Rib CreativeStart

Privacy Policy

Rib Creative collects and processes data needed to operate the AI-assisted builder, hosted apps, workspaces, exports, integrations, payments, support, security, and essential communications.

Data we collect and process

The data we process depends on how you use Rib Creative and which features you enable. We may process the following categories of data:

  • Account data, such as name, email, login method, profile details, authentication events, and settings.
  • Workspace data, such as members, invitations, roles, permissions, plan, billing status, and audit metadata.
  • Builder data, such as prompts, messages, instructions, attachments, screenshots, uploaded files, generated code, app copy, design assets, version history, build logs, project configuration, and agent activity.
  • Hosted runtime data, such as app configuration, environment variables, project secrets, auth users, database records, storage objects, emails, webhook events, exports, deployment metadata, and operational logs.
  • Usage and device data, such as IP-derived location, user agent, device type, pages viewed, referrer, workspace actions, feature usage, error events, performance data, and security signals.
  • Support and communications data, such as messages, attachments, issue details, and feedback.
  • Billing data, such as plan, invoices, payment status, credits, top-ups, usage records, and Stripe IDs.

Why we process data

We use data to authenticate users, operate workspaces, generate and modify projects, provide previews and hosted apps, process exports, run builds, connect integrations, provide support, send essential communications, measure usage, bill for services, detect abuse, secure the platform, debug errors, enforce terms, comply with law, and improve Rib Creative.

AI providers and generated projects

When you use AI-assisted features, prompts, messages, files, project context, generated code, screenshots, logs, and other relevant data may be sent to AI providers or model infrastructure so the platform can generate, edit, explain, test, or debug your project. AI providers may process that data under their own service terms, privacy terms, enterprise settings, retention rules, and safety policies.

Do not submit data to the builder unless you have the right to use it. Avoid entering passwords, private keys, production secrets, payment card numbers, health data, government identifiers, highly sensitive data, or regulated data unless you are authorized to do so and the feature is appropriate for that data.

Your projects, exports, and hosted apps

Rib Creative is designed to let users export projects and operate them outside the platform. While a project is hosted, previewed, built, or operated on Rib Creative infrastructure, we may process project files, runtime data, app logs, public URLs, assets, thumbnails, database data, storage data, auth data, and analytics needed to provide the service. Once you export or host a project outside Rib Creative, the hosting, telemetry, visitor data, secrets, databases, payments, and security controls are governed by your chosen providers and your app configuration.

If you publish an app, visitors and end users may submit data through forms, authentication, checkout, database-backed features, storage uploads, or other workflows you configure. You are responsible for giving your end users appropriate privacy notices and for using their data lawfully.

Integrations and OAuth

If you connect services such as GitHub, Google, Stripe, Supabase, email, storage, analytics, deployment, or other providers, Rib Creative may store and use tokens, scopes, account identifiers, repository metadata, file metadata, project metadata, database metadata, webhook events, and sync status needed to provide the integration. You can usually revoke third-party access through the provider or Rib Creative settings, though revocation may disable connected features.

Stripe and payments

If you configure Stripe for a project, Stripe may collect and process identity, business, tax, banking, risk, fraud, and compliance information through Stripe-hosted payment and account management surfaces. Rib Creative does not need to collect or store sensitive bank account details for user-app payment setup.

Rib Creative may receive and store operational payment metadata from Stripe, including account identifiers, account status, configured-secret metadata, payment status, refund or dispute indicators, webhook event identifiers, timestamps, and project or workspace metadata. We use this information to operate payment features, show connector status, respond to risk events, and support users.

Stripe may act as an independent controller or service provider for parts of payment processing, account management, risk review, compliance, and fraud prevention. Your use of Stripe is also subject to Stripe's privacy terms and applicable Stripe service terms.

Analytics, cookies, and operational logs

Analytics, cookies, local storage, and operational logging may apply to Rib Creative websites, dashboard surfaces, builder sessions, preview URLs, and apps hosted on Rib Creative domains or infrastructure. This may include page views, referrers, device information, coarse location, IP address, user agent, feature usage, errors, performance metrics, and security events. When you export or host content outside Rib Creative, visitor data and tracking are controlled by your chosen hosting provider, analytics tools, and app configuration.

Sharing and subprocessors

We may share data with service providers and subprocessors that help us provide Rib Creative, including hosting, cloud infrastructure, AI model providers, payments, billing, email delivery, analytics, monitoring, storage, databases, customer support, security, and compliance providers. We may also disclose data when required by law, to protect the rights and safety of users or third parties, to investigate abuse, or as part of a business transaction such as a merger, acquisition, financing, or sale of assets.

Retention, deletion, and export

We keep data for as long as needed to provide the platform, maintain accounts and workspaces, operate hosted apps, comply with legal or financial obligations, resolve disputes, enforce terms, maintain security, and preserve backups. You may request account deletion or project deletion, and you may export supported project files from the platform. Some data may remain for a limited period in backups, logs, billing records, fraud prevention records, legal records, or third-party provider systems where retention is required or technically necessary.

Privacy rights

Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain processing of your personal data. You may also have the right to withdraw consent where processing is based on consent. To make a request, contact us using the email below. We may need to verify your identity and workspace authority before fulfilling a request.

International processing and security

Rib Creative and its providers may process data in countries other than where you live or where your end users are located. We use technical and organizational measures designed to protect data, but no online service can guarantee absolute security. You are responsible for configuring your projects, exports, secrets, access controls, integrations, and end-user workflows securely.

Questions or deletion requests? Email support@ribcreative.com.