Privacy Policy
What we collect, why we collect it, and how we treat your information across GlassKit UI, Studio, and Stack.
Last update Jul 10, 2026
[01]·Who we are
GlassKit(“we”, “us”, “our”) operates the website at glasskit.app and three products:
- GlassKit UI — a free, open-source component library published on npm. Using the library involves no account and sends us no data.
- GlassKit Studio — an AI app builder (at
glasskit.app/studio) where you sign in, describe apps in natural language, and publish them. This is where we process the most personal data. - GlassKit Stack — a commercial boilerplate delivered as a private GitHub repository to paying customers.
This policy covers all three. For questions or data-rights requests, email support@glasskit.app.
[02]·Information we collect
What we collect depends on how you use GlassKit:
- Everyone (visiting the site): aggregate, anonymized usage data — pages visited, referrer, browser type, country. We use Vercel Analytics and DataFast for this. We do not use third-party advertising cookies or fingerprinting.
- Studio account: when you sign in to Studio (via Clerk), we receive your email address, name, and authentication identity. If you choose to push generated code to your own GitHub, Clerk brokers a GitHub access token for that action; we use it only to create the repository and never store it.
- Studio content: the prompts you write, images and audio you upload or dictate, the code and files generated for you, your project metadata, and your credit balance and activity. See Section 03 for how prompts and uploads are processed by AI providers.
- Payments: when you buy Studio credits or a Stack license, our payment processor Polar (merchant of record) collects your name, email, billing address, and payment details. Polar is a separate data controller for billing; we receive your name, email, and order details, but never your full payment information.
- Direct contact: when you email support or (after purchase) join our customer Discord, we store the contents of that interaction with your email address.
[03]·How AI processing works
Studio generates apps by sending your input to third-party AI models. Specifically:
- Your prompts, any images you attach, and any dictation audio you record are sent to Anthropic and OpenAI through the Vercel AI Gateway to generate code, transcribe speech, and screen prompts against our usage policy.
- When you edit an existing app, the current file and your requested change are sent to Morph (via the same gateway) to merge the edit.
These providers process this data to return a result to you; we do not permit them to use it to train their models. We route all model calls through the gateway so the data path is consistent and logged for reliability, not advertising.
[04]·How we use information
We use the information we collect to:
- Provide Studio: generate, preview, edit, publish, and host your apps
- Operate your account, credit balance, and billing
- Fulfill Stack orders and grant GitHub repository access
- Respond to support requests
- Send transactional emails (receipts, confirmations, repository invitations)
- Send occasional product updates (only with your explicit opt-in; unsubscribe any time)
- Detect abuse and improve the product based on aggregate usage
We do not sell, rent, or trade your personal information to third parties.
[05]·Sub-processors
The third-party services that store or process your information on our behalf:
- Clerk — authentication and account identity
- Convex — our backend and database: prompts, generated code and files, uploaded images and screenshots, project data, and the credit ledger
- Vercel — website hosting, the AI Gateway that routes model calls, first-party analytics, and server logs
- Anthropic and OpenAI — code generation, prompt moderation, and dictation transcription (see Section 03)
- Morph — merging your requested edits into app files
- Pexels — fetching stock photos, using search keywords the model emits
- Cloudflare — hosting your published app bundles and provisioning SSL for custom domains
- Browserbase — rendering your app to capture a thumbnail image
- DataFast — product analytics (aggregate funnel events)
- Polar — payments and billing (merchant of record)
- GitHub (Microsoft) — only when you choose to push your generated code to your own repository
- Discord — the post-purchase customer community, if you accept the invite
[06]·Published apps
When you publish an app, it is served from a public URL on glasskit.studio(or your custom domain). To show you visit counts, each pageview of a published app sends an anonymous ping containing only the app's slug — no cookies, no visitor identity, no personal information about the people who open your app.
[07]·Cookies
We use a small number of strictly necessary cookies for authentication and session management (via Clerk). We do not use third-party advertising or tracking cookies. Our analytics use anonymous identifiers not tied to your personal information.
[08]·Your rights
If you are located in the European Economic Area, the United Kingdom, California, or another jurisdiction with comprehensive privacy laws, you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your information (right to be forgotten)
- Export your information in a portable format
- Object to or restrict certain processing
- Withdraw consent to optional processing at any time
To exercise any of these rights, email support@glasskit.app. We respond within 30 days. You can also delete a Studio project (and its generated files, uploads, and any published app) yourself from the Studio dashboard at any time.
[09]·Children
GlassKit is a developer tool not intended for use by children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.
[10]·Data retention
We retain your Studio account, projects, and generated content for as long as your account is active; delete a project or your account and we remove the associated data. We retain purchase records for seven years for tax and accounting purposes. Support email threads are retained for two years. Server logs are retained for 30 days.
[11]·Security
We use industry-standard security practices: HTTPS everywhere, encrypted secrets in our infrastructure providers, and we never store payment card data on our servers. Polar handles all payment information using PCI-compliant systems.
[12]·Changes to this policy
We may update this policy from time to time. Material changes will be communicated to active users via email at least 14 days before they take effect. The “Last update” date at the top of this page reflects the most recent revision.
[13]·Contact
For questions, complaints, or to exercise your rights under this policy, email support@glasskit.app, or DM @JarJarMadeIt on X.