This is a v0 placeholder that accurately describes the current stack. It will be reviewed by legal counsel before general availability.
§ P1
What we collect
When you sign in, we collect your email address and the Firebase Authentication user ID + session tokens that Firebase issues. We do not collect a password — sign-in is handled entirely by Firebase Auth (Google, email link, or similar provider).
When you publish a page, we store the HTML you submitted, plus the metadata you provide or that we derive: slug, title, publish timestamp, and access mode.
When any request hits our edge, Cloudflare logs the source IP and standard HTTP metadata. We use these logs only for rate-limiting and abuse prevention. We do not build user profiles from them.
If you connect MakeItRun as a connector or MCP server in Claude, ChatGPT, or another AI assistant, we additionally record the OAuth client identifier, the publish scope you granted, and the timestamp of your consent. This is required by the OAuth 2.1 protocol and by the connector directories we are registered with.
§ P2
Who processes your data
We use the following sub-processors. Your data may be processed in the United States or the European Union depending on the provider's infrastructure.
- Cloudflare — Workers, KV, R2 object storage, Images, and CDN. All hosted pages and metadata at rest live here.
- Google Firebase Authentication — Handles sign-in and issues the session tokens we trust. Firebase does not receive your page content.
- Automated content-moderation model — At publish time, the HTML you submit is passed to an automated safety-screening model to detect prohibited content (phishing, malware, etc.). The model does not store your content and does not use it for training.
We do not use any other third-party analytics, ad-tech, or tracking pixels on the service itself.
§ P3
How we use it — and what we don't do
We use your data to: authenticate you, serve and version the pages you publish, enforce rate limits and abuse prevention, and send you service emails (account events, terms changes).
We do not sell your data. We do not train AI models on your content. We do not serve advertising. We do not share your content with third parties beyond the sub-processors listed above.
§ P4
Retention & deletion
Your published pages are live for as long as your account is active. If you delete a page, it is removed from the live CDN promptly (within minutes for KV and R2). Backup copies are purged within 30 days.
If you delete your account, all pages and associated metadata are removed on the same schedule: live removal is prompt; backup purge completes within 30 days. To request deletion, email [email protected] with the subject line "Account deletion request."
Firebase Auth session data is governed by Firebase's own retention policy. When you delete your account with us, we also trigger a Firebase account deletion via the Admin SDK, which removes your uid and auth records on Firebase's side.
Cloudflare access logs are retained according to Cloudflare's standard infrastructure log policy (typically 7–30 days for raw request logs).
§ P5
Contact & takedowns
For any privacy question, deletion request, or content takedown notice: [email protected]. We aim to respond within 5 business days.
Note: This privacy policy is a pre-launch placeholder written to accurately describe the current technical stack. It will be reviewed by qualified legal counsel and updated before MakeItRun opens to the general public. If you have concerns about any specific clause, email us — we'd rather fix it now than after launch.
Last updated 2026-06-19 · contact: [email protected]