Privacy Policy
Last updated: June 1, 2026
Contents
1. Information we collect
Information you provide
- Account & contact: your email address, used to create sites, sign in via magic link, and receive service emails.
- Content: the prompts, text, images, files, and business details you enter or upload to build and customize your sites.
- Refactor input: a website URL you ask us to analyze, and business details we retrieve to improve your site (see "From other sources").
- Payment information: when you subscribe or buy credits, our payment processor (Stripe) collects your card and billing details. We do not store full card numbers; we receive limited information such as your billing email, plan, and payment status.
- Communications: messages you send us (e.g., support or abuse reports).
Information collected automatically
- Usage & log data: pages viewed, features used, requests, timestamps, and approximate location derived from IP address.
- Device data: browser type, device, and similar technical information.
- Cookies: essential cookies for sign-in/session and billing, and limited analytics — see Cookies & analytics.
From other sources
- Business data providers: when you request site generation or enrichment, we may retrieve public business information (e.g., from Google Places) such as name, address, hours, photos, and reviews to populate your site.
- Authentication providers: if you sign in as an administrator with Google, we receive basic profile information (name, email, avatar).
2. How we use information
- Provide, operate, and maintain the Service, including generating and hosting your sites.
- Process payments, manage subscriptions, and meter AI credit usage.
- Communicate with you about your account, security, and updates.
- Protect the Service: detect, prevent, and respond to fraud, abuse, and security or Acceptable-Use violations.
- Analyze and improve the Service, including aggregate usage analytics.
- Comply with legal obligations and enforce our Terms.
3. AI processing
The Service uses AI models to generate text, images, and layouts from the prompts and content you provide. Your inputs are processed by our AI infrastructure (currently Cloudflare Workers AI) to produce output for your site. We screen prompts for prohibited content per our Acceptable Use Policy. Do not submit sensitive personal information you don't want processed to generate a website.
4. Cookies & analytics
- Essential cookies keep you signed in (admin sessions and the billing sign-in cookie) and are required for the Service to work.
- Analytics: we use privacy-respecting analytics to understand aggregate usage (such as page views and feature use) and improve the Service. We aim to use measurement that does not build advertising profiles of you.
- You can control cookies through your browser settings; blocking essential cookies may break sign-in.
5. How we share information
We do not sell your personal information. We share it only:
- With service providers who process data on our behalf to run the Service (see below), under appropriate confidentiality and data-processing terms.
- For legal reasons — to comply with law, respond to lawful requests, or protect the rights, safety, and security of users, the public, or Caddisfly (including reporting child-exploitation content to authorities).
- In a business transfer — if Caddisfly is involved in a merger, acquisition, or sale of assets, subject to this Policy.
- With your direction — for example, content you choose to publish on your live site.
6. Our service providers
| Provider | Purpose |
|---|---|
| Cloudflare | Hosting, edge delivery, storage, and AI model inference |
| Stripe | Payment processing and subscription billing |
| Resend | Transactional & sign-in emails |
| Google (Places) | Public business information for site generation/enrichment |
| Pexels | Stock imagery used in generated sites |
| Google (OAuth) | Optional administrator sign-in |
These providers process information under their own terms and privacy policies. We work to use reputable providers with appropriate safeguards.
7. Data retention
We retain your information for as long as your account is active or as needed to provide the Service, and afterwards as required to comply with legal obligations, resolve disputes, and enforce our agreements. When you delete your account or we terminate it, we delete or de-identify your personal information and site content within a reasonable period, except where retention is legally required. Please export anything you wish to keep before closing your account.
8. Your privacy rights
Depending on where you live, you may have rights to:
- Access the personal information we hold about you, and request a copy (portability).
- Correct inaccurate information.
- Delete your information.
- Object to or restrict certain processing, and withdraw consent where processing is based on consent.
- Not be discriminated against for exercising your rights.
If you are in the EEA/UK, we process personal data under legal bases including performance of a contract, legitimate interests, consent, and legal obligation. If you are a California resident, we do not sell or "share" your personal information for cross-context behavioral advertising. To exercise any right, contact us at privacy@caddisfly.ai; we may need to verify your identity.
9. Security
We use technical and organizational measures designed to protect your information, including encryption in transit and access controls. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. Keep your email account secure, since magic-link sign-in relies on it.
10. International transfers
Caddisfly runs on globally distributed infrastructure, so your information may be processed in countries other than your own. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for international transfers.
11. Children
The Service is not directed to children, and you must be at least 18 (or the age of majority in your jurisdiction) to use it. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.
12. Sites you build & your visitors
When you publish a site with Caddisfly, you are responsible for the content of that site and for any personal information you collect from your visitors. For data you collect through your own site, you are the data controller and must provide your own privacy notices and comply with applicable laws. Caddisfly acts as a processor/host for that content.
13. Changes to this Policy
We may update this Policy from time to time. We will update the "Last updated" date and, for material changes, provide additional notice where appropriate. Your continued use of the Service after changes take effect constitutes acceptance.
14. Contact
Questions or requests regarding privacy: privacy@caddisfly.ai.
See also our Terms of Service.