Privacy Policy
This Privacy Policy describes what information AI Site Builder collects, how we use it, and the choices you have. We collect what we need to run the service and to understand how our pages are used. We do not sell your data, and we do not use your business content to train AI models.
Contents
1. Scope
This Policy applies to the AI Site Builder application and marketing pages served from sitebuilder.adcreator-ai.com and adcreator-ai.com, and to communications we send you. It does not cover the public websites you build and publish with the service — you are the operator of those sites and responsible for their own privacy practices. It also does not cover third-party services we link to.
The service is operated by 0xpi LLC, a Washington limited liability company ("we," "our," "us").
2. What we collect
Information you give us
- Account info: email address, password (stored bcrypt-hashed, never in plain text), and name (optional).
- Site content: the business name, industry, location, description, contact details, and any text or images you enter to generate and run your sites.
- Preview/trial info: if you generate a preview without an account, the email address you provide and the business details for that preview.
- Integration credentials: if you enable e-commerce or live shipping, your PayPal Client ID / email and Shippo API key. Your Shippo key is stored server-side and never exposed in your published site's code.
- Billing info: we do not store your credit card or bank details — PayPal does. We retain the PayPal subscription or order ID, payer ID, and plan associated with your account.
- Support correspondence: if you email us, we retain the message and our reply.
Information collected automatically
- Session data: a session cookie, the IP address of your connection, your user-agent, and request timing.
- Marketing attribution: UTM parameters (source, medium, campaign) captured when you arrive from an ad or link, so we can understand which channels work.
- Server logs: short-term request logs for debugging and security.
3. Analytics & session tools
We use the following on our own pages (not on the sites you publish):
| Tool | What it does | What it sees |
|---|---|---|
| Google Analytics (GA4) | Aggregate traffic and conversion analytics. | Page views, events (sign-ups, checkouts), approximate location, device/browser, referrer. IP is processed by Google per its terms. |
| Microsoft Clarity | Heatmaps and session replay of interactions on our pages. | Mouse movement, clicks, scrolls, and page content. Clarity automatically masks text input in form fields by default. We use this to find usability problems, not to identify you. |
These tools set their own cookies and may transfer data to Google and Microsoft respectively. If you prefer not to be measured, you can use a browser that blocks these scripts, a tracker-blocking extension, or your browser's "Do Not Track" / global privacy control. Blocking them does not affect your ability to use the service. We do not use advertising-retargeting pixels (e.g., Meta or TikTok pixels).
4. How we use it
- To operate the service: authenticate you, generate and host your sites, run e-commerce and shipping features you enable.
- To send service-related email: welcome and onboarding messages, trial/preview reminders, password resets, billing receipts, and security alerts. We do not send promotional email unrelated to your account.
- To bill you and respond to billing disputes through PayPal.
- To understand and improve the service through analytics (Section 3) and aggregated, anonymized usage analysis.
- To enforce our Terms and protect the service from abuse.
- To comply with legal obligations.
5. Who we share it with
We share data only with the third parties below, and only as needed to run the service:
| Recipient | What they receive | Why |
|---|---|---|
| PayPal | Your email and billing events. Your payment method stays with PayPal. | Subscription & rush-order billing. |
| AI model providers | The business description and prompts used to generate your site and ad copy. | Content generation. |
| Shippo | Ship-from ZIP, package weight, and a customer's destination ZIP at checkout (if you enable live rates). | Shipping-rate calculation. |
| Google Analytics, Microsoft Clarity | Usage and interaction data on our pages (Section 3). | Analytics & usability. |
| Let's Encrypt | The hostnames we serve. | HTTPS certificates. |
| Infrastructure providers | Network traffic in transit. | Delivering the service. |
We do not sell your personal data. We do not use your site content to train AI models. We may disclose information if compelled by a valid legal request, and will notify you unless legally prohibited.
6. Cookies
We use a first-party session cookie (sb.sid) to keep you signed in and to protect against cross-site request forgery. Google Analytics and Microsoft Clarity set their own cookies as described in Section 3. We do not use advertising cookies.
7. Data retention
- Account data and sites: retained for the life of your account. After cancellation, your sites and data are retained for a recovery window and then may be permanently deleted.
- Unclaimed previews: deleted after they expire (72 hours).
- Server logs: short-term, then purged.
- Billing records: retained as required for tax and accounting (typically up to 7 years).
- Analytics data: retained per Google's and Microsoft's default retention settings.
- Support correspondence: up to 2 years.
8. Security
- All traffic is HTTPS with valid TLS certificates.
- Passwords are hashed with bcrypt and never logged in plain text.
- Sessions are HttpOnly cookies; state-changing requests are CSRF-protected.
- Integration secrets (like your Shippo key) are stored server-side and stripped from published site code.
- The application runs behind a reverse proxy with HTTPS termination.
No system is impenetrable. If we become aware of a security incident affecting your data, we will notify affected users without undue delay.
9. Your choices
- Access / update: view and change your account details and site content from within the app.
- Export: request your generated site's HTML/CSS by emailing support@0xpi.com.
- Delete: cancel your subscription, then email us to request deletion of your account and sites.
- Opt out of analytics: block the analytics scripts in your browser (Section 3).
- Opt out of non-essential email: email us. Strictly transactional email (password resets, billing receipts, security alerts) cannot be opted out of while the account is active.
California residents have additional rights under the CCPA (right to know, delete, and non-discrimination). To exercise them, email support@0xpi.com; we will respond within 45 days.
10. Children
AI Site Builder is not directed at children under 18 and we do not knowingly collect their information. If you believe a child has provided us information, email us and we will delete it.
11. International users
The service is hosted in the United States and intended for U.S.-based users. If you access it from elsewhere, you do so on your own initiative and are responsible for local-law compliance. We have not implemented GDPR-specific data-subject-rights mechanisms.
12. Changes to this Policy
We may update this Policy. The "Last updated" date reflects the latest revision. Material changes will be announced in-app or by email before they take effect.
13. Contact
Privacy questions or data requests? Email support@0xpi.com.