Legal

Privacy Policy

Effective date: April 19, 2026 · Last updated: May 19, 2026

This Privacy Policy explains how AppGenie ("AppGenie", "we", "us", or "our") collects, uses, discloses, and safeguards personal information when you visit getappgenie.com or use the AppGenie AI app builder (the "Service"). By using the Service you agree to the collection and use of information in accordance with this Policy.

We designed AppGenie to collect the minimum data needed to operate the Service reliably and securely. We do not sell your personal information. We do not use your prompts or generated code to train general-purpose AI models.

1. Information we collect

We collect information in the following categories:

Account and identity

  • Name, email address, and profile image (from your account or OAuth provider).
  • Authentication data: hashed passwords (when you sign up with email/password), session tokens, OAuth identifiers from Google.
  • User role and account status flags used to operate the Service.

Connected accounts

If you choose to connect your X (formerly Twitter) account from the Get Free Credits page, we store the following profile data from X so we can attribute shared posts back to you and award bonus credits:

  • Your X user ID (a numeric, opaque identifier issued by X).
  • Your X username (handle).
  • OAuth tokens, encrypted at rest with our application secret, used solely to verify your identity at connect time.

We do not import your X followers, direct messages, or timeline. The connection is optional; you can disconnect at any time from your account settings, after which the stored X profile data is deleted. Verifying a shared post may also involve fetching the public metadata (text, like count, posted-at timestamp) of the specific post URL you submit — we retain a snapshot of that submission so we can audit the credit grant.

Usage and telemetry

  • Pages and features visited within the Service, timestamps, and session identifiers.
  • API requests, error logs, and pipeline events (e.g. which generation stage ran, how long it took, success or failure).
  • Browser type, operating system, device identifiers, and IP address (received via Cloudflare headers).

Project content

  • The natural-language prompts you submit to the AI builder.
  • Generated code, project state, version history, and any files you upload or attach to a project.
  • Project metadata such as project name, settings, and creation timestamps.

Payment information (when paid plans are enabled)

  • Payment is processed by Polar, which acts as our merchant of record and handles PCI-compliant card processing and sales tax collection. AppGenie does not store full card numbers.
  • We retain a Polar customer identifier, the plan you are subscribed to, billing email, and high-level invoice metadata.

Communications

  • Support emails you send to us and our replies.
  • Transactional emails (verification, magic link, password reset, billing) sent through our email provider.

2. How we use your information

  • To provide, operate, and maintain the Service, including running the AI generation pipeline.
  • To create and authenticate your account, including session management and email verification.
  • To detect, prevent, and respond to fraud, abuse, or violations of our Terms.
  • To deliver transactional emails (verification, magic link, password reset, billing notices).
  • To improve the Service through aggregated, de-identified analysis (we do not use raw prompts or generated code for product analytics).
  • To comply with legal obligations and enforce our Terms.

3. AI prompts, generated code, and model training

We do not use your prompts, generated code, or project content to train general-purpose AI models. Your project content is processed by AI model providers (see Section 4) only for the purpose of generating output for that request.

We may store your prompts and generated artifacts so you can view your version history, resume a project, and so we can debug failures. You can delete a project at any time from your account.

You retain ownership of the code AppGenie generates for you. Our Terms govern the license between you and us; this Policy governs how we handle that data.

4. Third-party processors

We rely on the following sub-processors to operate the Service. Each is bound by its own data processing terms.

  • Microsoft Azure — application hosting (Azure Container Apps), database (PostgreSQL Flexible Server), and AI inference (Azure AI Foundry).
  • Cloudflare — edge network, DNS, DDoS protection, and TLS termination.
  • Google — Google OAuth for sign-in (only if you choose to sign in with Google).
  • X (formerly Twitter) — X OAuth and X API v2 (only if you choose to connect your X account from the Get Free Credits page; used to verify post authorship for credit grants).
  • Resend — transactional email delivery.
  • Polar — payment processing and merchant of record for paid plans (when enabled). Polar handles checkout, card processing, invoicing, and sales tax.

We will update this list when we add or remove sub-processors that handle personal data.

