How We Protect Your Data

Spacious Enterprises LLC | Last Updated: April 2026 | Privacy Policy | Terms of Service

True Zero Customer Data Holding

Brick-by-Brick operates under a Build-and-Own model. We build your Knowledge Architecture during a single session. You download it as files you own permanently. Your build data is deleted on a hybrid schedule — the later of 48 hours from session start or 24 hours from delivery (maximum total retention: 72 hours). Incomplete sessions expire at 48 hours. Your documents stay with you — we never store your source files.

The only data we retain is your account information — email, name, company name, and payment records. We never retain your company's intelligence.

During Your Build Session

Your data is protected by multiple layers:

Per-build isolated database — your data never touches another Architect's data
All data encrypted at rest and in transit — TLS 1.3, Cloudflare encryption
Passkey/biometric authentication — your session can't be accessed without your physical device
5-minute inactivity lock — screen blurs, connector tokens revoked
Read-only connector access — we never write to, modify, or delete anything in your connected platforms
File uploads processed in memory — immediately discarded, never saved to disk

After Delivery

Your files remain downloadable for 24 hours from delivery. After that, everything is permanently deleted from our systems — no copies retained on our side. Anything you download is yours to keep forever. Specifically:

Every data point: deleted
Every analytical table: deleted
Every graph edge: deleted
Every gap record: deleted
Your per-build database: deleted
All connector tokens: revoked and deleted

We verify the deletion and log the event. The only record that remains is your account metadata — which contains zero company intelligence.

Your Connected Tools Are Safe

When you connect Salesforce, Google Drive, Slack, or any other platform:

We use read-only OAuth access — we cannot change anything in your systems
Connector tokens are active only during your build session
Tokens are revoked the moment you step away (5-minute inactivity) and permanently deleted when the session ends
You can revoke access at any time from the connected platform's own settings

Enterprise Compliance

CCPA compliant — California Consumer Privacy Act
GDPR ready — General Data Protection Regulation
Data Processing Agreement available for enterprise customers
All infrastructure on Cloudflare (SOC 2 Type II certified)
AI inference via Anthropic (SOC 2 Type II certified, no training on API data)
Payments via Stripe (PCI DSS Level 1 certified)

What We Never Do

Sell personal data — Never

Share data with advertisers — Never

Use company intelligence to train AI models — Never

Retain company intelligence after delivery — Never (deleted on hybrid schedule, max 72 hours from session start)

Access your connected platforms after session ends — Never (tokens revoked)

Profile Architects based on company data — Never

Send marketing emails without consent — Never

Store payment card numbers — Never (handled exclusively by Stripe)

Questions?

Privacy inquiries: [email protected]

Legal inquiries: [email protected]