Privacy Policy

1. Scope

This Privacy Policy applies to Basable's website, app builder, Exchange, community, APIs, creator billing, generated app services, and related support channels. It does not replace the privacy notices of third-party services, wallets, chains, protocols, or apps operated by other creators.

Generated apps use Basable's managed shared data, storage, AI, and analytics services unless we expressly say otherwise. App data is namespaced by app, but generated apps do not automatically receive a dedicated database, dedicated storage project, or verified private identity system for each end user.

Public blockchain data is public by design. Wallet addresses, transaction hashes, token contracts, trades, and token metadata may be visible to anyone and may be difficult or impossible to delete.

2. Information We Collect

• Account and profile data: wallet address, wallet signature status, profile id, username, display name, bio, avatar, plan, role, and optional contact information if you provide it.
• Builder data: prompts, generated files, app names, descriptions, uploaded attachments, token images, app versions, deploy runs, error logs, model identifiers, and usage metadata.
• Generated app data: app records, uploaded files, storage keys, AI messages sent through Basable APIs, app API usage, events, sessions, user agent, approximate country from hosting headers, and end-user identifiers such as wallet address, username, or app-specific nullifiers when an app sends them to Basable.
• Creator secrets and configuration: server-side external API keys or other creator-provided runtime values, secret names, deployment environment status, and related validation or error metadata.
• Token and Exchange data: token metadata, app proof links, launch transaction hashes, creator wallet, coin address, pool identifiers, trade transaction hashes, trader wallet addresses, side, amounts, price points, chart data, volume and holder estimates, favorites, community posts, comments, likes, and notifications.
• Payment and credit data: Base Pay references, transaction ids, payment status, amount, recipient, sender when available, plan or top-up records, credit charges, usage metering, and provider status responses.
• Technical data: IP-derived hosting headers, device and browser information, request logs, crash or error details, rate-limit signals, security events, and cookie or local-storage preferences.

3. AI and Third-Party Processing

Basable uses AI providers and the v0 API to generate, edit, convert, repair, and deploy apps. When you use AI features, your prompts, attachments, code, app files, and related metadata may be sent to those providers so they can return output and operate their services. Deployed app AI endpoints may also send end-user messages to Basable's configured AI providers.

Creator-provided external API keys are intended to be stored server-side and may be encrypted at rest when encryption is configured. To make a generated app work, Basable may inject those keys into the app's hosting environment. Hosting and infrastructure providers may process those values under their own security controls and policies.

Do not submit private keys, seed phrases, passwords, protected health information, payment card data, or other sensitive secrets to AI features. AI providers and infrastructure providers may process data under their own terms and policies.

4. How We Use Information

• Authenticate wallet sign-ins and maintain secure sessions.
• Generate, store, preview, convert, deploy, and manage apps.
• Provide managed app data, storage, AI, analytics, billing, and platform APIs.
• Operate the Exchange, token pages, price charts, feeds, favorites, and community.
• Record creator credits, usage metering, payments, refunds where required, and tax or accounting records.
• Detect abuse, enforce Terms, investigate security issues, prevent fraud, and comply with law.
• Improve product reliability, debug errors, analyze usage, and provide support.
• Send transactional notices, in-app notifications, safety alerts, and service updates.

5. How We Share Information

• With service providers that help operate Basable, such as hosting, database, storage, AI, deployment, wallet, blockchain, analytics, support, security, RPC, indexing, and payment providers.
• With creators who own an app, including app records, uploads, usage metrics, payments, sessions, events, and end-user data generated by that creator's app.
• Publicly, when information is part of the Exchange, community, public token metadata, public profiles, public app links, or public blockchain transactions.
• With hosting providers when needed to deploy generated apps, including public app configuration, analytics identifiers, and creator-provided server-side runtime secrets.
• With law enforcement, regulators, courts, advisors, or other parties when we believe disclosure is required by law, needed to enforce our Terms, or needed to protect rights, safety, users, or the service.
• In connection with a merger, acquisition, financing, reorganization, asset sale, or similar business transaction.

6. Cookies and Local Storage

Basable uses a small set of cookies and browser storage entries to keep the service working. Essential cookies are required for sign-in, security, wallet flows, billing, and remembering your cookie choice. Local storage may remember interface preferences such as dismissed onboarding prompts.

• basable_session: an HTTP-only session cookie used to keep you signed in. It expires after a short period or when you sign out.
• basable_cookie_consent: stores your cookie banner choice so we do not show it on every visit.
• Third-party services such as wallet providers, Base Account, Vercel, Supabase, AI providers, Flaunch, and block explorers may use their own cookies or storage when their interfaces, SDKs, or pages are opened.

You can clear cookies and local storage in your browser. Clearing essential storage may sign you out or reset preferences.

7. Data Retention

We retain information for as long as needed to provide Basable, maintain app versions and deployments, operate creator apps, support billing and accounting, preserve security records, resolve disputes, enforce our Terms, and comply with law. Creator app records, generated files, uploads, deployments, token metadata, trades, and community content may remain until deleted, archived, or no longer needed.

Deleting an app or account may not immediately remove provider logs, backups, deployment records, public blockchain data, public token or chart records, or data that another creator's app independently collected under that creator's responsibilities.

Onchain records are controlled by public blockchain networks and are not controlled by Basable.

8. Security

We use technical and organizational measures designed to protect Basable, including HTTP-only session cookies, server-side credential checks, row-level access controls, scoped app keys, metering checks, encryption for configured creator secrets, and server-side handling for sensitive provider credentials. Generated app API keys are public by design and app data is protected primarily by app-level namespacing, not by a built-in private end-user account system. No internet service, wallet, smart contract, model provider, or hosting provider can be guaranteed secure.

9. Your Choices and Rights

• You can sign out, disconnect wallets, and clear cookies or local storage.
• You can edit profile fields such as username, display name, bio, and avatar.
• You can delete or archive apps where product controls allow it.
• Depending on your location, you may have rights to access, correct, delete, export, restrict, or object to certain personal information.
• Some information cannot be fully deleted by Basable, including public blockchain records, data retained for legal or security reasons, and content already processed by third-party services under their own policies.

10. International Use

Basable and its providers may process information in the United States and other countries. Data protection laws may differ from those in your jurisdiction.

11. Children

Basable is not directed to children. Do not use Basable if you are not old enough to enter a binding agreement in your jurisdiction, and do not use Basable to collect personal information from children without all required permissions and legal compliance.

12. Changes

We may update this Privacy Policy as Basable changes. Continued use of Basable after an update means the updated policy applies.