Cookie policy
This page describes how the Backbuild platform and the Backbuild Trust site use cookies and similar client-side storage mechanisms. Our approach is to minimize cookie usage to what is strictly necessary for the service to function and to give users clear control over any optional cookies.
Trust site
The Backbuild Trust site (trust.backbuild.ai) is a
static, zero-JavaScript site. It does not set any cookies, does not
use local storage, and does not make any requests to third-party
services. No tracking or analytics scripts are loaded.
Backbuild application
The Backbuild application (app.backbuild.ai) uses a
small number of cookies and client-side storage entries that are
classified and described in the table below.
Essential cookies
These cookies are strictly necessary for the application to function. They cannot be disabled. No consent is required for essential cookies under the ePrivacy Directive (Article 5(3)) and GDPR recital 47.
| Name / key | Purpose | Duration |
|---|---|---|
bb_session | Session identifier. Used to maintain the authenticated session between the browser and the API. Contains a cryptographically random token; no personal data. | Session (expires when the browser is closed) or up to the configured session maximum (default 12 hours). |
bb_csrf | CSRF protection token. Used to prevent cross-site request forgery attacks on state-changing requests. | Session. |
bb_consent | Records the user's cookie consent preferences so the banner is not shown again on subsequent visits. | 1 year. |
Optional cookies
Optional cookies are only set if the user has given explicit consent via the cookie consent banner or the cookie settings panel. Users can withdraw consent at any time through the application settings.
| Category | Purpose | Examples | Default |
|---|---|---|---|
| Analytics | Aggregated, privacy-preserving usage analytics to help improve the product. No data is shared with third parties. | First-party analytics events stored in platform telemetry. | Off |
| Marketing | Conversion tracking for ad platforms (Google Ads, Meta, Reddit, Bing). When enabled, hashed and pseudonymised conversion data may be sent to US-based ad platforms for campaign measurement. | Platform-specific conversion pixels and server-side events. | Off |
| Preferences | Remembers non-essential UI preferences such as theme choice or sidebar state. | bb_theme, bb_sidebar | Off |
EEA, UK, and Swiss users
For users located in the European Economic Area, the United Kingdom, or Switzerland, optional cookies and external marketing tracking are disabled by default and will only be activated after the user gives explicit, informed, and freely given consent. Conversion events are still logged internally for first-party analytics regardless of consent status, but no data is transmitted to third-party ad platforms without consent.
Managing your preferences
You can manage your cookie preferences at any time through the Backbuild application's cookie settings panel (accessible from the footer or account settings). You can also clear cookies through your browser settings, which will reset all preferences.
Third-party cookies
Backbuild does not embed third-party iframes or load third-party scripts that set their own cookies. Where conversion tracking is enabled with user consent, data is transmitted server-side (via API calls) rather than through client-side pixels, so no third-party cookies are placed in the user's browser.
Changes to this policy
Changes to this cookie policy are tracked in the changelog. Material changes that affect the categories of cookies used or the purposes of processing will be communicated to users through the application and will prompt a fresh consent decision where required.
Related pages
Contact
Cookie or consent questions: privacy@backbuild.ai