File 09 — Legal

Privacy Policy.

Effective April 22, 2026

Balto. (“Balto,” “we,” “us”) is an AI-assisted content generation service. This policy explains what we collect, how we use it, and the choices you have. If anything here is unclear, email operations@baltobuild.com.

1. What we collect

  • 01Account data. When you sign up we store your email, display name and avatar URL via Supabase Auth. We do not store your password — Supabase hashes it on our behalf.
  • 02Content you create. Personas, feed sources you add, posts you save, and generated outputs you keep are stored in our database so you can access them across devices.
  • 03Billing data. When you subscribe or buy a credit pack we create a Stripe Customer linked to your user ID. Your card details are entered on Stripe’s servers — Balto. never sees or stores them.
  • 04Usage logs. We record generation events (model, token count, credits spent, timestamp) for billing, abuse detection and product improvement. We do not log the body of your prompts or outputs beyond what’s needed to render your history.

2. How we use it

We use the data above to operate Balto. — authenticate you, run generations, bill subscriptions, protect the service from abuse, and improve how it works. We do not sell your data, and we do not use your prompts or outputs to train AI models.

3. Third-party processors

Balto. is built on a few specialist providers. Each one receives only what it needs:

SupabaseAccount auth + primary database
StripeSubscriptions, credit-pack checkout, customer portal
CloudflareRSS ingestion worker + edge routing
AI providersAI infrastructure providers — prompts are sent only when needed to generate your requested output

AI providers may retain prompts briefly for abuse detection per their own policies. Balto. sends your prompts through platform-managed API keys; it does not attach your identity to those requests beyond what each provider requires.

4. Cookies & storage

We use a short-lived session cookie and browser local storage to keep you logged in and remember UI preferences (theme, recent filters). We do not use advertising cookies, cross-site tracking pixels, or fingerprinting.

5. Retention

Account data and content are kept while your account is active. When you delete your account we remove your personas, feed sources, saved posts and generation history within 30 days. Credit-ledger entries and Stripe invoices are kept for seven years where required by financial record-keeping law.

6. Your rights

You can access, export or delete your Balto. data at any time from the Settings page, or by emailing operations@baltobuild.com. If you are in the EU, UK or California, you have additional rights under GDPR/UK GDPR/CCPA which we honour — including the right to object to processing and to lodge a complaint with your local supervisory authority.

7. Minors

Balto. is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up, email us and we will remove the account.

8. Changes

We may update this policy. If the change is material (e.g. new processor, new data category) we will email existing users at least 14 days before it takes effect. The “Effective” date at the top always reflects the current version.

9. Contact

Questions, concerns, data requests: operations@baltobuild.com.

Read the terms of service →Last updated April 22, 2026