Last Updated: May 12, 2026
StackBlitz, Inc. (“Bolt,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through this Privacy Policy. This Privacy Policy describes how we collect, use, disclose, and safeguard personal information when you visit our website(s) or use the Bolt application and related services (collectively, the “Services”).
This Privacy Policy applies to personal information collected:
This Privacy Policy governs information about users of Bolt, including website visitors and account holders.
It does not apply to personal data processed by our customers within applications they build or deploy using Bolt, which is governed by applicable customer agreements and data processing addenda (“DPA”), where applicable.
We collect information you provide directly, including:
When you upload or attach files to a project, conversation, or prompt within the App (including files used to “build” or “plan”):
Bolt does not intentionally collect or process special categories of personal data (such as health information, biometric data, precise location data, or government-issued identifiers). Users should not submit sensitive personal information in prompts, code, or uploaded files.
When you visit our website, we automatically collect certain information, including:
We use cookies, web beacons, and similar technologies to collect this information.
We and our service providers use cookies, web beacons, and similar technologies to:
We do not display third-party advertisements on our website. However, we may use web beacons or similar technologies to support retargeting or promotional campaigns on third-party platforms.
You may control cookies through your browser settings and available preference tools.
Bolt provides artificial intelligence–powered features that generate, modify, analyze, or assist with software code and related content (“AI Features”).
To provide these features, we process:
We may use AI Inputs and AI Outputs to operate, maintain, and improve the Services, including improving AI performance, reliability, and safety. Such use shall be on aggregated, anonymized, or de-identified data.
Depending on account type or plan, users may have the ability to limit or opt out of the use of AI Inputs and AI Outputs for model training or improvement, as described in product documentation or account settings.
Bolt relies on third-party AI service providers to deliver certain AI Features. These providers process AI Inputs solely to provide services to Bolt and are subject to contractual confidentiality and data protection obligations.
For individuals located in the European Union or United Kingdom, we process personal data only where we have a valid legal basis under applicable data protection laws. These legal bases include:
Where we rely on legitimate interests, we consider and balance any potential impact on your rights.
We process personal information for the following purposes:
We do not process personal information in a manner that is incompatible with these purposes.
We share information with trusted service providers who perform services on our behalf, including hosting, analytics, billing, customer support, and AI processing. These providers are authorized to process information only as necessary to provide services to Bolt.
We may disclose information if required by law or in connection with a merger, acquisition, or sale of assets.
Bolt is headquartered in the United States, and personal information may be transferred to, processed, and stored in countries outside of your jurisdiction, including the United States.
Where required by law, we rely on appropriate safeguards for such transfers, such as standard contractual clauses approved by relevant authorities or other lawful transfer mechanisms.
Bolt may allow users to publish, deploy, or share applications, codebases, or projects (“Published Projects”).
Security Reminder: Do not include secrets, API keys, passwords, or confidential information in prompts, source code, or publicly shared content.
We retain personal information and user content for as long as necessary to provide the Services, support active accounts, comply with legal obligations, resolve disputes, and enforce our agreements. Active Accounts. Personal information and user content associated with an account are retained while the account remains active.
Voluntary Account Closure. When an account is voluntarily closed, the account and associated data enter an inactive or expired state. We will delete or anonymize such data within a commercially reasonable period following account closure not to exceed thirty days, subject to backup retention, legal obligations, and security requirements.
Account Suspension. If an account is suspended (for example, due to non-payment or other account-related issues), associated data may be retained during a limited grace period to allow for potential account reinstatement. During this period, data may be inaccessible until the account is restored to good standing.
Abuse or Policy Violations. If an account is suspended or terminated due to abuse of the Services or violation of applicable terms or policies, we may permanently disable the account and delete associated data, subject to applicable legal requirements.
Backups and Residual Copies. Residual copies of personal information and user content may persist in backups, logs, or archival systems for a limited period following deletion or account termination. Such data will not be used for active processing except as necessary for security, fraud prevention, or legal compliance.
Users may request deletion of personal information by contacting us. Data deletion requests are handled in accordance with internal access controls and data management procedures. Retention periods are determined based on the nature of the data, the purposes for which it is processed, and applicable legal requirements.
Some browsers transmit “Do-Not-Track” signals. Because there is no industry-standard interpretation, Bolt does not currently respond to DNT signals. However, where required by applicable law, we recognize browser-based Global Privacy Control (GPC) signals as a valid request to opt out of certain data sharing or targeted advertising.
If you are located in the European Union or United Kingdom, you have certain rights under applicable data protection laws, including the right to:
You also have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where you believe a violation has occurred.
You may exercise these rights by contacting us at privacy@stackblitz.com.
To protect privacy and security, we may take steps to verify your identity before fulfilling your request. Requests may be subject to certain exceptions or limitations permitted by applicable law. Authorized agents may submit requests on behalf of individuals where permitted by law, provided we are able to verify the agent’s authority. We will not discriminate against you for exercising your privacy rights.
Residents of certain U.S. states, including California, may have rights under applicable privacy laws, such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). These rights may include the right to know, access, correct, delete, or obtain a copy of personal information we collect, and the right to opt out of certain data uses.
Bolt does not sell personal information as defined under the CCPA. However, we may share limited identifiers or device information with advertising or analytics partners to support marketing or promotional campaigns. Where required by law, users may opt out of such sharing.
Requests may be submitted to privacy@stackblitz.com. Appeals may be submitted by replying to our response or contacting us with “Privacy Appeal” in the subject line.
To protect privacy and security, we may take steps to verify your identity before fulfilling your request. Requests may be subject to certain exceptions or limitations permitted by applicable law.
Authorized agents may submit requests on behalf of individuals where permitted by law, provided we are able to verify the agent’s authority.
We will not discriminate against you for exercising your privacy rights.
For privacy-related inquiries, contact us at privacy@stackblitz.com.
Enterprise customers should note that customer data processing is governed by applicable DPAs rather than solely by this Privacy Policy.
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we do so, we will update the “Last Updated” date at the top of this policy.
If we make material changes, we will provide notice through the Services or by other appropriate means where required by law.
Your continued use of the Services after any update indicates your acceptance of the revised Privacy Policy.