Privacy Policy

Last Updated: February 11, 2026

1. Introduction

Rapid Circle ("we", "us", or "our") operates Rapid Build. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service. This policy applies to all users of the platform, including visitors to our public gallery and end-users of deployed applications that include our embeddable widget.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name, first name, and last name
  • Email address (used as your primary identifier)
  • Email domain (derived from your email, used for organization grouping)
  • Microsoft Entra External ID (identity provider identifier)
  • Account timestamps (signup, activation, first login, last login, terms acceptance)
  • Optional: booking link URL (e.g., Calendly) and GitHub username

2.2 Company and Organization Data

Based on your email domain, we may automatically collect or allow you to provide:

  • Company name and description
  • Company website content (automatically fetched for non-personal email domains to provide AI context)
  • Industry classification codes
  • Company logo, color palette, and branding information

2.3 Submission and Specification Data

When you use the core Service, we collect:

  • Problem descriptions and software requirements you provide
  • AI-generated specifications, technical plans, design documents, and delivery plans
  • AI chat conversation history (full message logs between you and the AI assistant)
  • Submission metadata: titles, status, privacy settings, timestamps, and workflow progression
  • Submission event logs (audit trail of all actions taken on each submission)

2.4 Build and Deployment Data

When software is built and deployed for you, we store:

  • GitHub repository names and URLs
  • GitHub issue and pull request references
  • Azure resource identifiers (resource groups, storage accounts, web apps)
  • Deployment site URLs and access credentials
  • Build status, timing data, and AI model selection preferences

2.5 Widget Analytics Data (Deployed Sites)

If your deployed application includes our embeddable widget, we collect the following from end-users who visit your site:

  • Page views: URL path, page title, referrer domain (full URL is not stored)
  • Session data: anonymous session identifier (not linked to any personal identity)
  • Device information: browser type, operating system, device category, screen dimensions
  • Geographic location: country and region (derived from IP address — the IP address itself is never stored)
  • Time spent on pages
  • UTM campaign parameters (source, medium, campaign name)
  • Custom events configured by the site owner

2.6 Widget Feedback Data (Deployed Sites)

If end-users interact with the feedback widget on your deployed site, we collect:

  • Feedback conversation messages (multi-turn dialogue with AI assistant)
  • Selected page elements (CSS selector, text content, HTML snippet) for context
  • AI-generated feedback summaries, categories (bug, feature request, improvement, question), and priority assessments
  • Page URL and title where feedback was initiated
  • Browser user agent string

2.7 Technical and Security Data

  • Authentication tokens and session cookies (managed by Azure Static Web Apps)
  • Rate limiting data: IP address hashes and request counts (for abuse prevention on public endpoints)
  • Honeypot fields for bot detection (automated submissions)

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Process your submissions, generate specifications, build and deploy software, and manage your account
  • AI Processing: Send your problem descriptions, requirements, company context, and conversation history to Azure OpenAI to generate specifications, plans, assessments, and code
  • GitHub Integration: Create repositories, manage issues, orchestrate AI coding agents, and share project access on your behalf
  • Email Communications: Send transactional emails including welcome messages, project sharing notifications, and build status updates
  • Analytics: Provide site owners with aggregated usage analytics for their deployed applications
  • Feedback Processing: Analyze end-user feedback using AI and convert it into actionable GitHub issues
  • Service Improvement: Use anonymized and aggregated data to improve AI quality, platform performance, and user experience
  • Security: Prevent fraud, abuse, and unauthorized access through rate limiting and bot detection
  • Gallery: Showcase completed projects publicly (project summaries, screenshots, and pricing — not personal information)

4. AI Data Processing

The Service relies heavily on AI processing. You should be aware that:

  • Your problem descriptions, chat messages, company context, and specifications are sent to Azure OpenAI Service (hosted in Microsoft Azure data centers) for processing
  • Azure OpenAI does not use your data to train or improve its models (per Microsoft's data processing terms)
  • AI-generated content (specifications, plans, code) is stored in our platform and may be accessed by Rapid Circle engineers managing your project
  • Feedback conversations from the embeddable widget are also processed by Azure OpenAI for summarization and categorization

