FastBuilder (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you visit our website at fastbuilder.dev, use our client dashboard at app.fastbuilder.dev, or interact with us in any way.
This policy applies to all users of our services worldwide and complies with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), and other applicable data protection laws.
1. Data Controller
FastBuilder is the data controller responsible for your personal data. If you have questions about this policy or wish to exercise your data rights, contact our Data Protection Officer at:
- Email: privacy@fastbuilder.dev
- Address: 123 Innovation Drive, Suite 400, San Francisco, CA 94105, USA
2. Information We Collect
2.1 Information You Provide Directly
- Account information: Name, email address, company name, and job title when you sign up.
- Payment information: Billing address and payment method details. Payment card data is processed and stored exclusively by our payment processor, Stripe, under PCI DSS Level 1 compliance. We never store full card numbers on our servers.
- Communications: Messages you send via email, our contact form, Slack channels, or dashboard comments, including attachments.
- Project data: Assets, content, specifications, repository access credentials, and other materials you provide for work requests.
- Support requests: Descriptions of issues, screenshots, and technical details provided during support interactions.
2.2 Information Collected Automatically
- Device and browser data: IP address, browser type and version, operating system, device type, screen resolution, and language settings.
- Usage data: Pages visited, time spent on pages, click events, referral URLs, and navigation paths within our site.
- Log data: Server logs including access timestamps, error logs, and request metadata.
- Cookies and similar technologies: See our Cookie Policy for detailed information.
2.3 Information From Third Parties
- Payment processor: Transaction confirmations, refund status, and fraud risk assessments from Stripe.
- Authentication providers: Basic profile information if you sign in via a third-party provider (e.g., Google, GitHub).
3. Legal Basis for Processing (GDPR)
Under the GDPR, we process your personal data on the following legal bases:
- Contract performance: Processing necessary to provide our services, manage your subscription, and deliver work products (Art. 6(1)(b)).
- Legitimate interests: Fraud prevention, security, service improvement, and direct marketing to existing customers where proportionate (Art. 6(1)(f)).
- Consent: Analytics cookies, marketing emails, and other processing where we have obtained your explicit opt-in consent (Art. 6(1)(a)).
- Legal obligation: Tax record-keeping, regulatory compliance, and responding to lawful requests from authorities (Art. 6(1)(c)).
4. How We Use Your Information
- Providing, operating, and maintaining our services and your account.
- Processing payments, invoices, and managing your subscription.
- Communicating about requests, deliverables, approvals, and account updates.
- Sending transactional emails (confirmations, receipts, service changes).
- Sending marketing communications (only with your consent, and you can unsubscribe at any time).
- Analysing usage patterns to improve our platform, tools, and user experience.
- Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues.
- Complying with legal obligations, resolving disputes, and enforcing our agreements.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share information only in the following circumstances:
5.1 Service Providers (Data Processors)
We use trusted third-party providers who process data on our behalf under strict contractual obligations (Data Processing Agreements):
| Provider | Purpose | Data Shared |
|---|
| Stripe | Payment processing | Billing details, transaction data |
| Vercel / AWS | Hosting and deployment | Server logs, request metadata |
| Google Analytics | Website analytics (with consent) | Anonymised usage data |
| Sentry | Error tracking | Stack traces, browser info |
| Discord / Slack | Team communication | Contact form submissions, request messages |
5.2 Legal Requirements
We may disclose your data if required by law, regulation, legal process, or governmental request, or to protect the rights, safety, and property of FastBuilder, our users, or the public.
5.3 Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, your personal data may be transferred. We will notify you via email and/or a prominent notice on our site before your data is transferred and becomes subject to a different privacy policy.
6. International Data Transfers
Your data may be processed in countries outside your country of residence, including the United States. When we transfer data from the EEA, UK, or Switzerland, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- The EU-U.S. Data Privacy Framework, where applicable.
- Your explicit consent, where no other mechanism is available.
7. Data Retention
We retain your data only as long as necessary for the purposes described in this policy:
| Data Type | Retention Period |
|---|
| Account and profile data | Duration of active subscription + 90 days |
| Payment and billing records | 7 years (tax/legal compliance) |
| Communication logs | 3 years after last interaction |
| Analytics data | 26 months (anonymised after) |
| Server logs | 90 days |
| Project files (code, assets) | Owned by you via your GitHub repository |
You can request earlier deletion at any time by contacting privacy@fastbuilder.dev.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
8.1 Under GDPR (EEA/UK Residents)
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data (“right to be forgotten”), subject to legal retention obligations.
- Right to restriction (Art. 18): Request limitation of processing in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format (JSON or CSV).
- Right to object (Art. 21): Object to processing based on legitimate interests or direct marketing.
- Right to withdraw consent (Art. 7): Withdraw consent for analytics cookies or marketing at any time.
- Right to lodge a complaint: File a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France).
8.2 Under CCPA/CPRA (California Residents)
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to delete: Request deletion of your personal information, subject to exceptions.
- Right to correct: Request correction of inaccurate personal information.
- Right to opt out of sale/sharing: We do not sell or share personal information for cross-context behavioural advertising.
- Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights.
To exercise any of these rights, email privacy@fastbuilder.dev with the subject line “Data Rights Request.” We will verify your identity and respond within 30 days (GDPR) or 45 days (CCPA).
9. Security Measures
We implement industry-standard technical and organisational measures to protect your data:
- TLS 1.3 encryption for all data in transit.
- AES-256 encryption for sensitive data at rest.
- Strict access controls with role-based permissions and multi-factor authentication for internal systems.
- Regular security audits, penetration testing, and vulnerability scanning.
- Automated intrusion detection and monitoring.
- Employee security training and confidentiality agreements.
- Incident response plan with 72-hour breach notification (per GDPR Art. 33).
While no system is 100% secure, we take all reasonable steps to protect your data and promptly address any incidents.
10. Children's Privacy
Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@fastbuilder.dev.
11. Do Not Track Signals
We honour Do Not Track (DNT) browser signals. When DNT is enabled, we do not load analytics cookies. We also respect the Global Privacy Control (GPC) signal as a valid opt-out request under the CCPA.
12. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will:
- Post the updated policy on this page with a revised “Last updated” date.
- Notify you via email at least 30 days before material changes take effect.
- Obtain fresh consent where required by law.
13. Contact Us
For privacy-related questions, data rights requests, or complaints:
- Email: privacy@fastbuilder.dev
- Mail: FastBuilder, Attn: Data Protection Officer, 123 Innovation Drive, Suite 400, San Francisco, CA 94105, USA
- Contact form: fastbuilder.dev/contact
We aim to respond to all privacy inquiries within 5 business days.