Privacy policy
Last updated: May 8, 2026
This Privacy Policy explains how BuilderMonitor (“we”, “us”) handles personal information when you visit our marketing site, create an account, use the BuilderMonitor platform, or contact us. If you use BuilderMonitor on behalf of an organization, that organization’s administrator may impose additional policies — this document describes our practices as the service provider.
Overview and scope
BuilderMonitor provides a multi-tenant operational platform for construction organizations. This policy applies to visitors, authenticated users, organization administrators, and anyone who submits information through our contact forms or support channels.
- Marketing website content and documentation you browse without signing in.
- Accounts, memberships, and collaboration inside an organization workspace.
- Construction project data your organization chooses to store in the service (including schedules, costs, progress, inspections, photos, and related metadata).
- Billing relationship metadata when you subscribe through our payment provider.
Information we collect
We collect information you provide directly, information generated through your use of the service, and limited technical information needed to operate and secure the platform.
- Account and profile
- Name, email address, password hash, interface language preference, and similar profile fields needed to sign in and collaborate.
- Organization and membership
- Organization name, role, invitations, and membership records that control access to shared workspaces.
- Construction project data (customer data)
- Data your organization enters or imports, such as WBS items, schedule fields, cost and progress values, inspection records, text notes, file attachments, and (where applicable) device-captured location associated with field evidence. This is processed to provide the service your organization requested.
- Mobile and offline activity
- Device-stored offline drafts and sync operations needed to upload inspection or field data when connectivity returns.
- Payment information
- We use Stripe to process payments. We do not receive full payment card numbers. We may store billing identifiers, subscription state, and invoice metadata required for accounting and access control.
- Communications
- Messages you send to us (for example through the public contact form), support conversations, and transactional email delivery metadata (such as message identifiers and delivery status) when we send account or security notifications.
- Technical and security logs
- IP address, user agent, timestamps, diagnostic identifiers, and similar telemetry needed for fraud prevention, troubleshooting, audit trails, and reliability monitoring.
How we use information
- Provide, operate, maintain, and improve the BuilderMonitor service.
- Authenticate users, enforce roles and permissions, and isolate tenant data.
- Process subscriptions, invoices, and payment-related notices through Stripe.
- Provide customer support and respond to inbound requests (including security inquiries).
- Protect the security and integrity of our systems, investigate abuse, and comply with applicable requests where legally required.
- Analyze aggregated or de-identified usage to improve product reliability and usability.
- Meet legal, regulatory, or contractual obligations and enforce our Terms of Service.
Legal bases (plain language)
Depending on context and applicable law, we rely on one or more of the following bases:
- Performance of a contract — operating the service you (or your organization) subscribed to.
- Legitimate interests — securing accounts, preventing fraud, maintaining IT infrastructure, improving reliability, and limited internal analytics that do not outweigh your rights.
- Consent — where we ask for optional processing (for example certain communications or beta programs) and you can withdraw consent at any time.
- Legal obligation — where we must retain or disclose information to comply with law or competent authorities.
Sub-processors
We use carefully selected infrastructure and service providers (“sub-processors”) to host data, deliver email, and process payments. Examples include:
- Hosting / platform
- Cloud infrastructure providers that run our application and databases.
- Email delivery
- Transactional email delivery (for example via Resend) for invitations, verification messages, and operational notices.
- Payments
- Stripe for checkout, billing portals, and subscription management.
- File storage
- Object storage providers used to persist attachments your organization uploads.
We impose contractual safeguards on vendors handling personal information and limit access to what they need to provide the service. You may request an up-to-date list of sub-processor categories by emailing privacy@buildermonitor.com.
International transfers
Your information may be processed in countries where we or our sub-processors operate. Where personal information moves across borders, we implement appropriate safeguards (such as contractual clauses and technical measures) consistent with applicable requirements.
Retention
We retain personal information only as long as necessary for the purposes described in this policy:
- Account and workspace data while your subscription or trial is active and for a short grace period afterward to allow export or reactivation.
- Billing and accounting records for the period required by tax and commercial law.
- Security logs on a rolling basis consistent with operational needs and regulatory expectations.
- After termination, we delete or anonymize customer content within ninety (90) days unless a longer period is required by law or to resolve disputes.
Security
We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (TLS), encryption for stored data where supported by our infrastructure, role-based access controls, tenant isolation (including database policies such as row-level security), audit logging for sensitive operations, least-privilege engineering practices, and incident response procedures.
No online service can guarantee absolute security. Please protect your credentials and report suspected unauthorized access to privacy@buildermonitor.com.
Your privacy rights
Depending on your location and role (individual user vs. organization administrator), you may have rights to access, correct, delete, export, or restrict certain processing of your personal information, and to lodge a complaint with a competent supervisory authority.
To exercise rights relating to your personal account information, email privacy@buildermonitor.com from your registered address or describe the account so we can verify your identity. Requests concerning organization-held project data may require coordination with your workspace administrator because such data is controlled by the customer organization.
You may contact our data protection contact at dpo@buildermonitor.com for privacy inquiries.
Children
BuilderMonitor is not directed to individuals under sixteen (16). We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact privacy@buildermonitor.com and we will take appropriate steps.
Changes to this policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the service or by email (when appropriate) at least thirty (30) days before the effective date. Continued use after the effective date constitutes acceptance of the updated policy, except where applicable law requires explicit consent.
Contact
BuilderMonitor — privacy questions: privacy@buildermonitor.com | Data protection contact: dpo@buildermonitor.com