Legal

Privacy Policy

Effective date: April 11, 2026  ·  Last updated: April 11, 2026

Buildtable is a product operated by The ALACE Group, LLC ("we," "us," or "our"), a Maryland limited liability company located at 2405 York Rd Ste 201, Lutherville Timonium, MD 21093. When this policy refers to "Buildtable," it means the platform and services operated by The ALACE Group, LLC.

This Privacy Policy explains how we collect, use, store, and share information about you when you visit our website, join our waitlist, or use the Buildtable platform. Please read it carefully. By using Buildtable, you agree to the practices described here.

If you have questions about this policy or your data, contact us at privacy@buildtable.app.

Contents

  1. Who This Policy Applies To
  2. Information We Collect
  3. How We Use Your Information
  4. Legal Bases for Processing (GDPR)
  5. How We Share Your Information
  6. Third-Party Service Providers
  7. Cookies and Similar Technologies
  8. Data Retention
  9. International Data Transfers
  10. Your Privacy Rights
  11. Children's Privacy and Minimum Age
  12. Email Communications (CAN-SPAM and CASL)
  13. California Privacy Rights (CCPA)
  14. Changes to This Policy
  15. Contact Us

1. Who This Policy Applies To

This policy applies to:

  • Waitlist applicants — individuals who submit their information to join the Buildtable waitlist before gaining platform access.
  • Account holders and team members — individuals who create or are invited to a Buildtable account to use the platform.
  • Visitors — individuals who browse the Buildtable website without creating an account.

Buildtable is a business-to-business (B2B) platform. If you are using Buildtable on behalf of an organization, that organization is responsible for ensuring its own team members are aware of this policy. The organization is also responsible for any end-user data it uploads to the platform — for example, playtest responses submitted by external testers via a public link.

You must be at least 13 years old to use Buildtable. Users in certain jurisdictions may need parental consent between ages 13–15. See Section 11 for details.

2. Information We Collect

2.1 Information You Provide

Waitlist: When you join the Buildtable waitlist, we collect your name, email address, and studio name.

Account registration and use: When you create an account or use the platform, we collect your name and email address, your organization name and associated project data, content you upload or generate within the platform (including bug reports, playtest session data, playtest responses, localization content, and other project materials), and communications you send to us such as support requests.

Payments: We plan to integrate Stripe for payment processing in the future. When that integration becomes active, billing information such as payment card details will be collected and handled directly by Stripe. We will update this policy before that integration goes live. We do not currently collect or store payment information.

2.2 Information Collected Automatically

We do not currently run analytics scripts or tracking pixels. Supabase, our database and authentication provider, may set session cookies necessary for keeping you logged in. See Section 7 for more detail.

In the future, we may collect limited technical identifiers — such as IP addresses or device identifiers — for security and abuse prevention purposes, for example to rate-limit submissions on public-facing forms. We will update this policy if and when we do so.

2.3 Information from Third Parties

We do not currently receive personal information about you from third parties.

3. How We Use Your Information

We use the information we collect to:

  • Operate and deliver the platform — authenticate your account, store your project data, and make Buildtable's features available to you and your team.
  • Manage the waitlist — contact you about your waitlist status and, when appropriate, invite you to create an account.
  • Communicate with you — send transactional emails such as account confirmations, invitations, and platform notifications.
  • Provide support — respond to questions and resolve issues you bring to our attention.
  • Ensure security and prevent abuse — protect the platform and its users from unauthorized access, fraud, and misuse.
  • Comply with legal obligations — fulfill our obligations under applicable law and respond to lawful requests.
  • Improve the platform — understand how the platform is used so we can make it better. We do this using internal data and do not sell or share it for advertising purposes.

We do not use your data to train artificial intelligence models. We do not sell your data or share it with third parties for advertising purposes.

4. Legal Bases for Processing (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we are required to identify a lawful basis for each way we process your personal data.

Processing ActivityLawful Basis
Collecting and storing waitlist submissionsLegitimate interests (to build and launch the product with a qualified audience)
Sending waitlist communicationsLegitimate interests (to follow up on your expressed interest in Buildtable)
Creating and maintaining your accountPerformance of a contract (our Terms of Service)
Storing and processing project data you uploadPerformance of a contract
Sending transactional emailsPerformance of a contract
Retaining billing recordsCompliance with a legal obligation
Security and abuse preventionLegitimate interests

Where we rely on legitimate interests, you have the right to object. See Section 10 for how to do so.

