Privacy Policy

This Privacy Policy explains how Coal Creek AI, Inc. ("Sunburst", "we", "our", "us") collects, uses, shares, and protects information when you use sunburst.ai or the Sunburst service.

For information you upload or create on Sunburst as part of building or running a site, you remain in control. We process that information on your behalf to provide the service. For account, billing, and usage information about you as a customer of Sunburst, we are the controller, and the practices below describe how we handle that information directly.

Account information. When you create an account, we collect your name, email address, and an authentication credential.

Billing information. When you subscribe to a paid plan, our payment processor collects and stores your payment method on our behalf. We receive a token, the last four digits of the card, and billing metadata, but not the full card number.

Customer Content. We store the text, images, brand assets, and other materials you upload to or create on Sunburst, along with versions of your site as you edit it.

Conversations with the Design Agent. We store the messages you send to and receive from the Design Agent so the agent can keep context across a session and so you can review past changes.

Usage information. We log how the service is used, including pages viewed, features used, requests made, and errors encountered, so we can keep the service running and improve it.

Device and connection information. We log information about the device and connection you use to access Sunburst, including IP address, browser type, operating system, and approximate location derived from IP.

Information from your published sites. If you enable analytics on a site you publish through Sunburst, we collect information about visits to that site, such as page views, referring URLs, and approximate visitor location, in order to show you analytics. We do not use cross-site tracking to identify individual visitors across unrelated sites.

We use information to operate Sunburst and the sites you publish, including hosting, serving traffic, and applying SSL and other infrastructure features. We use information to bill you, including processing renewals and handling refunds where applicable.

We process Customer Content through AI models to generate, refine, and analyze your site in line with what you ask the Design Agent or Editor to do. We use information to send transactional and account-related communications, including service updates, billing notices, and security alerts.

We use aggregated and de-identified usage information to understand how Sunburst is used and improve it, and to detect and prevent fraud, abuse, and security incidents.

We share information with service providers we use to run Sunburst, including cloud infrastructure providers, AI model providers, payment processors, email delivery services, error monitoring services, and analytics providers. These providers process information on our behalf under contracts that require them to protect it.

We may disclose information if required by law, subpoena, or other valid legal process, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Sunburst, our customers, or the public.

If Sunburst is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to the recipient's commitment to protect it consistent with this policy.

We do not sell personal information.

Customer Content you publish on a site is, by design, made available to visitors of that site once you publish.

We retain account and billing information for as long as your account is active and for a limited period afterwards as needed to comply with our legal obligations, resolve disputes, and enforce our agreements.

We retain Customer Content while it is in your account. When you delete content or close your account, we delete the corresponding content from our active systems within a reasonable period, and from backups as those backups age out on their normal cycle.

We retain logs and security records for a shorter period, typically thirty to ninety days, except where a longer period is required for security or legal reasons.

Depending on where you live, you may have rights to access the information we hold about you, correct it, request deletion, request a portable copy, restrict or object to certain processing, or withdraw consent where processing is based on consent.

To exercise these rights, contact us at legal@sunburst.ai. We will respond within the timeframe required by applicable law, typically within thirty days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

If you are in California, the European Economic Area, the United Kingdom, or another jurisdiction with specific privacy laws, additional rights may apply. We will provide further information on request.

We protect information in transit using TLS, and we encrypt sensitive information at rest. Access to Sunburst systems is limited to personnel with a legitimate need, and we apply standard authentication and authorization controls to that access.

No method of transmission over the internet or method of electronic storage is fully secure. We cannot guarantee absolute security, but we work to keep Sunburst safe and we take security incidents seriously.

We and our service providers use cookies and similar technologies on sunburst.ai and the Sunburst service.

Strictly necessary cookies are required for core functions like authentication, session management, and security. The service does not work without them.

Functional cookies remember preferences such as language and interface settings.

Analytics cookies help us understand how Sunburst is used so we can improve it. These are set by us and by analytics providers we work with.

You can control cookies through your browser settings, including blocking or deleting them, although blocking strictly necessary cookies will prevent parts of Sunburst from working. Where required by law, we ask for your consent to non-essential cookies before setting them.

Sites you publish through Sunburst may set their own cookies depending on what features you enable, such as analytics or chat integrations. As the operator of those sites, you are responsible for the cookie practices on them and for any disclosures or consent required by law.

Sunburst is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you are under 13, do not create an account or send us personal information.

If we learn that we have collected personal information from a child under 13 without verifiable parental consent, we will delete that information. If you believe a child under 13 has provided us with personal information, contact us at legal@sunburst.ai.

We may update this Privacy Policy from time to time. When we do, we will post the updated policy on sunburst.ai and update the "Last updated" date at the top of this page. If the changes are material, we will give you reasonable advance notice, for example by email to the address associated with your account.

Questions about this policy or about how we handle your information can be sent to legal@sunburst.ai.