Privacy Policy
Last updated: June 20, 2026
1. Introduction
Welcome to Builders.to ("we," "our," or "us"), a platform for sharing projects, getting feedback, finding first paying users, running peer reviews, and posting bounties. We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, our native mobile apps, and any related services.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign in using OAuth providers (Google, GitHub, or X/Twitter) or via a magic-link email, we receive your name, email address, and (for OAuth) your profile picture and provider user ID.
- Profile Information: Username, display name, bio, headline, location (city, state, country, zip code), website, social media links, YouTube / Twitch URLs, and other profile fields you choose to add.
- Location Data: When you provide your location, we geocode it to coordinates for map display. We apply a privacy offset of approximately 10 miles to protect your exact location.
- Project Information: Details about projects you submit including titles, descriptions, images, URLs (including the backlink URL we verify), tags, and milestone data.
- Company Information: Business details you provide when creating company profiles, including tech stack, traction metrics, and team information.
- Content: Daily updates, comments, polls, threaded replies, and any other content you post on the platform.
- Reviews / Testers: Review requests you create (project URL, notes, number of reviews requested) and reviews you submit to other builders (text content, optional 1–5 star rating).
- Bounties: Bounty listings you post (title, description, summary, skills, reward amount in tokens and/or USD, deadline, external links) and work-request messages you submit to bounty owners.
- Job Postings: Information about roles and positions you post for your company.
- Builder Matching Data: Your building category (e.g., SaaS, Mobile App, Developer Tools), tech stack, and interests used for discovering similar builders.
- Onboarding & Startup Journey Progress: Which onboarding steps and Startup Journey quests you have completed.
- Sell Dashboard Data: Leads and sales-mission progress you record in the Sell dashboard.
- API Keys: When you create an API key, we store a hashed key, its prefix, label, and scopes (e.g.,
updates:read,updates:write). - AI Drafting Input: Text you submit to the optional AI-assisted drafting tools is sent to our AI provider (OpenAI) to generate suggestions.
2.2 Information Collected Automatically
- Usage Data: Information about how you interact with our services, including pages visited, features used, and content viewed.
- Device Information: Browser type, operating system, device identifiers, and (for the iOS / Android app) whether the request originates from inside our native shell.
- Log Data: IP address, access times, referring URLs, and request data.
- Analytics: View counts, click tracking, and engagement metrics for projects, listings, profiles, and advertisements. Critical conversion events are also reported server-side via Umami.
- Browser Geolocation: When you use nearby-builder features, we may request your browser location with your permission to find builders within your radius.
- Profile View Data: When another signed-in builder views your profile, that view is logged so you can see who has visited your profile.
2.3 Information from Third Parties
- OAuth Providers: Profile information from Google, GitHub, or X/Twitter when you authenticate.
- OpenAI: When you use AI-assisted drafting, we send your input text to OpenAI and receive generated suggestions in return.
- Giphy: When you use GIFs in posts, we interact with the Giphy API on your behalf.
- OpenStreetMap: We use OpenStreetMap Nominatim for geocoding your location data.
- Backlink Verification: To verify that your published projects link back to Builders.to, we fetch the public HTML and a limited number of script assets from the URLs you submit.
- External Embeds: When you link YouTube, Twitch, or other supported videos / GIFs, those services may receive standard request data when other users load your content.
2.4 Platform Connection Data
When you connect social media platforms for cross-posting, we collect:
- OAuth Tokens: Access and refresh tokens for Twitter/X, encrypted at rest using AES-256-GCM.
- Platform Profiles: Your username, display name, avatar, and follower count from connected platforms.
- Token Expiration: When your tokens expire so we can refresh them automatically.
2.5 Founder Rewards Data
- First 1,000 Founder Rewards: If you are among the first 1,000 members by signup rank, we store a
FoundersMintrow recording your founder enrollment and the resulting perk grants. Legacy rows from the retired on-chain mint flow may still contain a wallet address, asset address, transaction signature, and cluster; these are historical and no new on-chain data is collected.
