Install Figma PluginPrivacy Policy
Last updated: January 2025
This Privacy Policy explains how Deuslink Software LLC ("Company", "we", "us") collects, uses, and protects your information when you use UpBuilder ("Services", "App", "Site").
Deuslink Software LLC 20933 Rubles Mill CT, Ashburn, VA 20147 support@upbuilder.ai
Quick Overview
| What We Collect | How We Use It | Your Rights |
|---|---|---|
| Account info, payment data, design files | Provide services, process payments, improve AI | Access, correct, delete, export your data |
| Usage data, cookies | Analytics, security, personalization | Opt-out of tracking, manage cookies |
| OAuth tokens (Figma, Webflow) | Connect to your design tools | Revoke access anytime |
1. Information We Collect
1.1 Personal Data You Provide
When you create an account or use our services, we may collect:
- Name and email address
- Billing address and payment information
- Contact preferences and communication history
- Account credentials and authentication data
1.2 Payment Data
Payment information is processed and stored securely by our payment processor, Stripe. We do not store full credit card numbers on our servers. We receive only the last four digits, card type, and expiration date for display purposes.
1.3 Social Media Login Data
If you register using Google, GitHub, or other OAuth providers, we collect basic profile information as permitted by those platforms, including:
- Email address
- Display name
- Profile picture URL
- Unique identifier from the OAuth provider
1.4 Design Files and Content
We process the Figma files you connect to provide our code conversion services. This includes:
- Design file content (layers, components, styles, assets)
- File metadata (names, creation dates, version history)
- Figma user profile information associated with connected files
1.5 Automatically Collected Information
We automatically collect certain technical information, including:
- IP address and approximate geographic location
- Device specifications and operating system
- Browser type, version, and settings
- Usage patterns, interaction data, and feature engagement
- Referring URLs and navigation paths
- Timestamps of access and actions
1.6 Cookies and Tracking Technologies
We use cookies, web beacons, and similar technologies to collect information. See our Cookie Policy section below for details.
1.7 Sensitive Data
We do not intentionally process sensitive personal information such as race, religion, political opinions, health data, biometric data, or genetic data.
2. Third-Party Platform Integrations
2.1 Figma Integration
When you connect your Figma account via OAuth, UpBuilder accesses:
- Design file content including layers, components, styles, images, and typography settings
- File metadata including file names, creation dates, modification history, and collaborator information
- User profile information including your Figma display name and email address
Data Flow: UpBuilder maintains bi-directional data access with Figma as required by Figma's Developer Terms. We may read design data and write metadata back to Figma files (such as export status or plugin settings).
Scope Permissions: We request only the minimum necessary scopes (file_content:read, file_metadata:read) required to provide our services.
2.2 Webflow Integration
When you connect your Webflow account via OAuth, UpBuilder accesses:
- Site structure including pages, collections, and navigation
- CMS data including collection schemas and content (if applicable)
- Publishing permissions to export generated code directly to your Webflow sites
- User profile information including your Webflow email and workspace membership
Purpose: We access this data solely to export generated code to your designated Webflow sites and projects.
2.3 AI Processing (OpenAI)
Your design files are processed by OpenAI's API to generate code. This processing includes:
- Analysis of design structure, layout, and visual elements
- Generation of HTML, CSS, and JavaScript code
- Style extraction and responsive breakpoint calculations
Data Handling by OpenAI: Per our agreement with OpenAI, your data submitted via their API is NOT used to train OpenAI's models. OpenAI retains API inputs and outputs for up to 30 days for abuse monitoring, after which it is deleted.
