/* global React, PoofPart1 */
const { Reveal } = window.PoofPart1;
const { useState: useLgState, useEffect: useLgEffect } = React;
/* ============= LEGAL HUB — Privacy / Cookie / Concerns / Terms ============= */
const LEGAL_TABS = [
{ id: "privacy", label: "Privacy Policy", updated: "April 12, 2026" },
{ id: "cookie", label: "Cookie Policy", updated: "April 12, 2026" },
{ id: "concerns", label: "Security Concerns", updated: "May 18, 2026" },
{ id: "terms", label: "Terms of Service", updated: "April 12, 2026" },
];
const PLAIN_ENGLISH = {
privacy: "We collect your email, your billing info, and the things you type into the builder. We don't sell anything to anyone. We use the data to run our service. You can export or delete everything in two clicks.",
cookie: "We use cookies to keep you signed in and remember what you were working on. We don't use cookies for advertising. You can decline non-essential cookies and the site still works.",
concerns: "Found a bug or a security issue? Email security@appsbuiltwithai.com. We respond within 24 hours, fix critical issues within 72, and pay $500–$10,000 for verified vulnerabilities.",
terms: "Be reasonable. Don't spam. Don't try to break in. We can change pricing with 30 days notice. If we mess up, our liability is capped at what you've paid us in the last 12 months. Either of us can cancel anytime.",
};
function LegalPage() {
const [tab, setTab] = useLgState(() => {
if (typeof window !== "undefined") {
const h = window.location.hash.replace("#", "");
if (LEGAL_TABS.some(t => t.id === h)) return h;
}
return "privacy";
});
useLgEffect(() => {
if (typeof window === "undefined") return;
if (window.location.hash !== "#" + tab) history.replaceState(null, "", "#" + tab);
window.scrollTo({ top: 0, behavior: "instant" });
}, [tab]);
const meta = LEGAL_TABS.find(t => t.id === tab);
return (
<>
Legal
The fine print, in big print.
Lawyers wrote some of this. We tried to make it human. There's
a plain-English summary at the top of every section — that's
the truth, the rest is just longer.
Account data — your email address and, optionally, your name.
Billing data — handled by Stripe. We see the last four digits of your card and your billing country. We never see the full number.
Builder content — the prompts you type, the apps you generate, and any files you upload. Encrypted at rest, isolated per workspace.
2. What we don't collect
We do not collect device fingerprints, third-party browsing history, or any data from outside our own product. We do not run advertising trackers. We do not sell, license, or share your data with data brokers — not now, not ever.
3. Will we train AI models on your data?
No. Your prompts and app content are not used to train any model — ours, our vendors', or anyone else's. This is a contractual commitment from our model vendors as well.
4. How we use your data
To operate the service (e.g., generating your app, sending magic links).
To bill you (handled by Stripe).
To send you product updates you can unsubscribe from in one click.
To investigate abuse or legal violations.
5. Who we share data with
We share data only with vendors who help us run the service: Stripe (payments), Postmark (transactional email), AWS (hosting), and Anthropic & OpenAI (AI inference). All bound by data processing agreements that match our own commitments. Full list available on request.
6. Your rights
You can export everything we have on you at any time from Settings → Privacy. You can delete your account, which permanently erases all data within 30 days. EU/UK residents have additional GDPR rights — email dpo@ to exercise them.
A small file your browser stores. We use them sparingly. Here's exactly which ones we set and why.
2. Essential cookies
These run the site. You can't turn them off without breaking sign-in.
abwa_session — keeps you signed in. Expires after 30 days of inactivity.
abwa_csrf — protects forms from cross-site attacks. Expires when you close the tab.
abwa_workspace — remembers which workspace you were last in.
3. Product analytics
We use a first-party analytics tool (self-hosted Plausible) to understand which features get used. It does not set tracking cookies and does not identify you personally. You can opt out in Settings → Privacy.
4. What we don't do
We do not run Google Analytics, Facebook Pixel, TikTok Pixel, or any advertising tracker. We do not load fonts or assets from networks that would let third parties profile you. This page has zero third-party cookies.
5. Managing cookies
Your browser lets you block any of these from the address bar. Blocking the essential ones will break sign-in. Blocking the analytics one is fine — we still get aggregated counts.
);
}
function ConcernsBody() {
return (
<>
1. How to report
Email security@appsbuiltwithai.com. Include reproduction steps and an estimate of impact. PGP key available on request.
2. Our response commitment
Acknowledgement — within 24 hours of your report.
Triage — initial severity assessment within 72 hours.
Fix — critical issues remediated within 7 days; lower severity within 30.
Disclosure — we coordinate public disclosure with you. Default 90-day embargo.
3. Bug bounty
Rewards scale with impact:
Critical (RCE, account takeover, data exfiltration): $5,000–$10,000
High (privilege escalation, stored XSS in a critical surface): $1,500–$5,000
Medium (reflected XSS, CSRF, IDOR with limited impact): $500–$1,500
Low / informational: hall of thanks + swag
4. Out of scope
Reports from automated scanners with no exploit path
Self-XSS, clickjacking on non-sensitive pages
Findings on third-party services we use (report to them directly)
Anything requiring physical access or social engineering of our staff
5. Safe harbor
If you act in good faith — no data exfiltration, no service degradation, no testing on accounts you don't own — we will not pursue legal action and we will not let our partners pursue action either.
);
}
function TermsBody() {
return (
<>
1. The agreement
By using AppsBuiltWithAI you agree to these terms. They're a contract. We can update them with 30 days notice for material changes, in which case you can cancel before they take effect.
2. What you can't do
Build apps that violate laws (spam, fraud, illegal goods, etc.).
Build apps that abuse, harass, or endanger people.
Resell raw AI access — the product is for building apps, not reselling tokens.
Try to circumvent rate limits, plan limits, or our security measures.
3. Who owns what
You own the apps you build, including the source code if you export it. We own AppsBuiltWithAI itself — the builder, the runtime, the brand. We grant you a license to use it as long as you have a paid (or free) account in good standing.
4. Payments & refunds
Subscriptions renew automatically until you cancel. Cancellation takes effect immediately — you retain access until the end of the paid period. We refund within 14 days of the most recent charge if you haven't used the service materially in that window.
5. Liability
To the maximum extent allowed by law, our total liability to you is capped at the amount you've paid us in the 12 months preceding the claim. We provide the service "as is." We will not be liable for indirect, incidental, or consequential damages.
6. Termination
You can cancel any time from Settings → Plan. We can suspend or terminate accounts that violate these terms, with notice except in cases of severe abuse. On termination we'll keep your data available for 90 days so you can export it.
7. Governing law
These terms are governed by California law. Disputes go to binding arbitration in San Francisco, except small-claims-eligible matters.