Privacy Policy

BuildFlow, registered office . Company number . ICO registration: .

For any questions about this policy or how we handle your data, please contact us at hello@build-flow.io.

We collect the following categories of personal data:

• Account data: name, email address, password hash, role (project manager or contractor), company name.
• Project data: project names, addresses, contract values, bills of quantities, valuations, certifications, variations, retention amounts, payment statuses.
• Contractor data: details of contractors invited to projects, including names, email addresses, and contract terms.
• Communications: messages sent through the AI chat assistant, support emails, and any other content you send us.
• Technical data: IP address, browser type, device type, operating system, server logs, error reports.
• Cookies: see our Cookie Policy.

We rely on the following lawful bases under UK GDPR Article 6:

• Performance of a contract (Art. 6(1)(b)) for providing the BuildFlow service to you and the other parties on your projects.
• Legitimate interests (Art. 6(1)(f)) for security, fraud prevention, abuse prevention, error monitoring, and product improvement. Where we rely on legitimate interests, we have balanced our interests against your rights.
• Consent (Art. 6(1)(a)) for non-essential cookies and any future marketing communications. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c)) where we are required to retain or disclose data by law.

• To create and manage your account and authenticate you.
• To operate the BuildFlow platform and deliver its features.
• To allow project managers and contractors on the same project to collaborate.
• To respond to support requests and communicate service updates.
• To detect, prevent, and respond to fraud or abuse.
• To improve the platform through aggregated, anonymised analytics.
• To comply with our legal obligations.

We use a small number of carefully selected sub-processors to deliver BuildFlow. The current list is published at /sub-processors. We notify users at least 30 days before adding a new sub-processor.

Some of our sub-processors are located outside the UK and the EEA. Where personal data is transferred outside these regions we rely on the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism approved under UK GDPR.

• Account and project data: for the life of your account plus six years after closure, to align with the UK limitation period for contract claims.
• AI chat conversations: 90 days unless required for longer to investigate abuse or comply with a legal obligation.
• Server logs: 30 days.
• Backups: rolling 30 days.

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Have inaccurate data rectified
• Have your data erased (subject to lawful exceptions)
• Restrict processing in certain circumstances
• Object to processing based on legitimate interests
• Receive your data in a portable format
• Withdraw consent for processing based on consent
• Not be subject to a decision based solely on automated processing with legal or significant effects

To exercise any of these rights, please email us at hello@build-flow.io. We will respond within one calendar month. We may ask for additional information to verify your identity before acting on your request.

If you have a complaint about how we handle your data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the UK Information Commissioner's Office at ico.org.uk.

BuildFlow is a business tool not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has provided us with personal data, please contact us so we can delete it.

We may update this Privacy Policy from time to time. The version number and last-updated date at the top of this page will reflect any change. For material changes we will notify you by email or via an in-product banner before the change takes effect.