2.4 OAuth Credential Security
We implement industry-standard security measures for OAuth tokens:
- Encryption at rest: Access tokens are encrypted using AES-256 encryption
- Transmission security: Tokens are transmitted only over HTTPS/TLS 1.3
- Access controls: Tokens are stored in secure, access-controlled databases with audit logging
- Minimal retention: Tokens are used solely to provide requested functionality
- User control: You may revoke access at any time through your Figma or Webflow account settings, or by disconnecting the integration in UpBuilder
3. How We Use Your Information
We use the information we collect to:
- Provide Services: Deliver, maintain, and improve UpBuilder's design-to-code conversion functionality
- Process Transactions: Manage your account, subscriptions, and billing
- AI Processing: Analyze your designs and generate code using artificial intelligence
- Improve Our AI: Enhance our AI models and conversion accuracy (using anonymized, aggregated data only)
- Communicate: Send security alerts, product updates, technical notices, and support messages
- Customer Support: Respond to your questions, requests, and feedback
- Analytics: Understand usage patterns to improve user experience
- Legal Compliance: Comply with legal obligations and enforce our terms
- Security: Detect, prevent, and address fraud, abuse, and security issues
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Account creation and service delivery | Performance of contract |
| Payment processing | Performance of contract |
| Design file processing and code generation | Performance of contract |
| Security and fraud prevention | Legitimate interest |
| Service improvement and analytics | Legitimate interest |
| Marketing communications | Consent (opt-in) |
| Cookie tracking (non-essential) | Consent (opt-in) |
| Legal compliance | Legal obligation |
5. Information Sharing and Disclosure
5.1 Service Providers
We share data with trusted third-party vendors strictly for operational purposes:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Cloud Platform | Infrastructure hosting | All service data (encrypted) |
| Amazon Web Services | File storage, CDN | Design files, generated code |
| OpenAI | AI code generation | Design file content |
| Stripe | Payment processing | Billing information |
| Resend | Transactional email | Email address, name |
| Figma | Design platform integration | OAuth tokens, file access |
| Webflow | Publishing platform | OAuth tokens, generated code |
All service providers are contractually bound to protect your data and use it only for specified purposes.
5.2 Legal Requirements
We may disclose your information if required by:
- Law, regulation, or legal process
- Court order or government request
- Protection of our rights, safety, or property
- Protection of users or the public from harm
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and any choices you may have.
5.4 No Sale of Personal Information
We do NOT sell your personal information to third parties. We do not share your personal information with third parties for their direct marketing purposes.
6. Data Retention
6.1 Design Files
- Active processing: Design files are retained only for the duration necessary to complete the conversion
- Cached results: Processed results may be cached for up to 30 days for performance optimization
- After processing: Original design file data is deleted within 90 days unless you request earlier deletion
6.2 Account Data
- Active accounts: Account information is kept as long as your account is active
- After cancellation: Core account data retained for up to 1 year to facilitate reactivation
- Legal retention: Some data may be retained longer as required by law (tax records: 7 years)
6.3 OAuth Tokens
- Figma tokens: Retained until you disconnect or revoke access
- Webflow tokens: Retained until you disconnect or revoke access
- Automatic expiration: Tokens may expire per platform policies (Webflow: 365 days of inactivity)
6.4 After Account Deletion
Upon account deletion request, we will delete or anonymize your personal data within 30 days, except where retention is required by law or for legitimate business purposes (fraud prevention, legal claims).
7. Your Privacy Rights
7.1 Rights Under State Privacy Laws
Depending on your location, you may have rights under laws such as:
- CCPA/CPRA (California)
- VCDPA (Virginia)
- CPA (Colorado)
- CTDPA (Connecticut)
- UCPA (Utah)
- And other state privacy laws
These rights may include:
| Right | Description |
|---|---|
| Access | Request copies of your personal data |
| Correction | Request correction of inaccurate or incomplete data |
| Deletion | Request deletion of your personal data |
| Portability | Request transfer of your data in a machine-readable format |
| Opt-out of Sale/Sharing | Opt out of the sale or sharing of personal information |
| Restrict Processing | Request limitation of how we process your data |
| Non-Discrimination | Exercise rights without discriminatory treatment |
7.2 How to Exercise Your Rights
To exercise any of these rights:
- Email: support@upbuilder.ai
- Subject line: "Privacy Rights Request"
- Include: Your full name, email address, and specific request
We will respond within 45 days (or shorter if required by applicable law). We may request verification of your identity before processing your request.
7.3 Right to Opt-Out of Sale/Sharing
We do not sell or share your personal information as defined by the CCPA/CPRA. However, if this changes, you may opt out by:
- Clicking the "Do Not Sell or Share My Personal Information" link in our website footer
- Enabling Global Privacy Control (GPC) in your browser—we honor GPC signals
7.4 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. We may require verification that you authorized the agent.
7.5 Appeals
If we deny your privacy request, you may appeal by contacting us at support@upbuilder.ai with "Privacy Appeal" in the subject line.
