Privacy Policy

• Account email: required for magic-link sign-in.
• Build metadata: filename, size, bundle ID, version, and build number extracted from the .ipa/.apk you upload.
• QA tester device data: when a tester registers via our iOS UDID flow, we record their email, device UDID, model, iOS version, submitter IP, and user-agent. This data is shown only to the project's admins.
• Install events: anonymized counts of how many times an install URL was hit, for analytics on paid tiers.
• Billing data: handled by Paddle as Merchant of Record. We do not store card numbers.

We do not access the contents of your build artifacts beyond the metadata listed above. We do not run static analysis on your code. We do not sell or share your data with advertisers.

Your data is processed by these vendors, all under data-processing agreements:

• Vercel: application hosting (US).
• Neon: Postgres database (US East).
• Cloudflare R2: build artifact storage (global CDN).
• Resend: transactional email (magic links, notifications).
• Paddle: Merchant of Record for billing (UK / US).
• PostHog: product analytics, US Cloud.
• Sentry: error monitoring.

Build artifacts follow your tier's retention window (30 / 90 days or unlimited). Account data is retained for the life of your account; if you delete your account, we delete account data within 30 days, subject to billing-record retention required by law (typically 7 years).

You can request a copy of, correction to, or deletion of your data by emailing privacy@buildtree.sh. We respond within 30 days.

We set a session cookie when you sign in. Marketing pages set no tracking cookies. Product analytics uses anonymized event collection only. No third-party advertising cookies.

Privacy questions: privacy@buildtree.sh. General contact: hello@buildtree.sh.