Privacy Policy

1. Introduction

Blockforger LLC ("we," "our," or "us") operates the JSON Block Builder application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

• Authentication Information: When you authenticate with Google OAuth, Facebook, or other providers, we collect your email address and basic profile information for authentication purposes only
• Usage Data: Information about how you interact with our Service, including API requests, schema configurations, and workspace data
• Technical Data: Browser type, operating system, IP address, and device information

2.2 Data You Provide

We collect information you voluntarily provide, including:

• JSON schemas and configurations
• API endpoint configurations
• Custom block definitions based on these endpoints
• Tenant-specific settings and preferences
• Metadata about your payments and service usage for billing and business analytics

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve our JSON Block Builder service
• Authentication: To verify your identity and manage access to tenant-specific features
• Customization: To personalize your experience and provide tenant-specific configurations
• Analytics: To understand usage patterns and improve our Service
• Support: To provide customer support and respond to your inquiries
• User profile: We also reserve the right to collect volunteered user profile information (including PII) as context to LLM inputs that will facilitate better assumptions (eg: User chooses to save their name and address, we pass this field to the LLM as extra context)

4. Information Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except as described in this policy.

4.2 Limited Sharing

We may share your information in the following limited circumstances:

• Service Providers: With trusted third-party service providers who assist in operating our Service (e.g., cloud hosting, analytics)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets

4.3 Data Sharing with Government Agencies

We are committed to protecting user privacy and only share data with government agencies to the minimum extent legally required. Our data sharing practices are as follows:

• Legal Minimums Only: We share user data with federal, state, or local government agencies only when legally required to do so, such as in response to valid subpoenas, court orders, or other legal processes
• Limited Scope: When legally compelled to share data, we provide only the minimum information necessary to comply with the legal requirement
• User Notification: When permitted by law, we will notify users of government requests for their data
• No Voluntary Sharing: We do not voluntarily share user data with government agencies beyond what is legally required
• Data Minimization: Given that we only collect email addresses for authentication and site data (not other personal information), any data sharing is inherently limited to this minimal dataset

5. Data Storage and Security

5.1 Storage

Your data is stored and transmitted using industry-standard security measures:

• Encrypted data transmission (HTTPS)
• Secure cloud storage on S3 and AWS DynamoDB with access controls
• Regular security updates

5.2 Local Storage

Some information is stored locally in your browser:

• Authentication tokens (encrypted)
• User preferences and settings
• CORS proxy consent status

6. Your Rights and Choices

6.1 Access and Control

You have the right to:

• Access your personal information
• Correct inaccurate data
• Delete your account and associated data
• Opt-out of certain data collection

6.2 Account Management

You can manage your account settings through our Service or by contacting us directly.

7. Cookies and Tracking

We use minimal tracking technologies:

• Essential Cookies: Required for Service functionality
• Local Storage: For user preferences and authentication state
• Session Storage: For temporary data during your session

8. Third-Party Services

Our Service integrates with the following third-party services:

• Google OAuth: For authentication (subject to Google's Privacy Policy)
• Facebook Authentication: For authentication via Firebase (subject to Facebook's Privacy Policy and Data Policy)
• CORS Proxy Services: Optional proxy services for API requests
• Cloud Infrastructure: For hosting and data storage

9. Data Retention

We retain your information for as long as necessary to:

• Provide our Service
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

10. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

11. International Data Transfers

Your information may be transferred to and processed in the United States. We ensure appropriate safeguards are in place for such transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending email notifications for significant changes