5. Data Sharing

We share your data only in the following circumstances:

  • Organization Members: Users within the same email domain can see shared submissions and company context
  • Azure OpenAI: Your content is sent to Azure OpenAI for AI processing (see Section 4)
  • GitHub: Repository content, issues, and collaborator access are managed through GitHub's platform
  • Microsoft Entra External ID: Account provisioning and authentication are handled through Microsoft's identity platform
  • Azure Logic Apps: Email delivery is processed through Azure Logic Apps
  • Microsoft Azure: All data is stored and processed within Microsoft Azure infrastructure
  • Company Websites: We may automatically fetch publicly available content from your company's website to provide context for AI conversations
  • Public Gallery: If your project is showcased, project summaries, screenshots, industry classifications, and pricing are publicly visible (no personal information is included without consent)
  • Legal Requirements: When required by law, regulation, or legal process

We do not sell your personal information to third parties.

6. Data Storage and Location

All data is stored in Microsoft Azure infrastructure:

  • Azure Table Storage: User accounts, submissions, specifications, chat history, analytics, feedback, events, and company data
  • Azure Blob Storage: Large documents and overflow content
  • Azure Storage Queues: Email delivery queue with retry capabilities
  • Azure Application Insights: Platform telemetry and performance monitoring

7. Data Security

We implement the following security measures:

  • Encryption in transit (HTTPS/TLS for all communications)
  • Encryption at rest (Azure Storage encryption)
  • Authentication via Microsoft Entra External ID (enterprise-grade identity management)
  • Role-based access controls (anonymous, authenticated, admin)
  • Route-level protection enforced by Azure Static Web Apps configuration
  • Content Security Policy, X-Frame-Options, and other security headers
  • Rate limiting and bot detection on public endpoints
  • CORS-based origin validation for widget endpoints

8. Data Retention

  • Active Accounts: Data is retained for as long as your account is active
  • Pending Signups: Unactivated signups are automatically removed after 30 days
  • Pending Submissions: Pre-authentication submissions expire after 7 days if not claimed
  • Widget Analytics: Page view data is retained and aggregated into daily statistics
  • Audit Logs: Submission event logs are retained for the lifetime of the submission
  • Deleted Submissions: Soft-deleted submissions are retained but hidden from view
  • You may request full deletion of your data at any time (see Section 9)

9. Your Rights

You have the right to:

  • Access your personal data and submission history
  • Correct inaccurate profile information
  • Delete your account and associated data
  • Export your specifications, plans, and submission data
  • Restrict Processing — request that we limit how your data is used
  • Object to specific data processing activities
  • Withdraw Consent for non-essential data processing
  • Request Removal of your project from the public gallery

To exercise any of these rights, contact us at privacy@rapidcircle.com.

10. Widget and End-User Privacy

If you deploy an application that includes the Rapid Build widget:

  • You are the data controller for analytics and feedback data collected from your site's end-users
  • Rapid Circle acts as a data processor, collecting and storing this data on your behalf
  • We do not store end-user IP addresses — geographic data is derived from IP but the IP is discarded
  • End-user sessions are anonymous (no personal identifiers are collected via the widget)
  • You are responsible for providing appropriate privacy notices to your site's end-users in compliance with applicable data protection laws (e.g., GDPR, CCPA)

11. Cookies and Tracking

We use the following cookies and tracking mechanisms:

  • Authentication Cookies: Essential cookies managed by Azure Static Web Apps for user sessions (required for the Service to function)
  • Widget Session ID: A randomly generated anonymous session identifier stored in the browser for analytics aggregation (not a tracking cookie)

We do not use advertising cookies, third-party tracking pixels, or cross-site tracking technologies.

12. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it.

13. International Data Transfers

Your data is processed and stored in Microsoft Azure data centers. Depending on your location, this may involve international data transfers. Microsoft Azure provides appropriate safeguards for international transfers in compliance with applicable data protection regulations.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. The "Last Updated" date at the top will always reflect the most recent revision.

15. Contact Us

For privacy-related questions, data access requests, or complaints, please contact us at privacy@rapidcircle.com.