πŸ”’ Privacy

Privacy Policy

How BuildBridge collects, uses, and protects your information.

πŸ“… Effective Date: February 11, 2026

1. Overview

BuildBridge Inc. (β€œwe”, β€œus”, β€œour”) is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you use the BuildBridge platform.

By using BuildBridge, you consent to the data practices described in this policy. If you do not agree, please discontinue use of the Service.

2. Data We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and email address
  • Company name, phone number, and business address
  • Role within your company (Project Manager, Team Member)
  • Profile photo (optional)

2.2 Project Data

Data you enter while using the platform includes:

  • Project details, descriptions, and addresses
  • Estimates, contracts, invoices, and change orders
  • Material selections and product catalog entries
  • Calendar events, tasks, daily logs, and notes
  • Messages and communication history
  • Customer information (name, email, phone, address)
  • Photo uploads and document attachments

2.3 Integration Data

When you connect third-party services, we collect:

  • OAuth tokens β€” access and refresh tokens for QuickBooks Online, encrypted at rest using AES-256-GCM with unique initialization vectors per record
  • QuickBooks Realm ID β€” your QuickBooks company identifier
  • Sync metadata β€” entity mapping data (e.g., which BuildBridge invoice maps to which QBO invoice ID)

Important: We never store your QuickBooks login credentials (username/password). Authentication is handled entirely through Intuit's OAuth 2.0 flow. We only store encrypted tokens required to make API calls on your behalf.

2.4 Automatically Collected Data

  • IP address and browser user agent (for security and audit trails)
  • Device type and operating system
  • Page views, feature usage, and session duration
  • Referral source

3. Information We Do Not Collect

BuildBridge is designed to collect only what is necessary to provide the service. We do not collect:

  • Social Security numbers or government-issued IDs
  • Health, medical, or biometric data
  • Location or GPS data
  • Contacts or address book from your device
  • Photos from your camera roll (only photos you explicitly upload)
  • Browsing history outside of BuildBridge
  • Advertising identifiers
  • Financial data beyond what you enter into estimates and invoices

We do not use your data for advertising, profiling, or any purpose beyond providing the construction management service.

4. How We Use Data

We use your data to:

  • Provide the Service β€” create and manage projects, estimates, invoices, and communications
  • Sync with integrations β€” push and pull data to/from QuickBooks Online and other connected services
  • AI-powered features β€” generate estimates, daily logs, and import products using Google Gemini (prompts are processed server-side and are not used to train AI models)
  • Improve the platform β€” analyze usage patterns to improve features and performance
  • Communications β€” send transactional emails (invoice notifications, signature requests, meeting requests) and occasional product updates
  • Security β€” detect, prevent, and respond to fraud, abuse, and security incidents

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to third parties.

We may share data in the following limited circumstances:

  • With your customers/collaborators β€” project details, estimates, invoices, and messages shared through the platform as part of normal use
  • Third-party integrations β€” only when you explicitly connect a service (e.g., QuickBooks Online), and only the data necessary for the integration to function
  • Service providers β€” trusted vendors who help operate the platform (hosting via Vercel, authentication via Supabase, email delivery), all bound by data processing agreements
  • Legal requirements β€” when required by law, subpoena, or legal process, or to protect rights, safety, or property

6. Third-Party Integrations

6.1 QuickBooks Online (Intuit)

When you connect QuickBooks Online, BuildBridge:

  • Accesses your QBO company via OAuth 2.0 (authorization code flow)
  • Creates and updates Customers, Estimates, Invoices, Items (Products/Services), and Payments in your QBO account
  • Reads account data (Chart of Accounts, existing Items) to enable mapping and auto-creation features
  • Stores encrypted OAuth tokens (AES-256-GCM) with automatic refresh β€” tokens are never stored in plain text

Disconnecting: You can disconnect QuickBooks at any time from Settings β†’ Integrations. Upon disconnection:

  • OAuth tokens are immediately deleted from our database
  • All API access to your QBO company is revoked
  • Sync mapping data is retained for 30 days (in case of reconnection), then permanently deleted
  • Data already synced to QuickBooks remains in your QBO account (you manage it directly through QBO)

6.2 Google AI / Gemini

AI features (estimate generation, daily log creation, product import) send prompts to Google Gemini via server-side API calls. Data is:

  • Sent only when you explicitly trigger an AI feature
  • Processed in real-time and not stored by Google for model training (per Google's API data usage policy)
  • Limited to the specific project context needed to generate a response

6.3 Stripe (Future)

When Stripe integration is enabled, payment card data is collected and processed entirely by Stripe. BuildBridge does not see, transmit, or store cardholder data. Stripe is PCI-DSS Level 1 certified.

