LEGAL

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your information.

Effective Date: February 26, 2026

Last Updated: February 26, 2026

This Privacy Policy is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 ("IT Act"), and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules") of India, as well as the General Data Protection Regulation ("GDPR") of the European Union where applicable.

Build Studio is a product of Webority Technologies Private Limited, a company incorporated and registered in India ("Company", "we", "us", or "our"). This Privacy Policy applies to all users of buildstud.io and associated services (collectively, the "Platform").

1. Information We Collect

We collect information in the following categories:

a) Information You Provide Directly

  • Account registration details (name, email address, organization name)
  • Billing and payment information (processed securely via Stripe; we do not store full card details)
  • Mobile application builds (IPA, APK, AAB, and other supported formats) uploaded for analysis or distribution
  • Feedback, support requests, and communications you send to us
  • Newsletter and waitlist subscription details

b) Information Collected Automatically

  • Device information (device type, operating system, browser type and version)
  • Usage data (pages visited, features used, time spent, click patterns)
  • Log data (IP address, access times, referring URLs)
  • Cookies and similar tracking technologies (see Section 9 below)

c) Information from Build Analysis

  • App metadata (bundle identifier, version number, minimum OS version, permissions)
  • Security scan results and vulnerability assessments
  • Performance metrics and size analysis data

2. Legal Basis for Processing

We process your personal data on the following legal grounds:

  • Consent: Where you have given explicit consent for specific processing activities, such as newsletter subscriptions or marketing communications.
  • Contractual Necessity: Processing necessary to perform our contract with you, including providing the Platform services, processing your builds, and managing your account.
  • Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and security.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, maintain, and improve the Platform
  • Process, analyze, and generate reports on your uploaded builds
  • Manage your account, subscriptions, and billing
  • Send you technical notices, security alerts, and support messages
  • Respond to your comments, questions, and customer support requests
  • Send marketing and promotional communications (with your consent, and with the ability to opt out at any time)
  • Monitor and analyze usage patterns and trends to improve user experience
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Comply with legal obligations and enforce our Terms of Service

4. Build Data Privacy

Your builds are your property. We are committed to the following:

  • Builds are stored securely using AES-256 encryption at rest and TLS 1.2+ encryption in transit
  • We never access your builds manually; all analysis is performed through automated processes
  • Shared build links expire automatically after the configured expiry period (default: 7 days)
  • You may delete your builds and associated data at any time through your account dashboard
  • Build analysis results are used solely to provide you with insights and recommendations
  • We do not sell, rent, or share your build data with any third party for their own purposes

5. Data Sharing and Third-Party Services

We may share your information with the following categories of third-party service providers who process data on our behalf:

  • Cloud Infrastructure: Microsoft Azure (data hosting and storage)
  • Payment Processing: Stripe (subscription billing and payment handling)
  • Email Services: For transactional and marketing email delivery
  • Analytics: To understand usage patterns and improve the Platform

All third-party service providers are contractually obligated to protect your data and are prohibited from using it for purposes other than providing services to us. We may also disclose your information if required by law, court order, or government authority, or to protect our rights, property, or safety.

6. Cross-Border Data Transfers

As an India-based company serving users worldwide, your personal data may be transferred to and processed in countries other than your country of residence. Our cloud infrastructure is hosted on Microsoft Azure, which may store data in data centres located outside India. Where such transfers occur, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) for transfers from the European Economic Area, and compliance with the data transfer provisions under the DPDP Act for transfers from India. By using our Platform, you consent to such transfers in accordance with applicable law.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy:

  • Account Data: Retained for the duration of your active account, and for up to 90 days after account deletion to allow for reactivation
  • Build Data: Retained for the duration of your active account, or until you manually delete builds
  • Shared Build Links: Automatically deleted after the configured expiry period (default: 7 days)
  • Transaction and Billing Records: Retained for a minimum of 8 years in accordance with Indian tax and financial regulations
  • Usage Logs and Analytics: Retained for up to 24 months in anonymised or aggregated form
  • Support Communications: Retained for up to 3 years after the last communication

8. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest
  • Secure authentication mechanisms with hashed and salted passwords
  • Role-based access controls limiting employee access to personal data
  • Regular security assessments and vulnerability testing
  • Incident response procedures for data breach management

9. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

  • Essential Cookies: Required for the Platform to function (authentication, session management, security). These cannot be disabled.
  • Analytics Cookies: Help us understand how users interact with the Platform (page views, feature usage, error tracking).
  • Preference Cookies: Remember your settings and preferences (language, display options).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Platform functionality. We do not use advertising or third-party tracking cookies.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Under the DPDP Act, 2023 (India)

  • Right to access information about your personal data being processed
  • Right to correction and erasure of your personal data
  • Right to grievance redressal (see Section 14 below)
  • Right to nominate another person to exercise your rights in case of death or incapacity
  • Right to withdraw consent at any time

Under the GDPR (European Economic Area)

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right not to be subject to automated decision-making

For All Users

  • Access and download your personal data
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Export your data in a machine-readable format
  • Opt out of marketing communications at any time
  • Withdraw consent for data processing (where consent is the legal basis)

To exercise any of these rights, please contact us at contact@webority.com. We will respond to your request within 30 days.

11. Children's Privacy

Our Platform is intended for use by professionals and is not directed at individuals under the age of 18 years. We do not knowingly collect personal data from anyone under 18 years of age. In accordance with the DPDP Act, 2023, processing of personal data of children (under 18 years) requires verifiable consent from a parent or lawful guardian. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such data promptly. If you believe a child has provided us with personal data, please contact us at contact@webority.com.

12. Automated Decision-Making

Our Platform uses automated analysis to scan and assess your uploaded builds for security vulnerabilities, performance issues, and compliance recommendations. These automated processes do not make decisions that produce legal effects or similarly significant effects on you. The analysis results are provided as informational recommendations only. You are free to act on or disregard any recommendation provided by the Platform.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting a notice on the Platform, sending an email to your registered email address, or through other appropriate communication channels. The updated policy will indicate the new "Effective Date" at the top. Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

14. Grievance Officer

In accordance with the DPDP Act, 2023 and the IT Act, 2000, the details of our Grievance Officer are as follows:

  • Name: Grievance Officer, Webority Technologies Private Limited
  • Email: contact@webority.com
  • Response Time: We will acknowledge your grievance within 48 hours and resolve it within 30 days from the date of receipt.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Smarter quality checks. Faster deployments.
Better apps.

Legal
Privacy Policy Terms & Conditions
Company
About Contact
Get in touch

email contact@webority.com

Follow us

Copyright © 2026 BuildStudio. All rights reserved.

Designed and Developed by Webority Technologies