Privacy Policy

1. Information We Collect

We collect the minimum information necessary to deliver the Brick-by-Brick Knowledge Architecture Builder service.

Account Information

When you create an account, we collect your email address and name. This information is used to identify your account and communicate with you about your builds.

Payment Information

Payments are processed entirely through Stripe. We never see, store, or have access to your credit card number, CVV, or billing details. Stripe provides us with a transaction confirmation and customer identifier only.

Build Metadata

For each build, we collect operational metadata including timestamps (build start, completion, stage transitions), build status (in progress, completed, failed), and aggregate statistics (dimension completion rates, gap counts, source status counts). This metadata does not include your company-specific data.

Usage Data

We collect basic usage information including pages visited within the application and session duration. This helps us understand how the Service is used and improve the experience.

2. Information We Do NOT Collect

Understanding what we do not collect is as important as understanding what we do.

Company-Specific Data

Spacious Enterprises maintains a zero data holding policy for company-specific information. Your Knowledge Architecture is delivered as files you download and own permanently. All build data is deleted from our infrastructure on the retention schedule described in Section 6, through an automated deletion process with monitoring and verification.

File Uploads

Any files uploaded during the build process are processed in-memory and discarded immediately after processing. Files are not written to disk, stored in a database, or retained in any form.

Connector Data

Data retrieved from your connected third-party sources (Salesforce, Google Drive, Jira, Slack, HubSpot, and additional connectors) is not retained by Spacious Enterprises. It is processed during the build and delivered as part of your Knowledge Architecture files. All connector data is deleted from our infrastructure on the retention schedule described in Section 6.

Message Content from Communication Connectors

For Gmail, Outlook, Slack, and Microsoft Teams connectors, we extract metadata only — never message content, subject lines, or calendar event descriptions. This is enforced at three layers: OAuth scope selection (we request metadata-only scopes), agent prompt engineering (our extraction agents are explicitly prohibited from accessing message content), and automated verification (our system scans agent outputs for any message content patterns and rejects outputs that contain them).

Individual Employee Data from HR Connectors

For HR connectors (such as BambooHR), we extract aggregate organizational structure only — never individual employee names, email addresses, social security numbers, dates of birth, or other personally identifying information about your employees. Our extraction is restricted to summary-level data: headcount, department structure, tenure distribution, and aggregate attrition signals.

3. How We Use Information

We use the information we collect for the following purposes:

• Account Management — Creating and maintaining your account, authenticating your sessions, and communicating about your builds
• Build Delivery — Processing your Knowledge Architecture build, tracking build progress, surfacing source collection status, and delivering your completed architecture as downloadable files (HTML Package, JSON Export, Knowledge Architecture Guide)
• Payment Processing — Confirming payment through Stripe, issuing receipts, and processing refunds when applicable
• Service Improvement — Analyzing aggregate usage patterns to improve the build process, identify common issues, and enhance the user experience
• Support — Responding to your questions, troubleshooting build issues, and providing technical assistance

4. Third-Party Services (Sub-Processors)

The Service relies on the following third-party providers. For a complete, versioned list of all sub-processors with data categories and locations, see our Sub-Processor List.

Stripe

Stripe processes all payments. Stripe's handling of your payment information is governed by the Stripe Privacy Policy. We receive only transaction confirmations and customer identifiers from Stripe.

Anthropic (Sub-Processor)

We use Anthropic's Claude AI models to research, structure, and analyze company knowledge during the build process. During the build, your company data (including financial, strategic, operational, and human architecture data) is sent to Anthropic's API for processing, routed via Cloudflare's AI Gateway service for observability and rate-limit resilience. Data processed through Anthropic's API is not used to train their models. Anthropic may retain API data for up to 30 days for trust and safety purposes under their API Terms of Service. After Anthropic's retention period, the data is deleted from their systems. Anthropic's data handling is governed by the Anthropic Privacy Policy.

For certain analytical agents that normally use Claude Opus, if Anthropic's API rate limits are temporarily exceeded during high-concurrency periods, the AI Gateway may automatically fall back to Claude Sonnet to ensure build completion. Both models are Anthropic's and operate under identical data processing terms.

Cloudflare (Infrastructure Sub-Processor)

The Service is hosted on Cloudflare's global network, including Cloudflare Workers (compute), D1 (database), KV (key-value storage), Durable Objects (session caching), R2 (deliverable storage), and AI Gateway (LLM API routing). During the build, company data is temporarily stored in Cloudflare D1 and KV. Cloudflare's AI Gateway routes LLM API requests to Anthropic and provides observability and rate-limit management; it does not store request or response content. All build data is deleted from Cloudflare infrastructure on the retention schedule described in Section 6. Cloudflare's handling of infrastructure data is governed by the Cloudflare Privacy Policy.

