Privacy Policy

Last updated: March 21, 2026

This Privacy Policy describes how Backdraft ("we," "us," or "our") collects, uses, and protects information when you use the Backdraft application, available as a macOS desktop app and as a web app at app.backdraftai.com (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy.

Your code stays on your machine. Backdraft is a local-first application. Your project files and source code are never uploaded to Backdraft servers. AI-assisted editing sends data directly from your machine to your configured LLM provider — Backdraft does not proxy, store, or have access to your AI conversations or code edits.

1. Information We Collect

Account Information

When you create an account for the web app, we collect your name and email address through our authentication provider, WorkOS. This information is used to identify your account and manage your subscription.

License Keys and Billing

If you purchase a license for the desktop app or subscribe to a paid plan, we collect billing information through Stripe, our payment processor. This includes your payment method details, billing address, and transaction history. We do not store your full credit card number on our servers — Stripe handles all payment processing directly.

Usage Data

We collect anonymized usage data to understand how features are used and to improve the application. This includes:

  • Feature usage patterns (which tools and workflows are used)
  • Error reports and crash diagnostics for application quality
  • Application version and platform information

Error reports are anonymized and do not contain your source code, file contents, or personal data. They include stack traces, error messages, and environment metadata to help us diagnose and fix bugs.

AI Chat Conversations

AI chat conversations are stored locally on your machine in the application data directory, organized per-project. These conversations are never sent to Backdraft servers. When you use the AI agent, your prompts and project context are sent directly from your machine to the LLM provider you have configured (such as Ollama, LM Studio, or OpenRouter). Backdraft does not intercept, proxy, or retain any of this communication.

Project Files

Your source code, project files, and all editing activity remain entirely on your local machine. Backdraft does not upload, copy, or transmit your project files to any Backdraft-operated server. All parsing, rendering, and code editing happens client-side.

2. How We Use Information

We use the information we collect for the following purposes:

  • Account management and authentication — To create and maintain your account, verify your identity, and provide access to the Service.
  • License validation and billing — To verify your subscription status, process payments, and manage license activations for the desktop app.
  • Error reporting and diagnostics — To identify and resolve bugs, crashes, and performance issues. Error reports are anonymized and used solely to improve application stability.
  • Product improvement — To understand usage patterns and prioritize features, improvements, and bug fixes.
  • Communication — To send transactional emails related to your account, such as purchase receipts, license information, and critical service updates.

We do not use your information for advertising, profiling, or any purpose unrelated to operating and improving the Service.

3. Third-Party Services

Backdraft integrates with third-party services to provide its functionality. Each service receives only the data necessary for its specific purpose:

Stripe (Payments)

We use Stripe to process payments and manage subscriptions. When you purchase a license or subscribe to a plan, your payment information is handled directly by Stripe. Stripe's privacy policy is available at stripe.com/privacy.

WorkOS (Authentication)

The web app uses WorkOS for user authentication. WorkOS receives your email address and name during sign-up and login. WorkOS's privacy policy is available at workos.com/privacy.

Netlify (Deployment)

If you choose to deploy your project through Backdraft's Netlify integration, your project files are sent to Netlify at your explicit request. This is a user-initiated action — no data is sent to Netlify unless you actively choose to deploy. Netlify's privacy policy is available at netlify.com/privacy.

GitHub (Version Control)

If you choose to connect your GitHub account and push code through Backdraft, your project files are sent to GitHub at your explicit request. This is a user-initiated action. GitHub's privacy policy is available at docs.github.com.

LLM Providers (AI Features)

Backdraft supports multiple LLM providers for its AI editing and generation features:

  • Ollama and LM Studio run entirely on your local machine. No data leaves your computer when using these providers.
  • OpenRouter is a cloud-based service. When you use OpenRouter, your prompts and relevant project context are sent directly from your machine to OpenRouter's servers. Backdraft does not intermediate or store this communication.

You choose and configure your LLM provider. We recommend reviewing the privacy policy of any cloud-based LLM provider you choose to use.

Unsplash (Image Search)

Backdraft's image search feature queries the Unsplash API to find stock photos. Search queries are sent to Unsplash when you use this feature. Unsplash's privacy policy is available at unsplash.com/privacy.

Google Fonts API (Font Browsing)

The Font Library feature queries the Fontsource API and loads fonts from Google Fonts. Font browsing activity is subject to Google's privacy policy, available at policies.google.com/privacy.

4. Data Storage and Security

Desktop App

The desktop app stores all data locally on your machine. This includes project files, AI chat history, application preferences, and cached data. Data is stored in the application data directory and in localStorage. No project data is transmitted to Backdraft servers.

Web App

The web app uses a server-side PostgreSQL database to store account information, license data, and subscription status. Project editing in the web app is performed client-side in the browser. HTTPS encryption is used for all communication between your browser and our servers.

Security Measures

We implement industry-standard security measures to protect your information, including:

  • HTTPS encryption for all server communication
  • Secure authentication through WorkOS
  • PCI-compliant payment processing through Stripe
  • Anonymization of error reports and usage data
  • Regular security reviews of our infrastructure

No Sale of Data

We do not sell, rent, or trade your personal information to third parties. We do not share your data with third parties for their marketing purposes.

5. Your Rights

You have the following rights regarding your personal information:

  • Access — You can request a copy of the personal information we hold about you.
  • Correction — You can request that we correct any inaccurate personal information.
  • Deletion — You can request that we delete your account and associated personal information. Upon deletion, we will remove your account data from our servers. Locally stored data on your machine (desktop app) is under your control and can be deleted by you at any time.
  • Data portability — Your project files are always stored locally in standard formats (HTML, CSS, TypeScript, JavaScript). You can access, copy, and move your files at any time without any export process or vendor lock-in.
  • Opt out of usage data — You can disable anonymized usage data collection in the application settings.

To exercise any of these rights, contact us at privacy@backdraftai.com.

6. Cookies and Local Storage

The web app uses the following client-side storage mechanisms:

  • Session cookies — Used for authentication and maintaining your login session. These are essential for the web app to function and expire when you close your browser or after a set period.
  • localStorage — Used to store application preferences (theme, editor settings), cached data (font lists, model lists), and AI provider configurations. This data stays in your browser and is not sent to our servers.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

7. Children's Privacy

The Service is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information. If you believe we have inadvertently collected information from a child under 13, please contact us at privacy@backdraftai.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through an in-app notification or email.

We encourage you to review this policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

9. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Backdraft
Email: privacy@backdraftai.com
Website: backdraftai.com