5. How We Share Your Information

We do not sell your personal information. We do not share your personal information with third parties for advertising or marketing purposes.

We share information only in the following limited circumstances:

  • Service providers: We share data with third-party vendors who help us operate the platform, as described in Section 6. These vendors are contractually bound to use your data only to provide their services to us.
  • Your organization: If you are invited to a Buildtable workspace by an organization, that organization's administrators can see your name, email address, and role within the workspace.
  • Legal requirements: We may disclose information if required to do so by law, subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a legal process.
  • Business transfers: If The ALACE Group, LLC is acquired, merges with another company, or transfers substantially all of its assets, your information may be transferred as part of that transaction. We will notify you via email or a notice on our website before your information is transferred and becomes subject to a different privacy policy.

6. Third-Party Service Providers

The following third-party processors handle personal data on our behalf:

Supabase

Supabase provides our database, user authentication, and file storage infrastructure. Your account data and all platform content are stored on Supabase-managed infrastructure hosted on AWS in the us-east-1 region (Northern Virginia, United States). Supabase acts as a data processor on our behalf and is bound by a data processing agreement. For more information, see supabase.com/privacy.

Stripe (future)

We intend to use Stripe to process payments when billing becomes active. Stripe will collect and process payment card information directly; we will not store raw card data. Stripe is PCI-DSS certified. We will update this policy and notify users before Stripe becomes active. For more information, see stripe.com/privacy.

We will update this section as we add or change service providers. We will not add a new processor that handles significant personal data without updating this policy.

7. Cookies and Similar Technologies

Authentication cookies: Supabase sets session cookies that are strictly necessary to keep you logged in to Buildtable. These cookies do not track you across other websites.

No marketing or analytics cookies: We do not currently use cookies for advertising, marketing, or behavioral analytics.

Future use: If we add analytics or other technologies that use cookies, we will update this policy and, where required by law, seek your consent before placing non-essential cookies.

8. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.

Data TypeRetention Period
Waitlist data (name, email, studio name)Deleted within 30 days of your account being created or your removal from the waitlist
Account and profile dataRetained for the life of your account, then deleted within 90 days of a verified account deletion request
Project data (bugs, sessions, responses, etc.)Retained for the life of the associated account, then deleted within 90 days of account deletion
Billing and financial recordsRetained as required by applicable law (typically 7 years for tax and accounting purposes), even after account deletion
Support correspondenceGenerally no longer than 3 years

To request deletion of your account or data, email privacy@buildtable.app.

9. International Data Transfers

Buildtable is operated from the United States. Our infrastructure is hosted in the us-east-1 AWS region (Northern Virginia, United States).

If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States. The United States does not have a blanket adequacy decision from the European Commission.

We rely on appropriate safeguards for such transfers. Supabase's data processing agreement incorporates Standard Contractual Clauses (SCCs) as approved by the European Commission, providing appropriate protection for transfers of EEA personal data to the United States.

If you have questions about our transfer mechanisms, contact us at privacy@buildtable.app.

10. Your Privacy Rights

Rights for All Users

Regardless of where you are located, you may:

  • Access your data — request a copy of the personal information we hold about you.
  • Correct your data — ask us to correct inaccurate or incomplete information.
  • Delete your data — request that we delete your personal information, subject to legal retention obligations.
  • Withdraw consent — where we process data based on your consent, withdraw that consent at any time without affecting the lawfulness of prior processing.

Additional Rights for EEA and UK Residents (GDPR / UK GDPR)

If you are in the EEA or UK, you also have the right to:

  • Restrict processing — ask us to pause processing of your data in certain circumstances.
  • Data portability — receive your personal data in a structured, machine-readable format and transmit it to another controller, where technically feasible.
  • Object to processing — object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds that override your interests, or as needed for legal claims.
  • Lodge a complaint — file a complaint with your local data protection authority. In the EU, you can find your authority at edpb.europa.eu. In the UK, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk.

We do not have a designated Data Protection Officer at this time. Privacy inquiries are handled directly by our team.

How to Exercise Your Rights

Submit requests by email to privacy@buildtable.app. We will respond within 30 days for GDPR/UK GDPR requests and within 45 days for CCPA requests (see Section 13). We may need to verify your identity before processing a request.