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit β€” all data transmitted via HTTPS/TLS
  • Encryption at rest β€” sensitive data (OAuth tokens, signatures) encrypted using AES-256-GCM
  • Row-Level Security (RLS) β€” PostgreSQL RLS policies ensure users can only access data belonging to their company
  • Authentication β€” Supabase Auth with secure session management
  • Rate limiting β€” API endpoints protected against abuse and brute-force attacks
  • Access controls β€” role-based access (Project Manager vs. Customer) enforced at the database level
  • Audit trails β€” signature events capture IP address, timestamp, and user agent for legal compliance

8. Data Retention

  • Active accounts: Data is retained as long as your account is active
  • Deleted accounts: Personal data is deleted within 30 days of account deletion. Project data shared with other users remains accessible to them
  • Integration tokens: Deleted immediately upon disconnecting a service
  • Sync mapping data: Retained 30 days after disconnection, then permanently deleted
  • Backups: May be retained for up to 90 days in encrypted backups, then purged
  • Legal holds: Data may be retained longer if required by law or ongoing legal proceedings

9. Your Rights

You have the right to:

  • Access your personal data and request a copy
  • Correct inaccurate or incomplete data
  • Delete your account and personal data (subject to retention requirements)
  • Export your data in a portable format
  • Withdraw consent for optional data processing
  • Object to data processing based on legitimate interests
  • Disconnect third-party integrations at any time

To exercise these rights, contact contact@buildbridgeapp.com. We will respond within 30 days.

9.1 Account Deletion

You can delete your account at any time from Settings β†’ Account β†’ Delete Account. When you delete your account:

  • All personal data (name, email, profile) is permanently removed within 30 days
  • All OAuth tokens and integration connections are immediately deleted
  • Project data shared with other team members remains accessible to them
  • Data already synced to QuickBooks Online remains in your QBO account (managed by you directly)
  • This action is irreversible

10. GDPR & CCPA

10.1 GDPR (EU/EEA/UK Users)

For users in the European Union, European Economic Area, or United Kingdom, we comply with the General Data Protection Regulation (GDPR). You have the right to:

  • Right to be Forgotten β€” request complete erasure of your personal data
  • Data Portability β€” receive your data in a structured, machine-readable format
  • Withdraw Consent β€” withdraw consent for data processing at any time
  • Lodge a Complaint β€” file a complaint with your local data protection authority

Our legal basis for processing your data includes: contract performance (providing the Service), legitimate interests (improving the platform, security), and consent (optional features like AI and analytics).

10.2 CCPA (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know β€” you may request the categories and specific pieces of personal information we have collected
  • Right to Delete β€” you may request deletion of your personal information, subject to certain exceptions
  • Right to Opt-Out β€” we do not sell personal information, so there is no need to opt out of sale
  • Non-Discrimination β€” we will not discriminate against you for exercising your privacy rights

To make a GDPR or CCPA request, email contact@buildbridgeapp.com with the subject line β€œPrivacy Request.”

11. Children's Privacy

BuildBridge is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 13 (or 16 in certain jurisdictions). If we become aware that we have collected data from a child under the applicable age, we will take steps to delete that information promptly.

If you believe a child has provided us with personal information, please contact us at contact@buildbridgeapp.com.

12. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify affected users via email within 72 hours of discovery
  • Provide details about the nature of the breach, the data affected, and remediation steps
  • Report the breach to relevant regulatory authorities as required by law
  • Take immediate measures to contain and remediate the breach

13. Cookies & Tracking

BuildBridge uses cookies and similar technologies for:

  • Essential cookies β€” authentication, session management, and security (required for the platform to function)
  • Preference cookies β€” UI preferences such as dark/light mode
  • Analytics cookies β€” anonymous usage analytics to improve the Service (can be disabled)

We do not use cookies for third-party advertising or cross-site tracking.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 14 days before taking effect. The β€œEffective Date” at the top of this page will be updated accordingly.

15. Contact Us

For questions or concerns about this Privacy Policy, contact our privacy team:

BuildBridge Inc.
Email: contact@buildbridgeapp.com
Website: buildbridgeapp.com