BuiltBetter (“BuiltBetter,” “we,” “us,” or “our”) provides a cloud-based construction management platform that helps residential and light commercial contractors run their businesses. This Privacy Policy describes how we collect, use, share, and protect information when you visit builtbetter.ai, use our application at app.builtbetter.ai, or access any tenant workspace at {slug}.builtbetter.ai(collectively, the “Services”).
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.
1. Information We Collect
1.1 Information you provide
- Account and company information. Name, email address, phone number, job title, company name, workspace subdomain, physical address, and role (admin, foreman, worker, subcontractor, client).
- Authentication credentials. Login credentials and identity verification data handled by our authentication provider, Clerk.
- Construction project data. Project names, addresses, plans (PDF/image uploads), takeoffs, estimates, bids, contracts, schedules, task lists, change orders, inspection reports, punch lists, daily logs, notes, and comments.
- Workforce and HR data. Worker profiles, certifications, trades, availability, time-off requests, assignments, pay rates, and performance notes.
- Photos and files. Jobsite photos, videos, plan sets, specifications, permits, insurance certificates, invoices, and any other files you or your team upload.
- Client and lead data. Names, emails, phone numbers, addresses, and correspondence with your customers and prospects.
- Financial data. Invoices, payment records, budgets, cost codes, and accounting data synced from integrations such as QuickBooks.
- Communications. Messages you send via in-platform chat, email, SMS, support tickets, and feedback forms.
1.2 Information collected automatically
- Usage data. Pages viewed, features used, clicks, navigation paths, referring URLs, and session duration.
- Device and log data. IP address, browser type and version, operating system, device identifiers, timestamps, and error logs.
- Location data. Approximate location derived from IP address. Precise location is only collected from mobile devices when a worker has explicitly granted permission for GPS-based time tracking or jobsite check-in.
- Cookies and similar technologies. See Section 7 below.
1.3 Information from third parties
- Integrations. When you connect QuickBooks or another accounting, scheduling, or document-signing tool, we receive data from that provider as authorized by you.
- Authentication providers. If you sign in using Google, Microsoft, or Apple SSO through Clerk, we receive basic profile information from those providers.
- Payment processors. Billing is handled by a PCI-compliant third-party processor. We do not store raw credit card numbers on our servers; we receive tokenized references and transaction metadata.
2. How We Use Information
We use the information we collect to:
- Provide, maintain, secure, and improve the Services;
- Authenticate users and enforce role-based access controls within your organization;
- Process transactions, billing, subscription renewals, and customer support requests;
- Send service notifications, product announcements, and (where you have opted in) marketing communications;
- Power AI-assisted features such as plan takeoff, scope suggestions, schedule generation, and the Sentinel assistant;
- Detect, investigate, and prevent fraud, abuse, and security incidents;
- Comply with legal obligations and enforce our Terms of Service;
- Produce aggregated, de-identified analytics that do not identify any individual or organization.
3. How We Share Information
We do not sell personal information. We share information only in the following circumstances:
3.1 Within your organization
Content you create or upload inside a tenant workspace is visible to other authorized members of that workspace according to role-based permissions set by your account administrator. Administrators can see all data within their workspace.
3.2 Sub-processors and service providers
We use a small number of trusted vendors to operate the platform. Each is bound by contractual confidentiality and security obligations:
- Clerk — user authentication, session management, and SSO.
- Convex — primary application database and serverless backend.
- Vercel — web and API hosting, edge delivery, and build infrastructure.
- Cloudflare R2 — object storage for photos, plan sets, and other uploaded files.
- Resend — transactional and marketing email delivery.
- QuickBooks (Intuit) — accounting data sync, only when you explicitly connect your QuickBooks account.
- Payment processor — a PCI-DSS compliant third-party processor handles all payment card information.
- AI model providers — we may route content you submit to AI features to model providers under zero-retention processing terms.
3.3 Legal and safety
We may disclose information if required to do so by law, subpoena, court order, or other valid legal process, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of BuiltBetter, our customers, or the public.
3.4 Business transfers
If BuiltBetter is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify affected customers before information becomes subject to a different privacy policy.
3.5 With your consent
We may share information for any other purpose disclosed to you at the time of collection or with your separate consent.
4. Data Retention
We retain information for as long as your account is active or as needed to provide the Services. Construction project records, photos, and financial data are retained for the life of the subscription and for a reasonable period afterward to allow for data export and recovery.
After account termination, customer data is retained for up to 90 days in recoverable form, then purged from production systems. Backups roll off on standard retention cycles. Some records (such as billing history and audit logs) may be retained longer as required by law or legitimate business need.
5. Security
We use industry-standard safeguards to protect information, including:
- TLS encryption for all data in transit between your browser or mobile device and our servers;
- Encryption at rest for file storage and database content handled by our hosting providers;
- Role-based access controls, scoped API tokens, and principle of least privilege for BuiltBetter personnel;
- Audit logging of administrative and security-sensitive actions;
- Regular dependency scanning and prompt patching of security vulnerabilities.
No system is perfectly secure. You are responsible for keeping your password confidential and for promptly notifying us at legal@builtbetter.ai if you suspect unauthorized access to your account.
6. Your Rights
Depending on where you live, you may have the following rights with respect to your personal information:
- Access. Request a copy of the personal information we hold about you.
- Correction. Correct inaccurate or incomplete information. Most fields can be edited directly in your account settings.
- Deletion. Request deletion of your personal information, subject to legal retention obligations.
- Portability. Receive a machine-readable export of your data. Workspace administrators can export project, workforce, and financial data from the settings panel.
- Objection and restriction. Object to or restrict certain processing activities.
- Opt-out. Opt out of marketing communications at any time via the unsubscribe link in our emails.
California residents (CCPA/CPRA) and EEA / UK / Switzerland residents (GDPR) have additional rights, including the right to lodge a complaint with a supervisory authority. BuiltBetter acts as a “service provider” (CCPA) and “processor” (GDPR) when handling data on behalf of our customers. To exercise any of these rights, email legal@builtbetter.ai.
8. Children
The Services are intended for business use and are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email legal@builtbetter.ai and we will delete it.
9. International Transfers
BuiltBetter is operated from the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, and processed in the United States and other jurisdictions where our service providers operate.
10. Third-Party Links
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy notices of any third party you interact with.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by a prominent notice in the Services before the changes take effect. Your continued use of the Services after changes become effective constitutes acceptance of the revised policy.
12. Contact Us
Questions, concerns, or requests related to this Privacy Policy can be sent to:
BuiltBetter — Legal
Email: legal@builtbetter.ai