Clarification on Zero Customer Data Holding: "Zero Customer Data Holding" refers to data stored on Spacious Enterprises infrastructure. During the build process, company data is processed by Anthropic's Claude API and Cloudflare's infrastructure under their respective data processing terms. We delete all data from our systems on the schedule described in Section 6. Anthropic's and Cloudflare's retention policies are governed by their own terms.

When we add, remove, or change sub-processors, the Sub-Processor List is updated with a dated change entry. Architects may subscribe to change notifications through the email link on that page.

5. Source Transparency

When you provide URLs, authorize connectors, or upload documents, Brick-by-Brick reports the status of every source it attempted to read. Before any build proceeds to the data confirmation phase, you are presented with a Source Readiness Gate showing the status of every source.

Each source resolves to one of five states with a plain-language explanation:

• COLLECTED — Essential data successfully retrieved
• PARTIAL — Essential data retrieved; some optional enrichment data was unavailable
• EMPTY — Source authorized but contained no data (a legitimate state, not a failure)
• LIMITED — Some essential data retrieved but below threshold; we will ask you about the missing data during the confirmation conversation
• BLOCKED — Essential data unavailable due to authentication, permission, or service issue, with explanation provided

You can click any source for detailed information about what was expected, what was retrieved, what was missing, and any recovery action available. This transparency is enforced architecturally: every source is required to produce a status record, and the system prevents builds from advancing without your review of the Source Readiness Gate.

We make no claim that data was collected from sources where collection was incomplete or unsuccessful — those gaps are surfaced explicitly.

Source-level data is not retained beyond the standard build session retention window described in Section 6.

6. Data Retention

We retain different categories of information for different periods.

Build Data — Hybrid Retention Model

Build data is retained for the longer of (a) 48 hours from session start, or (b) 24 hours after delivery — whichever applies later. This guarantees you a minimum 24-hour download window after your build completes, regardless of when during the 48-hour session the build finishes.

Maximum total retention: 72 hours from session start, in the edge case where a build delivers immediately before the 48-hour session expiration.

Incomplete builds that do not reach delivery are deleted at 48 hours from session start.

Deletion Verification

After build data deletion, our system performs read-back verification to confirm the deletion completed successfully. This verification reads the relevant database and storage locations and confirms they return empty results. If verification detects any data remaining after the scheduled deletion time, the deletion is re-attempted and the incident is logged for review.

Compliance Audit Trail

We maintain a 7-year compliance audit trail of all deletion events. This audit trail records build identifier, deletion event type, timestamp, and deletion verification result. The audit trail does not contain any company intelligence data — only the record that deletion occurred and whether verification succeeded. This audit trail supports GDPR Article 30 records-of-processing requirements and similar regulatory frameworks.

Other Retention Periods

• Account Information — Retained until you request deletion of your account
• Build Metadata — Retained for 1 year from the date of build completion
• Usage Data — Retained for 90 days, then automatically purged
• Session Cache — Encrypted and destroyed on the build retention schedule above. Session tokens (httpOnly cookies) expire after 2 hours. JWT tokens include unique IDs (jti) and can be revoked on logout.
• OAuth Connector Tokens — Encrypted at rest (AES-256-GCM). Revoked with providers and deleted when build data is deleted.
• Source Status Records — Deleted with build data on the hybrid retention schedule above.
• Admin Audit Logs — Administrative actions are logged with 90-day retention. Logs record action type, timestamp, and admin identity. Logs do NOT contain company intelligence data.
• Deletion Audit Trail — 7 years (per Compliance Audit Trail above).
• Anthropic API Data — Up to 30 days per Anthropic's data processing terms (outside Spacious Enterprises' control).

7. Data Accountability

Brick-by-Brick operates on a "no silent losses" principle: every data point the system collects, processes, or renders is accounted for at every stage. If a data point was collected from a source, it appears in your Knowledge Architecture with source attribution. If a data point was filtered or could not be processed, you are informed of the reason. If a category was unable to be populated from your data, it appears as a documented gap rather than a silent omission.

This commitment applies across the build process:

• Source collection — every source produces a status record (per Section 5)
• Card confirmation — every pre-collected data point is presented to you for confirmation, with no silent exclusions
• Graph construction — every data point and relationship is accounted for in the Interdependency Graph rendering report embedded in your delivered HTML Package
• Deliverable generation — every confirmed data point is present in the deliverables you download, with explicit gap labeling for any category that lacks sufficient data

This commitment is enforced through automated verification at multiple layers of the system, not solely through process or policy.

