Privacy Policy

Last updated: March 2026

1. Who we are

AIchitect (aichitect.dev) is a tool discovery and stack-building platform for AI developers. This policy explains what personal data we collect, why we collect it, and your rights under applicable data protection law including the EU General Data Protection Regulation (GDPR).

For data-related requests, contact us at: privacy@aichitect.dev

2. What we collect

When you sign in with GitHub OAuth, we receive and store:

  • GitHub username
  • GitHub user ID
  • Avatar URL (your GitHub profile picture URL)

When you interact with the product, we store:

  • Tool usage selections — the tools you mark as "I use this", along with a timestamp

We do not collect email addresses, passwords, browsing history, or any data beyond what is listed above.

3. Why we collect it

  • Authentication — to identify you across sessions via GitHub OAuth
  • Personalisation — to display your tool badge wall at /profile/[username] and surface usage counts on tools

Our lawful basis for processing is legitimate interests (providing the service you signed up for). No data is sold or used for advertising.

4. How long we keep it

Your data is retained for as long as your account exists. Deleting your account permanently removes all stored data — see section 6.

5. Sub-processors

We use the following third-party services to operate AIchitect:

  • Supabase — database and authentication. Your profile and tool usage data is stored in a Supabase-managed PostgreSQL instance. Supabase acts as a data processor under a signed DPA. Supabase Privacy Policy ↗
  • Vercel — application hosting and edge network. All HTTP traffic, including OAuth callbacks, passes through Vercel infrastructure. Vercel Privacy Policy ↗

6. Your rights

Under GDPR you have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — delete your account and all associated data at any time from your profile page
  • Portability — request your data in a machine-readable format
  • Object — object to processing based on legitimate interests

To exercise any of these rights, email privacy@aichitect.dev. We will respond within 30 days.

7. Cookies

We use a single session cookie set by Supabase Auth to keep you signed in. This cookie is strictly necessary for the service to function and does not require consent under GDPR or the ePrivacy Directive.

We do not use analytics cookies, advertising cookies, or tracking pixels.

8. Changes to this policy

If we make material changes we will update the date at the top of this page. Continued use of the service after a change constitutes acceptance.