Legal

Privacy Policy

LAST UPDATED: MARCH 2026 · BILDR LABS PTY LTD · ACN 696 230 350 · ABN 80 696 230 350

1. Our Commitment

Bildr (operated by Bildr Labs Pty Ltd, ACN 696 230 350, ABN 80 696 230 350) is committed to protecting your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). This policy explains what we collect, why we collect it, and how we use and protect it.

We will never sell your personal data to third parties. Ever.

2. What We Collect

We collect the following personal information when you sign up and use Bildr:

  • Identity data: First name, last name
  • Contact data: Email address
  • Build data: Project details, budget information, trade contacts, inspection records, and documents you upload
  • Usage data: How you interact with the platform (pages visited, features used, session times)
  • Payment data: Processed by our payment provider — we do not store full card details
  • Communications: Emails and messages you send us

Third-party contact details you provide. To manage your build, you may choose to record contact details for trades, subcontractors, and other third parties (e.g. trade name, phone number, email, licence number, insurance details, and quote amounts). This information is stored against your project in features such as trade compliance records, budget quotes, and variation records, and is visible only to you and the automated systems that deliver Bildr. You are responsible for ensuring you have the right to provide any third-party contact information to us, and for notifying those third parties as required under the Privacy Act 1988 (Cth) and APP 5. We do not contact these third parties on your behalf.

3. How We Use Your Information

We use your information to:

  • Deliver and improve the Bildr service
  • Personalise your build management experience
  • Process payments and manage your subscription
  • Send you transactional emails (receipts, onboarding, account status, service notifications)
  • Send marketing emails, if you opted in at signup (you can unsubscribe any time)
  • Comply with legal obligations
  • Investigate fraud or misuse of the platform

Operator access to your data: Human staff do not access your project data, conversations, uploaded documents, or financial information during normal operation. Automated backend systems process your data as required to deliver the service (including AI generation, chat, and file handling). We will only manually access your account data with your explicit written consent (e.g. if you request support), where required by law, or to investigate a credible security incident. Manual access is limited to the minimum data necessary and is performed by authorised personnel only.

4. Who We Share Data With

We share your information only with the service providers required to operate Bildr:

  • Supabase — database and authentication (supabase.com/privacy)
  • Vercel — application hosting (vercel.com/privacy)
  • Stripe — payment processing (stripe.com/privacy)
  • Resend — transactional email (resend.com/privacy)
  • Anthropic — AI processing. Your project details and conversations are processed by Anthropic's models to deliver the service. Per Anthropic's current commercial API terms, API data is not used for model training. (anthropic.com/privacy)
  • Sentry — error monitoring and performance tracking. Sentry receives technical error data (stack traces, request metadata) but not your project content or personal data. (sentry.io/privacy)
  • Vercel Analytics — anonymous website traffic counts (page views, referrers, country-level geography). Cookie-less, consent-gated (only loaded after you accept on the banner), and does not receive any personal or project data. (vercel.com/privacy)
  • Upstash Redis — rate limiting and abuse protection. Receives only opaque identifiers (your user ID UUID and salted email hashes) keyed against request counters. No email addresses, project content, or personal data are stored. Keys expire automatically after the rate-limit window. (upstash.com/privacy)

All providers are based in the United States. We do not sell, rent, or trade your personal information to any other party.

5. Business Acquisition or Merger

In the event that Bildr Labs Pty Ltd is acquired, merges with another entity, or transfers its assets as part of a business sale or restructure, your personal data may be transferred to the acquiring entity as part of that transaction. In such an event:

  • We will use reasonable efforts to notify you via email before your data is transferred
  • We will use reasonable efforts to require the acquiring entity to handle your data in accordance with this Privacy Policy
  • You will have the right to delete your account and data prior to any transfer, where practicable

How notification works. If a sale, merger, or asset transfer becomes reasonably likely, our operations team will (i) prepare a plain-English email describing the transaction, the acquiring entity, and the transfer timeline, (ii) send that email to the address on your account at least fourteen (14) days before the transfer where commercially practicable, and (iii) post the same notice on this page with a revised date. Where a transaction is subject to confidentiality or regulatory restrictions that prevent advance notice, we will notify you as soon as legally permitted. During the notice window you may export your data under "Your Rights" below, delete your account, or contact support@bildr.au with questions. Essential transactional emails (payment receipts, security alerts) will continue as normal during this period.

