How We Protect Your Data

Spacious Enterprises LLC | Last Updated: April 2026 | Privacy Policy | Terms of Service

True Zero Customer Data Holding

Brick-by-Brick operates under a Build-and-Own model. We build your Knowledge Architecture during a single session. You download it as files you own permanently. We delete all build data from our systems within 24 hours of delivery.

The only data we retain is your account information — email, name, company name, and payment records. We never retain your company's intelligence.

During Your Build Session

Your data is protected by multiple layers:

Per-build isolated database — your data never touches another Architect's data
All data encrypted at rest and in transit — TLS 1.3, Cloudflare encryption
Passkey/biometric authentication — your session can't be accessed without your physical device
5-minute inactivity lock — screen blurs, connector tokens revoked
Read-only connector access — we never write to, modify, or delete anything in your connected platforms
File uploads processed in memory — immediately discarded, never saved to disk

After Delivery

Within 24 hours of you downloading your Knowledge Architecture:

Every data point: deleted
Every analytical table: deleted
Every graph edge: deleted
Every gap record: deleted
Your per-build database: deleted
All connector tokens: revoked and deleted

We verify the deletion and log the event. The only record that remains is your account metadata — which contains zero company intelligence.

Your Connected Tools Are Safe

When you connect Salesforce, Google Drive, Slack, or any other platform:

We use read-only OAuth access — we cannot change anything in your systems
Connector tokens are active only during your build session
Tokens are revoked the moment you step away (5-minute inactivity) and permanently deleted when the session ends
You can revoke access at any time from the connected platform's own settings

Enterprise Compliance

CCPA compliant — California Consumer Privacy Act
GDPR ready — General Data Protection Regulation
Data Processing Agreement available for enterprise customers
All infrastructure on Cloudflare (SOC 2 Type II certified)
AI inference via Anthropic (SOC 2 Type II certified, no training on API data)
Payments via Stripe (PCI DSS Level 1 certified)

What We Never Do

Sell personal data — Never

Share data with advertisers — Never

Use company intelligence to train AI models — Never

Retain company intelligence after delivery — Never (deleted within 24 hours)

Access your connected platforms after session ends — Never (tokens revoked)

Profile Architects based on company data — Never

Send marketing emails without consent — Never

Store payment card numbers — Never (handled exclusively by Stripe)

Questions?

Privacy inquiries: [email protected]

Legal inquiries: [email protected]