Privacy Policy

Effective date: May 2, 2026

This Privacy Policy explains how CraftByte ("we", "us", "our") collects, uses, stores, and shares your information when you use craftbyte.app (the "Service"). By using the Service, you agree to the practices described here.

1. Who we are

CraftByte is operated by an individual developer (not yet incorporated). For any privacy-related request, contact us at erildo@learnwfrank.com.

2. Information we collect

2.1 Account information

  • Email address and basic profile data from Google or GitHub OAuth (used solely to create and authenticate your account).

2.2 Connected platform credentials

  • OAuth access and refresh tokens you grant us for: X (Twitter), LinkedIn, Reddit, Bluesky, Product Hunt, GitHub, and Linear. We never store your platform passwords.
  • For Bluesky we store the identifier and app password you provide, encrypted at rest.

2.3 Content you create

  • Product details (name, website, description), raw notes you submit, and AI-generated drafts.
  • Scheduled and published posts, including platform post IDs returned after publishing.

2.4 Usage and billing

  • AI credit consumption per generation (token counts).
  • Subscription status and billing identifiers from Polar.sh. We do not store your card details — Polar handles all payment processing.

2.5 Analytics

  • We use Vercel Analytics, which is privacy-first and cookieless. It records aggregated, anonymized page views without tracking individuals across sites.

3. Cookies

We use only essential authentication cookies set by Supabase (e.g. sb-access-token,sb-refresh-token) to keep you logged in. We do not use advertising, tracking, or third-party analytics cookies. Vercel Analytics is cookieless.

4. How we use your information

  • To authenticate you and provide the Service.
  • To generate, store, schedule, and publish content on your behalf to platforms you have connected.
  • To enforce free-tier limits and process subscriptions via Polar.sh.
  • To respond to your support requests.

We do not sell your personal information. We do not use your data for advertising.

5. AI processing (Mistral)

When you generate content, the raw input you provide and the relevant product context are sent to Mistral AI for inference. Per Mistral's terms, your data is not used to train their models. Generated outputs are returned to us and stored against your account.

6. Sub-processors

We share data only with the following service providers, strictly to operate the Service:

  • Supabase — authentication, database, storage.
  • Vercel — hosting and cookieless analytics.
  • Mistral AI — AI content generation.
  • Polar.sh — billing and subscription management.
  • Connected platforms you authorize — X, LinkedIn, Reddit, Bluesky, Product Hunt, GitHub, Linear. We only send data to these on your explicit request (e.g. publishing a post you scheduled).

7. Data retention and deletion

You control your data. You can delete your account at any time from Settings → Delete account. On deletion, we permanently remove your profile, OAuth tokens, drafts, scheduled posts, and usage records from Supabase. We do not retain backups of deleted user data beyond standard short-lived database backups, which are automatically rotated.

Note: posts already published to third-party platforms remain on those platforms — you must delete them there directly.

8. International users (GDPR / UK GDPR)

If you are in the European Economic Area or the United Kingdom, you have the following rights:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — delete your data (self-serve in Settings, or by emailing us).
  • Portability — request your data in a machine-readable format.
  • Restriction / Objection — limit or object to certain processing.
  • Withdraw consent — by disconnecting platforms or deleting your account.

Our legal bases for processing are: (a) contract — to provide the Service you signed up for; (b) consent — for connecting third-party platforms; (c) legitimate interests — to keep the Service secure and functional. To exercise any right, email erildo@learnwfrank.com.

9. California users (CCPA / CPRA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to not be discriminated against for exercising these rights. We do not sell or "share" personal information for cross-context behavioral advertising. To make a request, email erildo@learnwfrank.com.

10. Security

Data is stored in Supabase with row-level security enforced per user. OAuth tokens and Bluesky app passwords are encrypted at rest. All traffic is over HTTPS. No system is 100% secure — if you suspect a security issue, please notify us immediately.

11. Age requirement

The Service is intended for users 18 years and older. We do not knowingly collect data from anyone under 18. If you believe a minor has provided us data, contact us and we will delete it.

12. International data transfers

Our sub-processors may host data in jurisdictions outside your country (notably the United States and the European Union). Where required, we rely on appropriate safeguards such as Standard Contractual Clauses provided by these vendors.

13. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated via the email associated with your account or via a notice in the app. Continued use of the Service after changes take effect constitutes acceptance.

14. Contact

Questions, requests, or complaints: erildo@learnwfrank.com.

CraftByteCraftByte
Build in public, automatically.
PrivacyTerms
© 2026 CraftByte. All rights reserved.