Privacy Policy
Last updated: May 2026
This Privacy Policy explains how BuildBundles collects, uses, stores, shares, and protects information when you use our website, the BuildBundles Android app, generated public legal-document features, and the backend services that support account access, project management, app building, notifications, subscriptions, payments, and support. BuildBundles provides tools that let you configure and run your own projects, but we also operate and supervise the platform layer itself, including account access, build infrastructure, moderation, maintenance, security, and support. We aim for this policy to reflect our real operational data flows as clearly as possible, while recognizing that some processing depends on the features you use, the status of your account or subscription, and the configuration of your projects.
Scope of This Policy
This policy applies to your use of BuildBundles services generally, including account creation and sign-in, profile and account information features, app and page management, Firebase configuration uploads, signing-key handling, APK and AAB build requests, generated public documents such as privacy policy and app-ads.txt links for your projects, subscription and payment flows, support requests, and use of our website and related legal pages. When you connect your own Firebase project and related service identifiers, BuildBundles acts as a platform tool and operating layer for those projects, while still retaining administrative responsibility for the platform environment, account systems, security controls, moderation, maintenance, and service enforcement.
Information We Collect
We collect core account data such as your unique user ID, name, email address, email-verification status, provider details associated with Google sign-in, and, where applicable, age or eligibility information such as date of birth. We also process service-related data such as account creation time, role or permission data, subscription status, billing channel, app and project records, pages, content blocks, package names, icons, Firebase project settings, google-services.json files, signing-key or keystore materials used for builds, developer name and contact email used for generated public documents, download and build-request data, and technical, diagnostic, security, and integrity-related information needed to operate the service, investigate problems, and help prevent misuse or fraud.
How We Use Information
We use your information to authenticate and manage accounts, initialize and maintain project configuration, save and synchronize apps and pages, generate build outputs, make signing materials available when requested, create public privacy-policy and app-ads.txt outputs when you use those tools, display subscription state and plan limits, process and verify payments or subscriptions, determine whether certain ad-supported experiences should be shown to eligible free users, send service and notification-related communications, protect the platform against abuse, improve reliability and user experience, and provide technical, billing, legal, and security-related support. Depending on your project setup, some content or configuration changes may be published online and reflected inside your apps without requiring a separate Google Play app update.
Payments, Ads, Notifications, and In-App Browsing
Certain product features involve payments, ads, notifications, or in-app browsing behavior. Subscription billing may be handled through Google Play within the Android app or through Paddle on the website. The BuildBundles app may initialize and display ad experiences such as app-open, interstitial, or rewarded ads for eligible free users, while VIP or admin users may be excluded from those ads based on subscription state. The platform may also send push notifications through OneSignal and display local or operational notifications related to syncing, connectivity, updates, errors, or account and project activity. In some parts of the app, links or content may open inside an in-app WebView; such content may load external pages that are governed by the privacy practices of their own providers.
Third-Party Services and External Providers
BuildBundles relies on third-party services to provide core parts of the service, including Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Google Sign-In, Google Play Billing, the Google Play Developer API, OneSignal, Google AdMob, and our dedicated build server and related infrastructure. This includes Firebase services connected to your projects and AdMob identifiers or ad configurations that you choose to add to those projects. Depending on the feature you use, these providers may process data necessary to authenticate access, verify subscriptions, deliver notifications, load ads, host project-related content, or generate and distribute build outputs. Your use of those third-party services remains subject to their own terms, privacy notices, and operational rules.
Project Data, Build Files, and Local Downloads
When you use project management, document-generation, and build features, we process project-related data such as Firebase settings, AdMob and OneSignal identifiers, package name, app name, icons, pages, content, google-services.json uploads, signing-key materials, build metadata, generated APK or AAB files, and related workspace or queue information. If you connect your own Firebase project, the application content and runtime data stored in that configured Firebase environment remain your project data, and BuildBundles does not claim ownership over that app content merely because the platform helps you manage it. At the same time, we may create temporary or persistent operational copies, indexes, configuration records, archives, or other platform-side metadata where required to complete builds, deliver downloads, troubleshoot failures, enforce platform rules, or maintain project functionality. Files downloaded to your own device, and any local copies stored there, remain under your control and may require deletion by you from your device or storage location.
Data Retention and Deletion
We retain data while your account or service remains active, or for as long as reasonably necessary to provide the service, protect the platform, enforce plan rules, and comply with legal obligations. When you request account deletion through available account tools, we disable platform access and archive account-related platform records for review, legal, billing, fraud-prevention, security, and operational purposes. Your Firebase Realtime Database app content is not deleted by this account-access action. Build-server workspace, build, cache, and generated-document files associated with your account may be moved out of active service storage into an account archive. We may still retain limited billing records, subscription events, legal records, abuse-prevention data, dispute-related materials, build-server archive records, or security logs where retention is required for legal, accounting, fraud-prevention, security, or operational reasons. Deletion of files you already downloaded or stored locally on your own devices may require action by you.
Security, Integrity, and Abuse Prevention
We use reasonable technical and organizational safeguards to protect data and platform operations, including authentication controls, ownership checks, access rules, server-side subscription verification, controlled build-server access, request throttling, input validation, sanitization, sensitive-operation binding to the authenticated account, and security or integrity checks designed to detect abuse, unsafe content, or suspicious operational conditions. These measures help us protect your projects and the platform, but no internet-connected system can be guaranteed to be completely secure.
Control, Administration, and Your Choices
You may review certain account details, update some information, manage notification permissions at the device level where supported, use in-app account tools, upload or replace project configuration files, request generated public document links, and delete your account where that option is available. At the same time, BuildBundles retains administrative authority over the platform itself. We may review platform activity, block or disable accounts, suspend specific apps or project access, restrict editing, build, or publishing functions, or take other moderation, security, billing, maintenance, or compliance actions when required by our Terms, applicable law, platform integrity needs, or suspected misuse. These controls are part of our general supervision of the platform and do not transfer ownership of your Firebase project data to us, but they may affect how or whether a project can continue to use BuildBundles services.
Maintenance, Service Updates, Policy Updates, and Contact
We may request eligibility-related information, including date of birth, in situations connected to compliance, onboarding, or service suitability. If you use BuildBundles on behalf of a business or organization, you represent that you have the authority to do so. We may also perform planned or unplanned maintenance, security interventions, service suspensions, infrastructure changes, or downtime that can temporarily affect access to some or all platform features. Some changes inside your project may appear online in the app experience quickly once synchronized through the service, while other changes may still require rebuilding or redistributing the app. We may update this policy to reflect legal, technical, product, or operational changes. Continued use of the service after an update takes effect means you accept the latest version of the policy. If you have any questions about privacy, generated documents, ads, notifications, deletion, downtime, or data processing, contact us at support@buildbundles.com.