2.6 Subscription & Payout Data
- Stripe Customer Data: When you subscribe to Pro, Founder's Circle, Deskmate, or Mastermind, purchase the lifetime deal or Building Support, or pay for a project trending boost, we receive a Stripe customer ID, subscription ID, plan type, and billing dates. We do not store your card numbers.
- Stripe Connect (Payouts): If you receive affiliate or marketplace payouts, we record your Stripe Connect account ID and onboarding status so payouts can be routed to you. Onboarding and payout details are handled by Stripe.
- Affiliate Data: If you participate in the affiliate program, we record the referral relationship and a commission ledger (amount, status, and the qualifying purchase) used to calculate and pay your commissions.
2.7 Native Mobile App Data
If you use our iOS or Android app:
- Push Tokens: If you allow notifications, we store your APNs (iOS) or FCM (Android) device token so we can deliver push notifications to your device. Tokens are removed when you sign out, uninstall the app, or revoke notification permissions.
- Native Context Header: Our server detects the native shell from the User-Agent header so it can apply Apple App Store / Google Play in-app-purchase requirements to digital-good purchases (Pro subscriptions, playbook unlocks, mastermind subscriptions).
- In-App Purchase Receipts: If you purchase digital goods inside the app, the underlying receipt is processed by Apple or Google. We may receive transaction identifiers needed to grant the corresponding in-app entitlement.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our services
- Create and manage your account
- Display your projects, profile, and content to the community
- Enable interactions between community members (comments, upvotes, follows)
- Award karma for engagement, referrals, streak milestones, helpful contributions, and reviews
- Process Pro, Founder's Circle, Deskmate, and Mastermind subscription payments, plus one-time Pro, lifetime, and Building Support purchases, through Stripe
- Process payments through Stripe for advertisements and other paid features
- Calculate and pay affiliate commissions, and route affiliate / marketplace payouts via Stripe Connect
- Authenticate API requests made with your API keys, subject to their scopes and your plan's rate limits
- Generate AI-assisted content suggestions when you use those tools
- Verify backlinks from your project URLs to Builders.to and run the backlink Autopilot reminder cadence
- Cross-post your content to your connected Twitter/X account
- Send important service-related communications
- Send optional daily and weekly digest emails, magic-link sign-in emails, and other transactional emails (most can be opted out of)
- Deliver web and native (APNs / FCM) push notifications (with your explicit consent)
- Protect against fraud, abuse, and policy violations, including detection of duplicate accounts and manipulation of karma or the referral program
- Comply with legal obligations
- Generate anonymized analytics and statistics
- Facilitate the bounties / reviews marketplaces between members
- Find nearby builders based on your location
- Match you with similar builders based on tech stack, building category, and interests
- Calculate and display momentum scores and the karma leaderboard
- Apply Apple App Store and Google Play in-app-purchase rules to digital-good purchases initiated from inside the native mobile app
4. Karma, Referral Perks & Paid Features
Builders.to rewards participation with karma and offers a small set of paid features:
- Karma: Earned through posting, referrals, streak milestones, helpful engagement, and peer reviews. Karma builds your reputation and level; it is not a currency and cannot be spent, transferred, or redeemed.
- Referral Perks: When people sign up with your referral code, their signups count toward free membership months (Pro / Founder's Circle). We record the referral relationship and perk grants.
- Project Trending Boosts: A paid feature that pins a project into the trending feed for a fixed window. Boosts are purchased through Stripe Checkout; we store the amount paid and the Stripe session id on the boost record.
- Free Features: Peer review slots and company listings are free. Company listings require a verified nofollow backlink to Builders.to on your website.
5. Subscriptions & Paid Plans
Builders.to offers paid subscription plans and one-time purchases with enhanced features:
- Card Payments (Stripe): We store your Stripe customer ID, subscription or payment ID, plan type (Pro / Founder's Circle / Deskmate / Mastermind / lifetime / Building Support), billing cycle where applicable, and billing dates. We do not store your card numbers.
- One-Time Purchases: Pro, the lifetime deal, and Building Support are recorded as one-time payments rather than recurring subscriptions.
- Mastermind: The Mastermind subscription is a separate $9/month Stripe subscription with its own customer record.
Card payments are handled by Stripe. We do not store your card numbers.
