Privacy Policy — App Dev In A Box

Your privacy matters. We collect only what we need to provide the Service, we don't sell your data, and your app code belongs to you. This policy explains exactly what we collect, why, and how you can control it.

1. Who We Are

App Dev In A Box is operated by LW Technologies. References to "we," "us," or "our" mean LW Technologies. For privacy-related questions, contact us at luke@thelwtechnologies.com.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically, and information from third parties.

Information You Provide:

Account information: Email address, name (optional), and account credentials
Payment information: Processed by Stripe — we store only confirmation tokens and subscription status, never raw card numbers
App project data: Names, descriptions, and configurations for apps you create
Communications: Messages you send to us for support

Information Collected Automatically:

Usage data: Pages visited, features used, error events, and session duration
Device data: Browser type, operating system, IP address, and timezone
Analytics events: App generation starts/completions, game previews, and export actions

Information from Third Parties:

Stripe: Payment confirmation, subscription status, and billing cycle

3. How We Use Your Information

Purpose	Data Used	Legal Basis
Provide the Service (app generation, hosting, dashboard)	Account info, project data	Contract performance
Process payments and manage subscriptions	Email, Stripe tokens	Contract performance
Send transactional emails (receipts, generation notifications)	Email, project data	Contract performance
Improve the Service and fix bugs	Usage data, error logs	Legitimate interests
Prevent fraud and abuse	Account info, IP address	Legitimate interests
Comply with legal obligations	Account info, payment records	Legal obligation

We do not sell your personal data to third parties. We do not use your data for advertising profiling.

4. Your App Code and Data

Your application code, assets, and configurations are yours. We store them to provide the Service. We do not use your specific app designs or code to train AI models or share them with other users.

Exported zip files: When you export your project as a zip file, it is password-protected with a unique password displayed to you at download time. We store a record of this export for audit purposes, but your zip file content is not retained on our servers after delivery.

5. Data Retention

Active accounts: Data retained for as long as your account is active
Cancelled accounts: Account data retained for 90 days, then deleted (except payment records required for tax compliance)
Payment records: Retained for 7 years per legal requirements
Usage logs: Retained for 12 months, then aggregated/anonymized

You may request early deletion at any time by contacting us.

6. Data Sharing

We share data only with:

Stripe: For payment processing. Governed by Stripe's Privacy Policy
Render: Our hosting provider. Your data is processed on Render's infrastructure in the United States
Neon: Our database provider. Data stored in encrypted PostgreSQL databases
Anthropic / OpenAI: AI providers used to generate app code. Prompts may be sent to their APIs per their respective privacy policies
Law enforcement: If required by valid legal process

All third-party processors are contractually bound to handle your data securely and only for the purposes we specify.

7. Security

We take security seriously:

Data in transit is encrypted using TLS 1.2+
Passwords are hashed using industry-standard algorithms (never stored in plaintext)
Database access is restricted to authorized infrastructure
Regular security patches and dependency updates are applied
Exported zip files are AES-256 password protected
Stripe handles all payment card data — we never see raw card numbers

No system is 100% secure. If we become aware of a security breach affecting your data, we will notify you promptly per applicable law.

8. Cookies and Tracking

We use minimal tracking:

Essential cookies: Session management and authentication (required)
Analytics: Anonymous usage statistics via our first-party analytics system (no third-party trackers)
Local storage: User preferences and visitor ID for session continuity

We do not use Google Analytics, Facebook Pixel, or any advertising tracking technologies.

9. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of the personal data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your account and associated data
Portability: Request your app project data in a machine-readable format
Objection: Object to processing based on legitimate interests
Restriction: Request we restrict processing while a dispute is resolved

To exercise any of these rights, email luke@thelwtechnologies.com. We will respond within 30 days.

10. Children's Privacy

The Service is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it promptly.

11. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We implement appropriate safeguards for cross-border transfers where required.

12. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected and sold, and the right to opt out of the sale of personal information. We do not sell personal information. California residents may exercise their rights by contacting us at the email below.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or prominent notice in the Service. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes constitutes acceptance.

14. Contact Us

For privacy-related questions, requests, or concerns:

Email: luke@thelwtechnologies.com
Website: appdevinabox.polsia.app

We aim to respond to all privacy inquiries within 5 business days.