8. Your Rights

You have the following rights regarding your personal information:

• Access — You may request a copy of the personal information we hold about you
• Correction — You may request correction of inaccurate personal information
• Deletion — You may request deletion of your account and associated personal information
• Data Portability — You may request your personal information in a structured, machine-readable format
• Withdraw Consent — You may withdraw consent for data processing at any time, which may affect your ability to use the Service

To exercise any of these rights, contact us at the email address in Section 14. We will respond to requests within 30 days.

9. Regional Compliance (EU/UK GDPR and California CCPA)

Brick-by-Brick honors data protection rights established under the European Union General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

If you are in the EU, EEA, or UK (GDPR):

• Legal basis for processing. We process personal information on the legal basis of contract performance (delivering the Service you purchased), legitimate interest (Service improvement, security, fraud prevention), and consent (where explicitly requested).
• Data controller. Spacious Enterprises LLC, acting through the contact information in Section 14, is the data controller for personal information processed through the Service.
• International data transfer. Personal information is transferred to and processed in the United States. We rely on Standard Contractual Clauses with our sub-processors for lawful transfer where applicable.
• Right to lodge a complaint. You have the right to lodge a complaint with your local data protection supervisory authority if you believe your GDPR rights have been violated.
• Rights beyond Section 8. You additionally have the right to object to processing and the right to restrict processing in certain circumstances. Contact us to exercise these rights.

If you are a California resident (CCPA/CPRA):

• Categories of personal information we collect. Identifiers (email, name), commercial information (purchase history), internet activity (usage data), and professional information (company affiliation). See Section 1 for full detail.
• Sources. We collect personal information directly from you when you create an account or use the Service.
• Business purposes. Account management, Service delivery, payment processing, Service improvement, and support (see Section 3).
• Third parties we share with. We share personal information with sub-processors listed in Section 4 and in our Sub-Processor List.
• We do not sell personal information. We have not sold personal information in the preceding 12 months and do not intend to do so. The Service has no "Do Not Sell My Personal Information" link because we do not engage in any activity that would require one.
• We do not share for cross-context behavioral advertising. We do not use any tracking technology or data sharing arrangement that would qualify as "sharing" under the CPRA definition.
• Rights beyond Section 8. California residents have the right to know what personal information we collect and how we use it, the right to delete personal information, the right to correct inaccurate personal information, and the right to non-discrimination for exercising these rights. Contact us to exercise these rights.

General enforcement posture. Where a regional law grants you a right not enumerated above, we will honor that right to the extent required by applicable law. Contact us at the email address in Section 14 with any compliance questions.

10. Cookies & Security

We use a minimal cookie approach:

• Session Cookies — We use a single httpOnly, Secure, SameSite=Lax cookie (bxb_session) to maintain your authenticated session. This cookie is not accessible to JavaScript, preventing theft via cross-site scripting. It expires after 2 hours.
• No Tracking Cookies — We do not use cookies to track your behavior across websites or build advertising profiles.
• No Analytics Cookies — We do not use third-party analytics cookies (no Google Analytics, no Hotjar, no similar services).

Security Measures

• All connections use HTTPS/TLS with HSTS enforcement
• Content Security Policy, clickjacking prevention, and additional security headers on all responses
• All API endpoints are rate-limited to prevent abuse and brute-force attacks
• All user input is validated for length and content type before processing
• File uploads are validated by file type signature (magic bytes), not just file extension
• OAuth connector tokens are encrypted with AES-256-GCM before storage
• Authentication uses Passkey/WebAuthn as the primary method, with email and password (bcrypt-hashed) as a fallback for users without passkey-capable devices

11. Children's Privacy

Brick-by-Brick is a business-to-business service designed for professionals and is not designed for or directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete that information promptly.

12. International Data

The Service is operated from and data is processed in the United States via Cloudflare's global network. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

13. Language of Disclosures

All privacy disclosures, data handling descriptions, and consent mechanisms are provided in English only. Architects in non-English-speaking jurisdictions are responsible for understanding these disclosures in English prior to using the platform.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email to the address associated with your account. We will also update the "Effective Date" at the top of this page. Continued use of the Service after notification constitutes acceptance of the updated policy.

For changes to our list of sub-processors, see the Sub-Processor List, which maintains its own versioning and change log.

15. Contact

For privacy-related inquiries:

Spacious Enterprises LLC
Privacy: [email protected]
Legal: [email protected]
Website: brick-by-brick.ai

For a detailed overview of our data protection practices, infrastructure security, and compliance posture, see How We Protect Your Data. For a current list of sub-processors, see the Sub-Processor List.