6. Bounties & Reviews Marketplaces
We operate several marketplaces that involve money or work flowing between users:
- Bounties: Bounty postings are public and include the title, summary, description, skills, reward, deadline, owner, and submitted work-request messages. Bounty owners can see the identity of builders who submit work requests.
- Reviews / Testers: Reviewers' identities, review text, and ratings are visible to the project owner and (where applicable) on public project pages. Review slots are free; reviewers earn karma for submitted reviews.
7. Information Sharing
We may share your information in the following circumstances:
- Public Content: Your profile, projects, companies, updates, comments, job postings, bounty postings, and public reviews are publicly visible to other users and visitors.
- Leaderboards: Karma and streak data may appear on public leaderboards.
- Service Providers: We share information with third-party vendors who assist in operating our services:
- Stripe for payment processing, subscription billing, and Stripe Connect (affiliate and marketplace payouts)
- Resend for email delivery (including magic-link sign-in emails)
- OpenAI for optional AI-assisted content drafting
- Umami for privacy-friendly product analytics
- Upstash Redis for rate limiting and shared state
- Giphy for GIF integration
- OpenStreetMap for geocoding services
- Apple (APNs) and Google (FCM) for native mobile push delivery
- Apple App Store and Google Play for in-app purchases originating from inside the native shell
- Infrastructure providers for hosting and database services
- Legal Requirements: We may disclose information if required by law or to protect our rights and safety.
- Business Transfers: In connection with any merger, acquisition, or sale of assets.
We do not sell your personal information to third parties.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:
- Two-Factor Authentication: Optional TOTP-based two-factor authentication with encrypted backup codes.
- OAuth Security: We use industry-standard OAuth 2.0 for authentication and do not store your social media passwords.
- Magic-Link Sign-In: Passwordless email sign-in uses single-use, expiring tokens delivered through Resend.
- Encrypted Connections: All data is transmitted over HTTPS.
- Secure Payments: Card payment processing is handled by Stripe; we do not store credit card numbers.
- Encrypted Sensitive Data at Rest: OAuth tokens for connected platforms, 2FA backup codes, and other sensitive blobs are encrypted at rest using AES-256-GCM.
- Native IAP Enforcement: Digital-good purchases initiated from inside the native iOS / Android shell are gated server-side so they route through StoreKit / Google Play Billing rather than card.
- Location Privacy: Your geocoded location is offset by approximately 10 miles to protect your exact address.
However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.
9. Your Rights and Choices
You have the following rights regarding your information:
- Access and Update: You can access and update your profile information through your account settings.
- Delete Content: You can delete your projects, companies, updates, comments, reviews, and bounty postings.
- Account Deletion: To delete your account entirely, please contact us through our community channels.
- Email Preferences: You can opt out of daily and weekly digest emails in your settings.
- Push Notifications: You can disable web push through your browser settings, native push through the iOS / Android system settings, and you can revoke notification permissions on your account.
- Two-Factor Authentication: You can enable or disable 2FA at any time in your security settings.
- Platform Connections: You can disconnect your Twitter/X account at any time, which revokes our access to that platform.
- Subscriptions: You can cancel your Founder's Circle, Deskmate, or Mastermind subscription at any time through your account settings. One-time purchases (Pro, lifetime, Building Support) have no recurring billing to cancel.
- Data Portability: You may request a copy of your data by contacting us.
Some data cannot be removed: certain financial / audit records are retained as described in Section 19.
10. Third-Party Services
Our service integrates with third-party services. Your use of these services is governed by their respective privacy policies:
- Authentication: Google, GitHub, X/Twitter OAuth, and Resend (magic-link emails)
- Card Payments: Stripe (subscriptions, one-time purchases, advertisements, affiliate and marketplace payouts, Stripe Connect)
- AI: OpenAI (optional AI-assisted content drafting)
- Analytics & Infrastructure: Umami (privacy-friendly analytics) and Upstash Redis (rate limiting and shared state)
- Cross-Posting: Twitter/X API (when you connect this platform)
- Community: Discord (we share invite links to community channels; if you join, those services receive standard account data on their side)
- Media: Giphy (for GIF selection)
- Video Embeds: YouTube, Twitch (when you link videos)
- Geocoding: OpenStreetMap Nominatim (for location services)
- Native Push: Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM)
- App Stores: Apple App Store and Google Play (in-app purchases inside the native shell)
- Backlink Verification: When you submit a project URL, we fetch the public HTML and limited script assets from that URL to verify the backlink
We encourage you to review those policies before using them.