8. GDPR Rights (European Users)
If you are located in the EEA, UK, or Switzerland, you have additional rights under GDPR:
- Right of access (Article 15)
- Right to rectification (Article 16)
- Right to erasure (Article 17)
- Right to restrict processing (Article 18)
- Right to data portability (Article 20)
- Right to object (Article 21)
- Rights related to automated decision-making (Article 22)
8.1 Data Controller
Deuslink Software LLC is the data controller for your personal data.
8.2 EU Representative
For users in the European Union, our EU Representative can be contacted at:
- Email: eu-representative@upbuilder.ai
- Address: [EU Representative Address - To Be Designated]
8.3 Supervisory Authority
You have the right to lodge a complaint with a supervisory authority in your country of residence.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States.
9.1 Transfer Mechanisms
We rely on the following mechanisms for lawful data transfers:
- EU-U.S. Data Privacy Framework (DPF): We are committed to complying with the EU-U.S. Data Privacy Framework principles
- UK-U.S. Data Bridge: For transfers from the United Kingdom
- Standard Contractual Clauses (SCCs): Where DPF is not applicable
9.2 Safeguards
We ensure appropriate safeguards are in place to protect your data, including encryption, access controls, and contractual obligations with service providers.
10. Cookie Policy
10.1 What Are Cookies
Cookies are small text files stored on your device when you visit websites. We use cookies and similar technologies (web beacons, pixels, local storage) to provide and improve our services.
10.2 Types of Cookies We Use
| Category | Purpose | Examples |
|---|---|---|
| Strictly Necessary | Essential for site functionality | Authentication, security, load balancing |
| Functional | Remember your preferences | Language, theme settings |
| Analytics | Understand usage patterns | Page views, feature usage, error tracking |
| Marketing | Deliver relevant advertising | Ad targeting, conversion tracking |
10.3 Cookie Consent
- United States: We use an opt-out model. You may opt out of non-essential cookies via our cookie banner or browser settings.
- European Union/UK: We use an opt-in model. Non-essential cookies are only set after you provide consent.
10.4 Managing Cookies
You can control cookies through:
- Our cookie banner: Adjust preferences when first visiting
- Browser settings: Block or delete cookies
- Global Privacy Control (GPC): We honor GPC signals as opt-out requests
10.5 Third-Party Cookies
Our site may include cookies from third-party services:
- Google Analytics (analytics)
- Stripe (payment processing)
- Intercom (customer support)
These third parties have their own privacy policies governing their use of cookies.
11. Data Security
We implement industry-standard security measures to protect your information:
11.1 Technical Safeguards
- Encryption in transit: TLS 1.3 for all data transmission
- Encryption at rest: AES-256 encryption for stored data
- Access controls: Role-based access with principle of least privilege
- Authentication: Multi-factor authentication for administrative access
- Monitoring: Real-time security monitoring and alerting
11.2 Organizational Safeguards
- Regular security assessments and penetration testing
- Employee security training and background checks
- Incident response procedures
- Vendor security reviews
11.3 Compliance
- SOC 2 Type II aligned practices
- OWASP security guidelines
- Figma and Webflow integration security standards
11.4 Limitations
While we take reasonable precautions, no method of internet transmission or electronic storage is 100% secure. We cannot guarantee absolute security of your data.
12. Children's Privacy
UpBuilder is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a minor, we will take steps to delete it within 30 days. If you believe we have collected information from a child, please contact us immediately.
13. Do Not Track Signals
We honor Do Not Track (DNT) browser signals and Global Privacy Control (GPC) signals. When we detect these signals, we:
- Disable non-essential analytics cookies
- Do not share data with third-party advertisers
- Process the signal as an opt-out of sale/sharing under CCPA
14. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law.
14.1 Notification
- Material changes: We will notify you via email and/or prominent notice on our website at least 30 days before changes take effect
- Non-material changes: Updated policy will be posted with a new "Last Updated" date
14.2 Continued Use
Continued use of the service after changes become effective constitutes acceptance of the revised policy.
15. Contact Us
If you have questions about this Privacy Policy or our privacy practices:
General Inquiries Email: support@upbuilder.ai Address: 20933 Rubles Mill CT, Ashburn, VA 20147 Response time: Within 5 business days
EU-Specific Inquiries EU Representative: eu-representative@upbuilder.ai
This Privacy Policy is designed to help you understand how we handle your information. We are committed to protecting your privacy and being transparent about our data practices.