Privacy Policy

Last updated: July 13, 2026

LIMITLESS (also known as Build With Limitless)
Website: https://www.buildwithlimitless.com
Contact: support@buildwithlimitless.com

This Privacy Policy describes how LIMITLESS (“we,” “us,” or “our”) collects, uses, stores, and shares information when you use the LIMITLESS mobile application for iOS and Android (the “App”).

The App is a B2B tool for LIMITLESS clients and business owners to manage website leads, view website performance, and manage account settings. It connects to the same LIMITLESS platform used by our web client dashboard.

If you do not agree with this policy, please do not use the App.


1. Who this policy applies to

This policy applies to business users who create a LIMITLESS account and use the App.

The App also displays lead and contact information about people who enquire through your LIMITLESS-built website or forms (“Leads”). If you are a Lead submitting a form on a client website, that website's data collection is separate from the App itself; your enquiry is stored in our platform so your chosen business can respond to you.

2. Information we collect

2.1 Account and profile information (you provide)

When you sign up or edit your account in the App, we collect:

  • Business name
  • Full name
  • Email address
  • Phone number
  • Password (stored and processed by our authentication provider; we do not store your password in plain text)

You may also update your email address and password in Settings.

2.2 Lead and CRM data (your business data)

The App lets you view, add, edit, and delete leads stored in your account. Lead records may include:

  • First name and last name
  • Email address
  • Phone number
  • Message or notes (for example, form enquiry text)
  • Lead status and source (for example, website or manual)
  • Created and updated timestamps

Leads may be created when someone submits a form on your LIMITLESS website (processed by our backend), or when you manually add a lead in the App.

2.3 Website and project information

We may display:

  • Your live website URL and preview image (set by LIMITLESS when your site is published)
  • Project status updates (for example, planning, building, live)

2.4 Notification preferences

In Settings, you can configure:

  • Whether email notifications are enabled for new leads
  • A custom notification email address (or your account email is used by default)

When enabled, our systems may send you email alerts about new website leads.

2.5 Analytics configuration and website analytics

If Google Analytics 4 (GA4) is connected to your account, we store:

  • GA4 Property ID
  • GA4 Measurement ID (G-XXXXXXXX)

The App displays aggregated website analytics for your marketing site (not mobile app usage tracking), such as:

  • Sessions, users, and new users
  • Traffic channels, countries, devices, and landing pages
  • Real-time active users, countries, and top pages
  • Lead counts and trends from your CRM data

GA4 data is retrieved through our secure server-side integration; the App does not embed Google Analytics tracking SDKs for app usage.

2.6 Information stored on your device

The App stores limited data locally on your phone using device storage (AsyncStorage), including:

  • Your authentication session tokens (to keep you signed in)
  • Inbox preferences such as which notifications you have marked read, archived, or removed from view

This inbox state is stored on your device and is not synced as account profile data.

2.7 Information we do not collect through the App

Based on the current App version, we do not:

  • Collect precise location, photos, camera, microphone, or contacts from your device
  • Use in-app advertising or sell your personal information
  • Run mobile app analytics or crash-reporting SDKs in the App code reviewed for this policy
  • Use cookies in the App (cookies may apply when you use our website in a browser)

The App may open your device's phone, email, or SMS apps when you tap to call, email, or message a lead. Those actions occur in your native apps, not inside LIMITLESS.

2.8 Automatically collected technical information

When you use the App, standard technical data may be processed by our infrastructure providers, such as:

  • IP address
  • Device type and operating system (via normal HTTPS requests)
  • Request timestamps and security logs

This is used for authentication, security, fraud prevention, and service reliability.

3. How we use information

We use information to:

  • Create and manage your account and authenticate you
  • Provide the App's core features (leads, inbox, analytics, settings)
  • Send lead notification emails you have enabled
  • Display website analytics you have connected
  • Show service announcements (for example, maintenance or incident notices)
  • Operate billing and subscription management through our payment provider
  • Maintain security, prevent abuse, and troubleshoot issues
  • Comply with legal obligations

We process lead data on your instructions as part of providing CRM functionality to your business.

4. Legal bases for processing (EEA/UK users)

Where GDPR or UK GDPR applies, we rely on:

PurposeLegal basis
Providing the App and your accountPerformance of a contract
Lead notification emails you enablePerformance of a contract / legitimate interests
Security, fraud prevention, service logsLegitimate interests
Legal and tax record-keeping (e.g. billing)Legal obligation / legitimate interests
Responding to privacy requestsLegal obligation

5. How we share information

We share information only as needed to operate the service:

RecipientPurpose
SupabaseAuthentication, database hosting, row-level security for your account data
StripeSubscription billing and customer portal (opened in your browser from the App)
Google (Analytics Data API)Fetching GA4 website metrics configured for your account
buildwithlimitless.com APISecure server endpoints (for example, analytics and settings) authenticated with your session
Resend (or similar email provider)Sending lead notification emails configured in your account
Expo / EASApp build and distribution infrastructure

We do not sell your personal information.

We may disclose information if required by law, to protect rights and safety, or in connection with a business transfer (for example, merger or acquisition), subject to appropriate safeguards.

6. International data transfers

Our service providers may process data in countries other than your own (including the United States). Where required, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms offered by our providers.

7. Data retention

We retain information for as long as your account is active and as needed to provide the service.

When you delete individual leads in the App, those CRM records are removed from your account's active dataset.

If you request account deletion, see our Account Deletion Policy. After deletion:

  • Account, profile, and CRM data are deleted or anonymised within 30 days, except where retention is required by law
  • Billing and payment records handled by Stripe may be retained for tax, accounting, and dispute resolution as permitted by law
  • Security and audit logs may be retained for a limited period for fraud prevention and legal compliance

8. Security

We use technical and organisational measures appropriate to a B2B SaaS product, including:

  • HTTPS for API communication
  • Supabase authentication and database row-level security (RLS) so users can access only their own data
  • Server-side access controls for analytics integrations

No method of transmission or storage is 100% secure. Please use a strong password and keep your device secure.

9. Your rights and choices

All users

You can:

  • Access and update account details in Settings
  • Change your password in Settings
  • Enable or disable lead email notifications in Settings
  • Delete individual leads in the App
  • Sign out at any time
  • Request account deletion (see Account Deletion Policy)

EEA/UK (GDPR)

You may have the right to access, rectify, erase, restrict, object, and data portability, and to lodge a complaint with your local supervisory authority.

California (CCPA/CPRA)

California residents may have the right to know, delete, and correct personal information, and to opt out of “sale” or “sharing.” We do not sell or share personal information for cross-context behavioural advertising.

To exercise rights, email support@buildwithlimitless.com. We may verify your request.

10. Children's privacy

The App is intended for business users and is not directed to children under 16. We do not knowingly collect personal information from children.

11. Third-party links and browsers

The App may open external pages in your system browser, including:

  • Your live website
  • buildwithlimitless.com (for example, “Partner with us”)
  • Stripe Customer Portal for subscription management

Those services have their own privacy policies.

12. Changes to this policy

We may update this policy from time to time. We will post the updated version at this URL and change the “Last updated” date. Material changes may also be communicated in the App or by email where appropriate.

13. Contact us

LIMITLESS / Build With Limitless
Email: support@buildwithlimitless.com
Website: https://www.buildwithlimitless.com