Privacy Policy

Effective date: May 2, 2026
Last updated: May 2, 2026

1. Who this applies to

This Privacy Policy applies to the BuilderGrid marketing site at buildergrid.io, the BuilderGrid web and mobile applications, and any related services we operate (collectively, the "Services"). It applies to information we collect from visitors, account holders, and people whose information our customers upload into the platform in the ordinary course of running their construction projects (subcontractors, lenders, clients, inspectors, and similar third parties).

BuilderGrid is the controller of personal information collected through the marketing site and through accounts that we provision directly. When a customer uses BuilderGrid to manage their projects, the customer is the controller of the information they upload, and BuilderGrid acts as a processor on their behalf. Our handling of that information is governed by the customer’s agreement with us in addition to this policy.

2. Information we collect

Information you give us

Account information such as name, email address, phone number, company name, role, and authentication identifiers from Microsoft Entra ID or Google when you sign in. Billing information processed through our payment processor. Contact form and support submissions, including the message body and any attachments you choose to send.

Information you upload to the platform

Project data including budgets, transactions, draws, change orders, invoices, lien waivers, schedules, daily logs, photographs, documents, selections, punch lists, and communications with project participants. This may include personal information about your employees, subcontractors, clients, lenders, and other people involved in a project.

Information we collect automatically

Standard server logs (IP address, user agent, request URL, timestamps), session and authentication cookies, and product usage telemetry such as which features you use, how often, and any errors or performance issues encountered. We use a privacy-friendly analytics provider that does not perform cross-site tracking and does not set third-party advertising cookies.

3. How we use information

We use the information described above to:

• Provide, operate, secure, and improve the Services.
• Authenticate users, prevent fraud and abuse, and enforce our Terms of Service.
• Provide customer support, including diagnosing issues by reviewing relevant logs and account data when you contact us or when we are investigating a reported problem.
• Generate aggregated and anonymized analytics about platform usage, performance, and construction industry benchmarks. This data has identifying information removed and cannot reasonably be re-associated with you, your company, or any individual.
• Develop new product features, fix defects, and prioritize the roadmap based on how the platform is actually used.
• Communicate with you about your account, billing, security incidents, product changes, and, where permitted, marketing about BuilderGrid features and offers.
• Comply with legal obligations and respond to lawful requests.

4. Aggregated and anonymized data

We aggregate and anonymize data from across the platform and use it for product development, support quality, internal analytics, benchmarking, and reporting. Examples include median draw cycle times by region, average cost variance by project size, the most commonly used features, and platform reliability metrics. Aggregated and anonymized data is no longer personal information under most privacy laws, and we may retain, use, and disclose it without restriction, including in published reports and marketing materials.

5. Artificial intelligence and machine learning

We do not provide your data, your customers’ data, or any personal information you upload to the platform to any third-party model provider for the purpose of training their foundation models or general-purpose AI systems. Where we use third-party AI services to power product features (for example, document parsing, validation, or classification), the data sent for those features is processed under enterprise terms that prohibit the provider from retaining the data beyond the time necessary to provide the service or using it to train their models.

We may use your data, aggregated platform data, and de-identified data for internal analytics, product research and development, quality assurance, debugging, support operations, security monitoring, fraud and abuse prevention, and to develop, train, evaluate, fine-tune, and improve BuilderGrid’s own product features, including features that incorporate machine learning or other automated decision-making. Any such use is performed in a manner that does not expose your data to other customers and is subject to the access controls and confidentiality safeguards described elsewhere in this policy.

6. How we share information

Service providers

We share information with vendors that help us run the Services, including hosting, email delivery, payment processing, analytics, error monitoring, and customer support tooling. These providers are bound by contract to use the information only to provide services to us.

Project participants

Information you add to a project is visible to other people you give access to that project, such as team members, lenders, contractors, and clients. The visibility model is controlled by you within the platform.

Legal and safety

We may disclose information when we believe in good faith that disclosure is required by law, necessary to protect the rights, property, or safety of BuilderGrid, our users, or others, or in connection with a government or regulatory request.

