Privacy Policy

BuilderGraph is operated by Raintree. For anything in this policy, contact admin@raintree.technology. This policy covers two distinct kinds of data: information about you as a user of the Service, and publicly available open-source activity data we index as a product.

• Account data — name, email, avatar, and (if you sign in with GitHub or Google) the profile identifiers those providers share. Used to operate your account; legal basis: contract.
• Session data — IP address and user agent stored with active sessions for security (detecting stolen sessions). Deleted with the session.
• Billing data — payments are processed by Stripe; we never see or store card numbers. We keep subscription status, plan, and the billing email. Legal basis: contract, and legal obligation for financial records.
• API usage — per-endpoint request counts tied to a hashed API key, used for the usage dashboard and abuse prevention. The hash cannot be reversed into your key.
• Emails you send us — lead and report request forms store what you submit (email, company, request). Legal basis: legitimate interest in responding.

The product indexes publicly available open-source development activity: repository metadata, contributor logins and public profile fields (name, company, location, bio as published on GitHub), and contribution counts, sourced from the public GitHub API and Electric Capital’s crypto-ecosystems registry. Legal basis: legitimate interest in making already-public open-source activity searchable. We do not index private repositories, email addresses, or any non-public data.

If you are a developer and want your profile removed from the index, email admin@raintree.technology from an address that can be linked to the GitHub account (or open an issue from that account) and we will exclude it.

We set strictly-necessary session cookies to keep you signed in — no advertising or cross-site tracking cookies, which is why there is no cookie banner. Web analytics run on Vercel Analytics, which is cookieless and does not track you across sites.

• Cloudflare — hosting, database, and network security
• Vercel — website hosting and cookieless analytics
• Stripe — payment processing
• Resend — transactional email (sign-in links, receipts)
• GitHub / Google — only if you choose OAuth sign-in

We do not sell personal data, and we do not share it with anyone else except where required by law.

Account data lives until you delete your account. Sessions expire after 30 days. Financial records (subscription rows mirroring Stripe) are retained as required for tax and accounting. Indexed public data is retained while it remains public at the source and relevant to the product.

You can delete your account — including sessions, sign-in methods, claims, and API keys, with active subscriptions canceled — at any time from your account page. Depending on where you live (GDPR, UK GDPR, CCPA), you may also have rights to access, correct, export, or restrict processing of your data, and to complain to a supervisory authority. Email admin@raintree.technology to exercise any of these; we respond within 30 days.

Material changes to this policy will be posted here with a new effective date, and announced by email to paid customers.