11. Leaderboard and Karma System
We operate a public leaderboard and karma system to recognize community contributions:
- Karma Points: We track karma points earned through your contributions (updates, comments, projects, engagement, helpful flags, peer reviews, streak milestones). This data is used to calculate your karma level.
- Karma Levels: Your karma level (e.g., Newcomer, Contributor, Builder, Mentor, Legend) is publicly visible on your profile and the leaderboard.
- Public Rankings: The leaderboard displays top builders ranked by karma. Your username, profile image, and karma score may appear publicly.
13. Builder Map
We display an interactive map showing the approximate locations of builders:
- Map Display: If you provide a location, your approximate position is shown on the public builder map. The same ~10 mile privacy offset applies to protect your exact location.
- Opt-In: Your location only appears on the map if you have added location information to your profile. You can remove your location at any time to be removed from the map.
- Nearby Matching: Your approximate location may be used to help other builders find you through location-based matching.
13. Similar Builder Matching
We provide matching features to help builders find others with similar interests:
- Building Category: Your selected building category (e.g., SaaS, Mobile App, eCommerce, Developer Tools, Fintech, Healthtech, Edtech, Marketplace, Agency, Content, Hardware) is used to match you with builders working on similar types of projects.
- Tech Stack Matching: The technologies you list on your profile are used to find builders with overlapping tech stacks.
- Interest Matching: Your declared interests help us suggest builders with shared goals and focus areas.
- Visibility: Your building category, tech stack, and interests may be visible to other builders. You can update or remove this information at any time through your profile settings.
14. Native Mobile Apps & In-App Purchases
If you use the Builders.to iOS or Android app, additional considerations apply:
- Push Tokens: APNs / FCM device tokens are stored only after you grant notification permissions and are removed when you sign out, uninstall, or revoke permissions.
- In-App Purchases: Purchases of digital goods inside the app (Pro / Founder's Circle subscriptions, mastermind subscriptions, playbook unlocks) are processed by Apple or Google. Apple and Google receive payment data per their terms; we receive only the transaction identifiers needed to grant your in-app entitlement.
- Native Detection: The User-Agent header is used to detect the native shell so we can apply Apple App Store and Google Play in-app-purchase rules to digital-good purchases (returning a 451 to the web flow when the request originates from inside the app).
15. Cookies and Tracking
We use essential cookies to maintain your session and authentication state. These cookies are necessary for the proper functioning of our service. We use Umami, a privacy-friendly analytics tool, to understand how users interact with our platform; critical conversion events are also reported server-side. We track views and clicks on projects, listings, and advertisements to provide analytics to content creators and advertisers.
16. Push Notifications
Our platform supports web push notifications through the Progressive Web App (PWA) functionality, and native push notifications through Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM) for our iOS and Android apps. Push notifications are entirely opt-in and require your explicit permission. You can manage or revoke push notification permissions at any time through your browser or device settings. We store push subscription data (endpoint URL and encryption keys for web push, device tokens for native push) only for users who opt in, and we automatically remove invalid tokens when delivery providers report them as unregistered.
17. Children's Privacy
Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.
18. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from your country. We take appropriate safeguards to ensure your information remains protected.
19. Data Retention
We retain your information for as long as your account is active or as needed to provide services. We may retain certain information for legitimate business purposes, legal compliance, dispute resolution, or to enforce our agreements. Boost payment history and affiliate commission records are retained for audit and tax purposes. Subscription and one-time purchase data (Pro, Founder's Circle, Deskmate, Mastermind, lifetime, and Building Support) is retained for financial records. Platform connection tokens are deleted when you disconnect a platform. Anonymized analytics data may be retained indefinitely.
20. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after any changes indicates your acceptance of the updated policy.
21. Contact Us
If you have any questions about this Privacy Policy or our privacy practices, please contact us through our community channels: