Sign in

Privacy Policy

Last updated: May 29, 2026

This is the Privacy Policy for Makeble. It explains what we collect from you, why we collect it, how we store it, and the choices you have. We’ve tried to write it in plain English; if anything is unclear, email us at hi@makeble.dev.

1. Who runs Makeble

Makeble is operated by an individual maker based in Israel. For the purposes of GDPR / similar regulations, that individual is the data controller for personal data processed through the Service. You can contact us at the email above for any privacy-related request.

2. What we collect

We collect three kinds of data:

  • Account data — when you sign in with Google we receive your name, email address, and profile picture URL. We do not receive your Google password and have no way to sign in as you. We also assign you an internal user ID.
  • Product data — your projects (file contents, template choices, metadata), chat history with the AI, your token / prompt usage counters, and any feedback you submit through the in-product feedback form.
  • Billing data — if you upgrade to a paid plan, Stripe handles your card details and shares back only what we need to operate the subscription (a customer ID, the subscription status, the next renewal date). We do not see or store full card numbers on our servers.

We also receive standard server logs (IP address, user-agent, request path, response status) for security and debugging. These are retained for up to 90 days.

3. What we don’t collect

We don’t use third-party advertising trackers, behavioral analytics services, or cross-site fingerprinting. We don’t sell or rent your personal data to anyone, ever. We don’t train the AI on your prompts — Anthropic’s API is configured to exclude your data from model training.

4. Why we collect it

Each category has a single purpose:

  • Account data is the minimum we need to recognize you between sessions and associate your projects with you.
  • Product data is what makes the product work for you across visits — without it, you’d lose your projects every time you closed the tab.
  • Billing data exists only because we need to know who has paid and through what date. We use it for nothing else.
  • Server logs let us debug, defend against abuse, and meet our security obligations.

5. Where it lives

We use the following processors to deliver Makeble:

  • Google (sign-in). Google’s privacy policy applies to your Google account itself.
  • Neon (PostgreSQL database) — projects, chat history, account data, usage counters, audit log.
  • Vercel (hosting + preview deployments). Your projects are deployed to Vercel-hosted URLs; the server logs for Makeble’s own routes run on Vercel infrastructure.
  • Anthropic (Claude AI inference). Your chat prompts and any project files sent as context are processed by Anthropic to generate responses. Per Anthropic’s enterprise terms, your prompts are not used for model training.
  • Stripe (payments). Card details and billing history live with Stripe; we only see references.
  • Resend / equivalent email service — used for transactional email (welcome, password-less auth bounce, billing notifications). We don’t use email for marketing.

Data may be stored or processed in regions outside your country. Where required (e.g. for EU users), we rely on Standard Contractual Clauses or equivalent safeguards with our processors.

6. How long we keep it

  • Account and product data are retained as long as your account is active.
  • Deleted account data is removed from our primary database within 30 days of deletion. Backups may retain copies for up to an additional 30 days before they cycle out.
  • Server logs are retained for up to 90 days.
  • Audit log entries related to security or billing events may be retained for up to 24 months.
  • Billing records are retained as long as our tax obligations require (typically 7 years in Israel).

7. Your rights

Regardless of where you live, you can:

  • Access your data — most of it is visible in the product (your projects, your chat history, your profile). For anything else, email us.
  • Export your projects as a ZIP at any time from the editor.
  • Delete your account and all associated data from the user menu. The deletion is permanent within the retention windows above.
  • Correct account details by editing them in your Google account (we sync on each sign-in).

If you’re in the EU, UK, or California, you have additional rights under GDPR / CCPA — including the right to object to or restrict certain processing, and the right to lodge a complaint with a supervisory authority. To exercise any of these, email us. We aim to respond within 30 days.

8. Cookies

We use a small number of strictly-necessary cookies and equivalent local storage entries:

  • Authentication — a session cookie that keeps you signed in. Set by NextAuth, expires after a few weeks of inactivity.
  • Locale preference — a small cookie that remembers whether you prefer English or Hebrew.
  • UI state — local-storage entries that remember things like the width of the chat pane in the editor. These never leave your browser.

We don’t use cookies for advertising or analytics tracking, which is why you don’t see a cookie banner. If we ever add analytics, we’ll update this page first.

9. Security

We take reasonable measures to protect your data — encrypted transport (HTTPS everywhere), encryption at rest in our database and backups, restricted access to production systems, and regular dependency updates. No service can promise absolute security, but we treat your data like our own.

If we become aware of a breach affecting your personal data, we’ll notify you within 72 hours where required by law.

10. Children

Makeble is not directed at children under 13 (or the relevant age of digital consent in your country). If we learn we have collected data from a child below that age without verified parental consent, we’ll delete it.

11. Changes to this Policy

We may update this Policy. When we do, we’ll change the “Last updated” date at the top of this page. If the change is substantial, we’ll also notify active users by email or in-product banner. Continued use of the Service after a change means you accept the new Policy.

12. Contact

Privacy questions, data requests, or anything else: hi@makeble.dev.