Privacy Policy

1. Information We Collect

Stackbilder collects the following information when you use our service:

  • Account information (name, email address) via OAuth providers
  • Authentication session data for access management
  • Flow execution data (intentions, scaffold artifacts, governance output)
  • Image generation data (prompts, quality tier selections)
  • Usage metrics for service improvement

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the scaffolding and image generation services
  • Authenticate and authorize access to your account
  • Improve quality of generated artifacts and governance output
  • Monitor service health and performance

3. Data Storage and Retention

Your data is stored on Cloudflare's global network using D1, KV, and R2 storage. Flow artifacts and generated images are associated with your account and are not shared with other users. Session tokens are managed via secure HTTP-only cookies.

  • Generated images — stored in R2 and retained for 30 days from creation, then automatically deleted. You may delete images sooner via the API (DELETE /v2/jobs/:id).
  • Transient inputs — source images and mask files uploaded for inpainting or img2img operations are deleted within 24 hours of job completion.
  • Job history and prompts — retained alongside generated images and deleted on the same 30-day schedule or on account deletion.
  • Session and routing data — MCP gateway session tokens and anonymized intent-routing logs are stored in Cloudflare KV and expire after 90 days.

The live retention policy for image generation is available at GET /v2/retention-policy.

4. Third-Party Services

Stackbilder uses the following third-party services:

  • Cloudflare Workers AI (image generation — Draft and Standard tiers)
  • Google Gemini API (image generation — Ultra and Ultra+ tiers)
  • OpenAI API (image generation — ultra-tier accounts with Stackbilt-managed access; prompts sent to OpenAI are subject to OpenAI's privacy policy)
  • Cerebras API (optional LLM polish for Pro tier scaffolds)
  • GitHub and Google (OAuth authentication)

Prompts and flow context may be sent to these providers as part of the generation process. No personal account information is shared with AI providers.

5. Your Rights

You can delete individual generated images via DELETE /v2/jobs/:id — this removes both the job record and the associated R2 object immediately. For full account deletion and removal of all associated data, contact us at the address below. Flow artifacts and generated images can be exported before deletion.

6. Contact

For privacy inquiries, contact us at admin@stackbilt.dev.

Last updated: June 2026

Terms of Service