5. Cookies and similar technologies

We use first-party cookies in three categories. In the EU, EEA, UK, Switzerland, and Brazil we ask for your consent before setting any non-essential cookies; everywhere else, non-essential cookies are enabled by default and you can opt out at any time using the Cookie settings link in the footer.

CategoryCookiesPurposeRetention
Strictly necessarybetter-auth.session_token, better-auth.csrf_token, supabase_oauth_state, slack_oauth_state, vercel_oauth_state, ag_consent, __cf_bm (Cloudflare bot management)Sign you in, protect against CSRF, secure OAuth flows for integration connections, remember your cookie choices, and block automated abuse at the edge.Session to 12 months
AnalyticsPostHog (ph_*), Google Analytics (_ga, _ga_*)Product analytics and aggregate usage measurement so we can improve AppGenie. Session replay is enabled with input masking.Up to 13 months
Marketing attributionag_attrFirst-touch attribution: stores the campaign, referrer, or click ID that brought you here so we can credit the source on signup. First-party only — no third-party ad networks.90 days

You can change your choices at any time via the Cookie settings link in the footer. Revoking analytics or marketing consent deletes the associated cookies on the next interaction.

Audit log. When you make a cookie-consent choice (accept all, reject all, or customize), we record the decision server-side so we can demonstrate compliance with the consent regime if a regulator or auditor asks. The record contains the choice itself, the timestamp, your country code (from your IP, two-letter ISO 3166-1), a SHA-256 hash of your session token (so we can count distinct browsers without storing the token), and the first 120 characters of your user-agent string. We never store your raw IP. This processing is necessary for compliance under Article 6(1)(c) GDPR and is not gated on your analytics or marketing consent.

6. Data retention

  • Account data — retained while your account is active. Deleted within 30 days of account deletion, except where we must retain it for legal, fraud prevention, or accounting reasons.
  • Project content — retained while your account is active or until you delete the project.
  • Server logs — retained for up to 90 days for debugging, abuse prevention, and security analysis.
  • Backups — encrypted database backups may retain copies of data for up to 35 days after deletion.
  • Email logs — Resend delivery metadata retained per Resend's policy.

7. International data transfers

AppGenie is operated from the United States and India. Our Azure resources are deployed primarily in the United States and EU regions. By using the Service you acknowledge that your information may be transferred to and processed in countries other than your own. Where required, we rely on Standard Contractual Clauses with our sub-processors for transfers out of the EEA, UK, and Switzerland.

8. Security

We use industry-standard safeguards to protect your information, including TLS in transit, encryption at rest for managed databases, scoped credentials in a managed secret store, role-based access control, and IP-restricted ingress to backend services. No method of transmission or storage is perfectly secure; you use the Service at your own risk.

9. Your rights

Depending on where you live, you may have the following rights regarding your personal information:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct information that is inaccurate or incomplete.
  • Deletion — ask us to delete your account and personal information, subject to legal exceptions.
  • Portability — request a machine-readable export of your account data.
  • Withdraw consent — where we process data based on consent, you may withdraw it at any time.
  • Object or restrict — ask us to restrict or stop certain processing.
  • Lodge a complaint — with your local data protection authority.

To exercise any of these rights, email privacy@getappgenie.com. We will respond within 30 days, or sooner if required by your jurisdiction.

California residents (CCPA/CPRA): AppGenie does not sell personal information and does not share personal information for cross-context behavioural advertising. Even so, you may opt out of all analytics and marketing processing using the "Your Privacy Choices" link in our footer, which lets you revoke consent for PostHog, Google Analytics, and our first-party attribution cookie at any time. You also have the right to know what we collect, to delete or correct your personal information, to limit use of sensitive personal information, and not to be discriminated against for exercising any of these rights. To exercise a request other than the cookie opt-out, email privacy@getappgenie.com. You may also designate an authorised agent to act on your behalf; we may verify the request directly with you before acting on it.

10. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where required by law, notify you by email or in-app notice. Continued use of the Service after a change indicates acceptance of the updated Policy.

12. Contact us

For privacy questions, requests, or complaints, contact us at: