Skip to content
Let's Build It Better
← Back

Privacy Policy

Pitch Deck Builder by Build It Better LLC

Effective: April 12, 2026

Overview

Pitch Deck Builder (“the Service”) is operated by Build It Better LLC (“we”, “us”, “our”), a California limited liability company. This policy explains what data we collect, why we collect it, where it goes, and what rights you have over it.

We built this product for founders. We know you're trusting us with sensitive business information. We treat that seriously.

What we collect

Account information

When you create an account, we collect your email address and name. If you sign in via Google or Microsoft, we receive your name and email from your OAuth profile. If you sign in with email and password, we store a hashed version of your password. We never see or store your plaintext password.

Pitch deck content

When you use the Service, you provide business information including company name, founder names, contact information, financial data (revenue, raise amount, projections), market positioning, competitive landscape, team details, and narrative elements (customer stories, founding moments). If you upload an existing pitch deck (.pptx or .pdf), we extract text and structural data from it.

This is the core of what we do. We use this information to generate your pitch deck and nothing else.

Payment information

When you purchase credits, payment is processed entirely by Stripe. We do not see, store, or have access to your credit card number, bank account, or other payment credentials. Stripe provides us with a transaction ID and confirmation of payment. Stripe's privacy policy governs their handling of your payment data: stripe.com/privacy

Usage data

We track credit transactions (purchases, coupon redemptions, generation usage) and API token consumption for billing and cost management. This data is linked to your account.

What we do NOT collect

We do not use analytics or tracking tools (no Google Analytics, no pixel trackers, no fingerprinting). We do not serve ads. We do not set cookies beyond what is required for your login session. We do not collect device information, browsing history, or behavioral data.

How we use your data

We use your data for exactly three purposes:

  1. Generating your pitch deck. Your business information is sent to Anthropic's Claude AI to produce slide content, speaker notes, and diagnostics. This is the core function of the Service.
  2. Managing your account. Your email is used for authentication, transactional emails (password resets, email verification), and purchase receipts.
  3. Operating the Service. Credit balances, transaction history, and API cost tracking allow us to manage billing and maintain the Service.

We do not use your data for marketing, profiling, advertising, or any purpose other than delivering the Service to you.

Where your data goes

Your data is processed by the following third-party services. Each is essential to delivering the Service:

Anthropic (AI processing)

Your pitch deck content (form inputs and uploaded deck text) is sent to Anthropic's Claude API to generate and evaluate deck content. Under Anthropic's Commercial Terms of Service, Anthropic does not train its AI models on customer content submitted through the API. Anthropic processes your data solely to generate the requested output and does not retain it beyond what is necessary to deliver the response. Anthropic's privacy practices are governed by their Commercial Terms of Service and Data Processing Addendum.

Supabase (database and file storage)

Your account data, pitch deck content, generated output, and uploaded files are stored in a Supabase-hosted PostgreSQL database and file storage, which runs on Amazon Web Services (AWS) infrastructure. Data is encrypted at rest and in transit. Row-level security policies ensure that each user can only access their own data.

Stripe (payment processing)

Credit card payments are processed by Stripe. We receive only a transaction confirmation and session ID. We never see or store your payment credentials. See Stripe's privacy policy: stripe.com/privacy

Railway (application hosting)

The Pitch Deck Builder application runs on Railway's hosting infrastructure. Railway processes your requests but does not independently store your data beyond server logs, which are retained for a limited period for operational purposes.

Resend (transactional email)

Email verification and password reset emails are sent via Resend's SMTP service from noreply@letsbuilditbetter.com. Resend processes your email address solely for email delivery.

Google and Microsoft (OAuth authentication)

If you choose to sign in with Google or Microsoft, those services process an authentication token confirming your identity. They are informed that you signed in to our Service. We receive only your name and email address from them.

Data retention

Your account data and pitch deck content are retained for as long as your account is active. You can delete individual decks at any time from the dashboard; this removes the deck record and associated files from our database and storage. If you wish to delete your entire account and all associated data, contact us at the email address below.

Credit transaction records are retained for accounting and audit purposes even after individual decks are deleted.

Cookies

We use only essential cookies required for authentication. Specifically, Supabase Auth sets a session cookie to keep you logged in. We do not use analytics cookies, advertising cookies, or any third-party tracking cookies.

Data security

We implement the following security measures:

  • All data is encrypted in transit (TLS) and at rest (AES-256 via Supabase/AWS)
  • Row-level security policies in the database ensure users can only access their own data
  • API routes enforce authentication and user-scoped queries as defense-in-depth
  • Uploaded file validation by type and size at the API boundary
  • All API keys and secrets are stored as environment variables, never in code
  • OAuth authentication is handled by Supabase Auth with industry-standard flows

No system is perfectly secure. If we become aware of a security breach affecting your data, we will notify you promptly in accordance with applicable law.

Your rights

For all users

You can:

  • Access your data at any time by logging into your account
  • Delete individual decks from the dashboard
  • Request a copy of all data associated with your account
  • Request deletion of your entire account and associated data

Additional rights for EU/EEA users (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object to processing. Our legal basis for processing your data is the performance of our contract with you (delivering the Service you signed up for). You may also lodge a complaint with your local data protection authority.

Additional rights for California users (CCPA)

If you are a California resident, you have the right to know what personal information we collect, to request deletion, and to opt out of the sale of your personal information. We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.

To exercise any of these rights, contact us at the email address below. We will respond within 30 days.

Children's privacy

The Service is not directed at anyone under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will delete it promptly.

International data transfers

Your data may be transferred to and processed in the United States, where our infrastructure providers (Anthropic, AWS/Supabase, Railway, Stripe) operate. For transfers from the EU/EEA, we rely on the standard contractual clauses and the data processing agreements of our sub-processors. Anthropic's Data Processing Addendum includes Standard Contractual Clauses for EU data transfers.

Changes to this policy

If we make material changes to this policy, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

Contact

For privacy-related questions, data requests, or concerns:

Build It Better LLC
Email: alex@letsbuilditbetter.com
Santa Cruz, California, USA