Privacy Policy
Last updated: 2026-04-14
1. Who we are
Mithril Builder ("Mithril", "we", "us") is operated by Mithril Labs, a company building tools for crypto market infrastructure. If you have any question about this Privacy Policy, contact us at privacy@mithril.money.
2. What we collect
When you use Mithril Builder, we collect:
- Account data: email address, display name, and an internal user identifier issued by the Mithril portal.
- Project data: the code, files, chat messages, and screenshots you generate inside the builder. This content is stored in our database so you can resume your work later.
- Usage data: prompts sent to the AI agent, generation outcomes, credits consumed, model identifiers, and feedback ratings. We use this to improve the agent and detect abuse.
- Payment data: if you subscribe to a paid plan, our payment processor Stripe stores your billing details. We never see your card number. We only keep a Stripe customer identifier and the plan tier associated with your account.
- Technical data: IP address, user agent, Vercel request logs. Retained for up to 30 days for abuse detection.
3. How we use your data
We use your data strictly to provide and improve the service: authenticate you, run the AI agent, persist your projects, charge your subscription, detect abuse, and provide analytics on aggregate usage. We do not sell your data to third parties. We do not show ads.
4. Third-party subprocessors
We share data with the following subprocessors strictly to run the service:
- Supabase: database and authentication. Hosts your account, projects, chat history, and credit balance. Data is stored in the EU region.
- Vercel: web hosting for the builder frontend and API.
- Fly.io: sandbox execution environment for previewing your generated apps. Sandbox files are ephemeral.
- Cloudflare: DNS and hosting for your published apps.
- Anthropic, Google, Fireworks, OpenRouter: large language model providers that power the AI agent. We send your prompts and relevant file context to these providers to generate responses.
- Stripe: payment processing.
- Resend: transactional email delivery (alerts, receipts).
Each of these providers has its own privacy policy. We only share the minimum data required for each provider to perform its function.
5. AI providers and prompt data
When you send a prompt to the AI agent, we forward it along with any relevant files from your current project to one or more of the LLM providers listed above. These providers may retain your data for a short period for safety and abuse monitoring, according to their own terms. Mithril does not train models on your prompts or files.
6. Your rights (GDPR)
You have the right to:
- Access a copy of your personal data.
- Rectify inaccurate personal data.
- Request deletion of your account and associated data.
- Export your projects in a portable format.
- Object to certain processing.
- Lodge a complaint with your local data protection authority (e.g., the CNIL in France).
To exercise any of these rights, email privacy@mithril.money. We respond within 30 days.
7. Data retention
We retain your account data as long as your account is active. If you delete your account, we delete your projects and chat history within 30 days, except for records we are legally required to keep (billing records for up to 10 years under French tax law).
Generation logs (prompts and outputs used to improve the agent) are retained for up to 12 months then deleted or anonymized.
8. Cookies
We use only essential cookies required for authentication and session management. We do not use tracking cookies or third-party analytics cookies. Some of the subprocessors listed above may set their own essential cookies.
9. Security
We take reasonable measures to protect your data: TLS in transit, encryption at rest for sensitive credentials (exchange API keys), row-level security in the database, and regular security audits. No system is 100% secure, and you are responsible for keeping your account credentials safe.
10. Children
Mithril Builder is not intended for users under 18. We do not knowingly collect data from minors.
11. International transfers
Some of our subprocessors are based outside the European Economic Area (notably Anthropic, Google, Fireworks, OpenRouter, Stripe, Cloudflare, and Fly.io in the United States). We rely on Standard Contractual Clauses and equivalent safeguards for any cross-border transfer.
12. Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or with a prominent banner in the builder. The "Last updated" date at the top of this page always reflects the latest version.
13. Contact
Questions, complaints, or requests: privacy@mithril.money.