11. Children's Privacy and Minimum Age

Buildtable is a developer tool intended for game creators of all ages. You must be at least 13 years old to use Buildtable. We do not knowingly collect personal information from anyone under 13.

If you are under 13, please do not submit any information to us. If we learn that we have collected personal data from a child under 13, we will delete it promptly. To report this, contact us at privacy@buildtable.app.

Users aged 13–15 in certain jurisdictions

Some countries set a higher age for digital consent than 13. If you are between 13 and 15 years old, your country may require a parent or guardian to consent on your behalf before you provide us with personal information:

  • Most EU/EEA countries — the GDPR digital age of consent is 16 in most member states (exceptions: Ireland, Denmark, Sweden, Finland, Latvia, Malta, and Estonia allow 13). If you are under 16 and located in a country that requires it, you should obtain parental consent before signing up.
  • United Kingdom — age of digital consent is 13.
  • United States — COPPA applies only to children under 13. No parental consent is required by federal law for users aged 13 and above.
  • Brazil — LGPD requires parental consent for users under 18 for processing based on consent. Users aged 13–17 in Brazil should obtain parental or guardian consent.

We rely on users to provide accurate age information. If you are a parent or guardian and believe your child under the applicable age threshold has submitted information to Buildtable without your consent, please contact us at privacy@buildtable.app and we will delete that information promptly.

Users aged 13–17 and paid services

Minors (users under 18) may use Buildtable's free tier without restriction. If you are under 18 and wish to purchase a paid plan, you must have the involvement and consent of a parent or legal guardian, as individuals under 18 may have limited ability to enter into binding contracts depending on the laws of their jurisdiction.

12. Email Communications (CAN-SPAM and CASL)

We send the following types of email:

  • Transactional emails — account confirmations, team invitations, password resets, and platform notifications.
  • Waitlist communications — updates about your waitlist status and product availability, sent in response to your expressed interest.

CAN-SPAM (United States): All commercial emails we send will identify The ALACE Group, LLC as the sender, include a valid physical mailing address, and include a clear way to opt out of future commercial messages. Opt-out requests will be honored promptly.

CASL (Canada): Where applicable, we will only send commercial electronic messages to recipients who have provided express or implied consent under CASL, and all such messages will comply with CASL's identification and unsubscribe requirements.

13. California Privacy Rights (CCPA)

This section applies to residents of California and supplements the rest of this policy. The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides California residents with specific rights regarding their personal information.

Do we meet the CCPA threshold? As of the effective date of this policy, The ALACE Group, LLC likely does not meet the revenue or data volume thresholds that trigger mandatory CCPA compliance. We include this section as a good-faith disclosure and to ensure the policy remains durable as the business grows.

Categories of personal information collected:

  • Identifiers (name, email address)
  • Commercial information (future: records of purchases or payment transactions)
  • Professional or employment-related information (studio name, role)
  • Internet or other electronic network activity (future: limited technical identifiers for security purposes)

Do we sell or share personal information? No. We do not sell personal information, and we do not share personal information with third parties for cross-context behavioral advertising.

Your California rights:

  • Right to know what personal information we collect and how it is used
  • Right to delete personal information we have collected from you
  • Right to correct inaccurate personal information
  • Right to opt out of the sale or sharing of personal information (not applicable — we do not sell or share)
  • Right to non-discrimination for exercising your privacy rights

To exercise your rights, contact us at privacy@buildtable.app.

14. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the "Last Updated" date at the top of this page.
  • For material changes — such as new categories of data collected, new third-party processors, or significant changes to how we use your data — we will notify you by email at least 14 days before the changes take effect.
  • For minor or clarifying changes, we will post the updated policy on this page without advance notice.

Your continued use of Buildtable after the effective date of any updated policy constitutes your acceptance of the changes. If you do not agree with a material change, you may request deletion of your account before the change takes effect.

15. Contact Us

For questions, concerns, or to exercise your privacy rights, contact:

The ALACE Group, LLC
Attn: Privacy
2405 York Rd Ste 201
Lutherville Timonium, MD 21093
privacy@buildtable.app

We aim to respond to all privacy inquiries within 5 business days and to fulfill rights requests within the timeframes specified in Section 10.

This Privacy Policy is published by The ALACE Group, LLC, the operator of the Buildtable platform.