error reports — when a server error occurs we capture the stack trace, user ID, and request path via Sentry (when configured). We do not record prompts or project content in error reports.
  • Device and browser — IP address and user-agent string for basic security (rate limiting, abuse detection). Retained for 30 days.

2. How We Use Information

  • Operate, maintain, and improve the Service.
  • Route your prompts to the AI provider to generate code.
  • Secure your account (login, password reset, session rotation).
  • Detect fraud, abuse, and policy violations.
  • Communicate about product updates and service notices.

3. AI Processing

Your prompts and relevant project context are sent to our AI provider (currently Anthropic) to generate responses. Per Anthropic's API terms, your data is not used to train their models by default. Your data is subject to Anthropic's privacy policy during processing.

4. Who We Share With

We share the minimum data necessary with:

  • Anthropic — for AI inference on your prompts.
  • Expo (EAS Build) — if you trigger a cloud build, we forward your project files and your Expo token to Expo's build service.
  • Sentry — if configured, to receive anonymised error stack traces for debugging.
  • Our hosting / database providers — under standard data-processing agreements.

We never sell your personal information, and we do not share prompts or project content with advertisers.

5. Data Retention

  • Account and project data — retained while your account is active. Deleted within 30 days of account deletion.
  • Build artifacts — APK / AAB / IPA files are retained for 24 hours after build completion, then purged.
  • Preview tokens — short-lived (5 min), never stored beyond their TTL.
  • Security logs — 30 days.

6. Security

We apply industry-standard controls:

  • TLS 1.2+ for all traffic.
  • Passwords hashed with bcrypt (cost factor ≥ 12).
  • Third-party tokens encrypted at rest with AES-256-GCM.
  • JWT access tokens expire after 15 minutes; refresh tokens rotate.
  • Rate limiting on expensive endpoints (builds, login, API).
  • Strict CSP, HTTPS-only cookies, SameSite protections.

No online service is 100% secure. If you discover a vulnerability, please email security@bolder-vibes.app.

7. Your Rights

Depending on where you live, you may have the right to:

  • Access a copy of your personal data.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to certain processing, or withdraw consent.

To exercise any of these rights, contact privacy@bolder-vibes.app. We'll respond within 30 days.

8. Cookies

We use a small number of strictly necessary cookies for authentication (session tokens) and CSRF protection. We do not use third-party advertising or tracking cookies.

9. International Transfers

Our servers and sub-processors may be located outside your country of residence. Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms for lawful cross-border transfers.

10. Children

The Service is not directed to children under 13 (16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or the law. Material changes will be announced via email or an in-product notice at least 14 days before they take effect.

12. Contact

Privacy questions? Reach us at privacy@bolder-vibes.app.

Terms of ServicePrivacy PolicyHome