OOretz Factory← Back

Privacy Policy

Last updated: 2026-05-17

This policy explains what data OOretz Factory (“we”, “OOretz”) collects, how we use it, and your rights. We’re an AI app generation service — most of the data we process is the prompts you submit and the code we generate for you.

1. Data we collect

  • Account data: email, name, organization, OAuth tokens if you sign in via Google or GitHub.
  • Prompts and generated code: the natural-language descriptions you send, the manifests we extract, the source code we generate.
  • Build telemetry: bridge node logs, compiler errors, repair-loop attempts, build durations.
  • Usage metrics: jobs created, AI calls made, models used, tokens consumed, artifacts downloaded.
  • Operational logs: request IPs, user agents, timestamps. Retained 90 days (free), 365 days (pro), 7 years (enterprise opt-in).

2. Data we do not collect

  • We do not sell your data. Ever.
  • We do not train models on your prompts. AI providers we route to (Anthropic, OpenAI, Google) have their own data policies — when on the Pro / Enterprise tier, we route via API endpoints with training opt-out enabled.
  • We do not read your private prompts for support unless you explicitly include them in a support ticket.

3. How we use your data

  • To run your factory jobs: parsing intent, generating code, building artifacts, capturing proof.
  • To bill you on Pro / Enterprise.
  • To improve our prompts and pipeline by analyzing aggregate, anonymized metrics (job durations, error patterns, repair cycle counts) — never tied to your specific prompts.
  • To send transactional emails (account verification, build completion, billing) and — only with opt-in — product updates.

4. Who we share with

  • AI providers: Anthropic, OpenAI, Google, Mistral, Cohere. They process your prompts to generate responses. See their respective policies.
  • Infrastructure: Supabase (database, auth), AWS Lightsail (hosting), Cloudflare (CDN, WAF), Resend (email).
  • Payment: Stripe (Pro tier billing).
  • Legal:when required by law, subpoena, or to prevent imminent harm. We’ll notify you unless legally prohibited.

Full subprocessor list available on request — email [email protected].

5. Your rights

Under GDPR (EU/UK), CCPA (California), and similar regimes, you have rights to:

  • Access: request a copy of your data — see DPA or email [email protected].
  • Erase: delete your account and personal data. Audit logs may be retained for legal compliance (see below).
  • Port: export your data as JSON/JSONL.
  • Object: opt out of marketing emails at any time.

Requests are honored within 30 days. No fee for first request per 12-month period.

6. Retention

  • Account data: until account deletion + 30 day grace.
  • Generated artifacts: 30 days (free), 365 days (pro), unlimited (enterprise, configurable).
  • Build logs: see “operational logs” above.
  • Audit log: retained per compliance requirements (default 7 years on enterprise tier).
  • Invoice + tax data: 7 years (legal requirement).

7. International transfers

Default infrastructure is US (AWS us-east-1). EU customers can opt into EU-only routing (eu-west-1 + eu-central-1). Transfers from EU to US use Standard Contractual Clauses (SCCs).

8. Cookies

We use a single session cookie for authentication. No third-party tracking cookies. No advertising cookies. The session cookie expires when you sign out.

9. Children

OOretz Factory is not directed at children under 16. We do not knowingly collect data from anyone under 16.

10. Changes to this policy

When this policy changes materially, we email all active accounts at least 30 days before the change takes effect. The current version is always at this URL with a “last updated” timestamp.

11. Contact

Privacy questions: [email protected].
Data Protection Officer: [email protected].