Business transfers

If BuilderGrid is involved in a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of that transaction, subject to standard confidentiality protections and continued application of this policy or a successor policy of comparable protection.

Sale and licensing of entity-level data

We reserve the right to sell, license, and otherwise commercialize aggregated, anonymized, de-identified, and entity-level data derived from the Services. Entity-level data refers to information about businesses, projects, properties, and markets that is not associated with an identified or identifiable individual, such as company-level project counts, average construction costs by region, draw cycle times, material and labor mix by project type, and similar industry metrics. Examples of products built on this data include benchmarking reports, market intelligence, and data feeds for lenders, insurers, suppliers, and analysts.

We do not sell personal information about individual users, employees, contractors, clients, or other people whose information appears in the platform. To the extent any data product would include information that constitutes personal information under applicable law, we will remove or de-identify that information before sale or license. If our practices ever change in a way that would constitute a "sale" or "sharing" of personal information under the California Consumer Privacy Act, the California Privacy Rights Act, or any equivalent state law, we will update this policy and provide the opt-out mechanism described at Do Not Sell or Share My Personal Information before any such activity begins. That opt-out page is available now so that residents of states with applicable privacy laws can submit a request at any time.

7. Cookies and similar technologies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Services, and measure usage. We do not use third-party advertising cookies and we do not participate in cross-site behavioral advertising networks. You can control cookies through your browser settings, though disabling them may break parts of the Services that depend on session state.

8. Data security

We use industry-standard administrative, technical, and physical safeguards to protect information, including encryption in transit, encryption at rest for sensitive data, access controls, audit logging, and regular backups. No system can be guaranteed secure, and you are responsible for protecting your account credentials.

9. Data retention, export, and deletion

We retain account and project data for as long as your account is active and for a reasonable period after closure to support backups, dispute resolution, legal obligations, and re-activation. You can remove your private and personal data from the platform at any time, either through self-service controls within the application or by contacting us to request deletion. We will honor verified deletion requests within the timeframes required by applicable law.

We do not hold your data hostage. You can request a complete export of your customer data at any time, and we will provide it. We reserve the right to deliver the export in formats that are reasonably convenient for us to produce, such as CSV, JSON, PDF, or compressed archives, provided the format preserves the substance of the data and allows you to import or review it elsewhere. We do not charge for export of customer data in the ordinary course.

Aggregated, anonymized, de-identified, and entity-level data derived from your use of the Services may be retained at our discretion after deletion of your account and used consistent with this policy, including in data products described in Section 6.

10. Your rights

Depending on where you live, you may have rights to access, correct, delete, port, or restrict use of your personal information, and to object to certain processing. You may also have the right to opt out of the sale or sharing of personal information and to limit the use of sensitive personal information. Residents of California, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws have specific rights under those laws, and residents of the European Economic Area, the United Kingdom, and Switzerland have rights under the GDPR and equivalent laws.

To exercise any of these rights, contact us at [email protected]. To submit a request specifically to opt out of any sale or sharing of personal information, you may also use the form at Do Not Sell or Share My Personal Information. We will respond within the timeframes required by applicable law and will not discriminate against you for exercising any of these rights.

11. Children’s privacy

The Services are intended for business use and are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

12. International transfers

BuilderGrid is operated from the United States and information is processed and stored in the United States. If you access the Services from outside the United States, you understand that your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. Where required, we rely on appropriate transfer mechanisms such as the EU Standard Contractual Clauses.

13. Third-party services

The Services may link to or integrate with third-party products such as identity providers, accounting systems, payment processors, document signing services, and cloud storage. Information you share with those services is governed by their own privacy policies and not by this one.

14. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top, and where required by law we will notify you in the application or by email before the changes take effect.

15. Contact us

For privacy questions, requests, or to exercise any of your rights, contact us at [email protected]. For general questions, contact [email protected].

Revision history

• 2026-05-02: Initial publication.