Castle0Castle0

Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect information you provide directly: email address, name, and payment information. We also collect usage data including build history, API usage metrics, and application metadata. Authentication is handled through Supabase; we do not store passwords directly.

2. How We Use Your Information

We use your information to: provide and improve the Service, process payments through Stripe, send transactional communications, monitor system health, and enforce our Terms of Service. We do not sell your personal information to third parties.

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) enabled on all tables. BYOK API keys are encrypted at rest using AES-256-GCM. Developer API keys are stored as SHA-256 hashes - the plaintext key is only shown once at creation time. All data is transmitted over HTTPS.

4. Third-Party Services

We use the following third-party services:

  • Supabase - Authentication and database
  • Stripe - Payment processing
  • Vercel - Frontend hosting
  • Railway - Backend hosting
  • OpenAI / Anthropic - AI generation (when using Castle0 credits)

When using BYOK, your API key is sent directly to the respective AI provider. Castle0 does not store prompts or generated content beyond what is needed for the build session.

5. Your Code and Applications

Code generated through the Service is yours. We may temporarily store build artifacts for the purpose of hardening and deployment. We do not access, use, or share your application code for any purpose other than providing the Service.

6. Data Retention

Account data is retained while your account is active. Credit transaction history is retained for accounting purposes. You may request deletion of your account and associated data by contacting support. Build logs are retained for 90 days.

7. Cookies

We use essential cookies for authentication (Supabase session) and theme preference (castle0-theme). We do not use tracking cookies or third-party analytics cookies.

8. Your Rights

You have the right to: access your personal data, correct inaccurate data, request deletion of your data, export your data, and withdraw consent. To exercise these rights, contact us at the email below.

9. Contact

For privacy questions or data requests, contact us at support@castle0.app.