Last updated: July 1, 2026
This Privacy Policy explains how Senova ("Senova," "we," "us," or "our") collects, uses, shares, and protects personal data when you use the Senova application builder and website at senova-web.fly.dev (the "Service"). It applies to visitors, account holders, and end users whose data flows through the Service. We aim to comply with the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act as amended (CCPA/CPRA).
Senova is the data controller for personal data we process about you as a Senova account holder. Where you use Senova to build applications that collect data from your own end users, you are the controller of that end-user data and Senova acts as your processor. See Section 8.
Legal bases (GDPR): we rely on performance of our contract with you (to provide the Service), our legitimate interests (to secure and improve the Service and prevent abuse), your consent where required, and compliance with legal obligations.
To generate code and other output, the prompts and relevant project context you submit are sent to third-party AI model providers (see Section 6). We instruct these providers to process your content only to return output to Senova and, under our agreements with them, not to use your content to train their foundation models. We do not sell your prompts, and we do not use your private project content to train models offered to other customers.
Depending on availability, your prompts may be processed by any of the AI providers listed in Section 6; we route to our primary provider first and fall back to others only when it is unavailable.
We do not sell your personal data. We share it only with the subprocessors listed below, with authorities where legally required, and in connection with a merger or acquisition (with notice). Each subprocessor is bound by contractual confidentiality and data-protection obligations.
| Provider | Purpose | Data shared |
|---|---|---|
| Anthropic (Claude) | Primary AI generation (planning, code, chat) | Prompts & project context |
| Groq | AI inference fallback | Prompts & project context |
| OpenRouter | AI inference fallback (last resort) | Prompts & project context |
| Sakana AI | AI inference for select build modes | Prompts & project context |
| fal.ai / Pollinations | AI image generation for your pages | Image descriptions derived from your project |
| Unsplash / Pixabay | Stock photo search for generated pages | Search keywords only (no account data) |
| Optional "Sign in with Google"; font delivery | OAuth credential; IP address & browser metadata | |
| Fly.io | Application hosting, databases & deployment | Account & project data at rest |
| Stripe | Payment processing | Billing & contact details |
Links to their privacy notices: Anthropic, Groq, OpenRouter, fal.ai, Google, Fly.io, and Stripe.
Your data is stored on secure infrastructure with encryption in transit (TLS) and access controls. Project data is scoped to your account at the application layer: every record carries your tenant ID, every query filters on it, and each project's app data lives in its own isolated store. Changes to tenant data are recorded in an append-only audit log. We retain your data for as long as your account is active. When you delete your account, your personal data, projects, and associated content are permanently removed within 30 days, except where we must retain limited records to comply with law, resolve disputes, or enforce our agreements. Read more on our Security page.
If the applications you build with Senova collect personal data from your end users, you are the controller of that data and Senova processes it on your behalf under our Terms. You are responsible for providing your end users with an appropriate privacy notice and lawful basis. Senova provides tooling to help you honor data-subject requests.
Depending on where you live, you may have the right to:
To exercise any right, email [email protected]. You also have the right to lodge a complaint with your local data-protection authority.
We use a single essential session cookie (senova_session) required for authentication. We do not use advertising or third-party tracking cookies. For details, see our Cookie Policy.
We and our subprocessors may process data in the United States and other countries. Where personal data is transferred out of the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses.
The Service is not directed to children under 18, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact [email protected] and we will delete it.
We may update this policy from time to time. We will post the updated policy with a new "Last updated" date and, for material changes, notify you by email or in-app notice.
When you or your published apps send email through Senova (for example password resets or app notifications), we process the message content and recipient address to deliver it. Project inboxes receive email addressed to your project; inbound messages are stored with your project data and are subject to this policy.
For privacy questions or to exercise your rights, contact us at [email protected].