6. Data Storage & Security

Your data is stored and processed using the following services:

  • Supabase — database and authentication (hosted in the United States)
  • Vercel — application hosting and serverless functions (United States)
  • Anthropic — AI model processing (United States)
  • Stripe — payment processing (United States, PCI-DSS compliant)
  • Resend — transactional email delivery

By using Bildr, you consent to your data being transferred to and processed in the United States by these service providers. Under Australian Privacy Principle 8 (APP 8), we take reasonable steps to ensure that overseas recipients handle your personal information in accordance with the APPs. Each provider listed above is contractually bound to maintain appropriate data protection standards and we have assessed their security and privacy practices before engaging them.

We use industry-standard security measures including encryption at rest and in transit, access controls, role-based permissions, and periodic security reviews. For full details of our backup procedures, disaster recovery capabilities, and infrastructure resilience, see our Data Protection & Disaster Recovery policy. No method of transmission over the internet is 100% secure. We take reasonable precautions but cannot guarantee absolute security.

7. Data Retention

We retain your personal information and project data for as long as your account is active and your subscription is current.

  • Active accounts: All data retained for the duration of your subscription.
  • After cancellation: Your data is retained for 90 days after subscription cancellation, in case you choose to resubscribe. After 90 days, project data is deleted from our active systems. Residual copies in encrypted backups may persist until those backups are rotated in the ordinary course of operations.
  • Account deletion: Upon account deletion request, your data is removed from our active systems within 90 days, except where retention is required by law (e.g., tax records for 7 years under ATO requirements). Residual copies in encrypted backups may persist until backup rotation.
  • Data export: You may request an export of your project data at any time by emailing support@bildr.au. We will provide your data in a standard format within a reasonable period, usually within 7 business days.

Specific retention periods by data type:

  • AI conversations & Walkthrough transcripts: Retained while account is active + 90-day grace period after cancellation
  • Uploaded documents (plans, quotes): Retained while account is active + 90-day grace period. Deleted from active storage after grace period
  • Payment records & invoices: Retained for 7 years after the transaction date (ATO requirement)
  • AI usage logs (token tracking): Retained for 12 months for cost monitoring, then deleted or anonymised
  • Error logs (Sentry): Retained for 90 days per Sentry's default retention policy
  • Onboarding email tracking: Retained while account is active, deleted with account

8. Automated Decision-Making

Bildr uses AI-powered automated processes that produce assessments which may influence your decisions:

  • Quote Checker: Automatically analyses trade quotes and produces a verdict (e.g. “Fair Price”, “Overpriced”) with confidence ratings and benchmark comparisons
  • Budget Generation: Automatically estimates costs for individual line items and flags items as “worst case” where data is uncertain
  • Compliance Tracking: Automatically generates inspection checklists and flags items as legally required or recommended based on your state

These assessments are generated by AI models based on the information you provide and available benchmark data. They are provided as guidance only and should not be relied upon as professional advice. You should always verify AI-generated assessments with qualified professionals before making financial or construction decisions.

No automated decision made by Bildr has binding legal or financial effect. All decisions about your build remain yours.

9. AI Data Processing

When you use Bildr AI features (The Walkthrough, Bildr AI chat, quote checking, budget review), your project details and conversation content are sent to Anthropic's AI models for processing. This includes:

  • Project specifications (build type, size, location, finishes)
  • Budget and cost information
  • Trade quotes and contact details you provide
  • Conversation history within the platform
  • Uploaded documents (architectural plans, engineering reports)

Anthropic processes this data to generate responses. Per Anthropic's current commercial API terms, API data is not used to train AI models. For full details, see Anthropic's Privacy Policy.

Third-party contact data is scrubbed before being sent to Anthropic. Contractor phone numbers, email addresses, contact names, ABNs, licence numbers, and insurance policy specifics that you record against your project (in trade compliance and budget quote records) are removed from AI prompts before they leave our servers. The AI receives only the fields it needs to reason — trade type, licence type, verification status (as booleans), expiry dates, and quote amounts. This protects third-party PII as required under APP 6 and APP 8, while still letting the AI help you plan. Free-form text sent to the AI is also scanned for bare contact strings (AU phone numbers, email addresses, ABN patterns) and redacted as a secondary safety net.

10. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate or incomplete information
  • Request deletion of your account and associated data
  • Opt out of marketing communications at any time
  • Request a copy of your project data in a portable format
  • Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

To exercise any of these rights, contact us at support@bildr.au. We may need to verify your identity before fulfilling access, correction, or deletion requests. We will respond to access and correction requests within 30 days.

11. Cookies & Tracking

Bildr uses the following types of cookies and similar technologies:

  • Essential cookies: Required for authentication (Supabase session cookies), session management, and basic platform functionality. These cannot be disabled without breaking the service.
  • Preference storage: bildr-theme (light/dark mode) and bildr-consent (your analytics consent choice) in browser localStorage. First-party, no personal data.
  • Analytics (consent-gated): Vercel Analytics — anonymous, cookie-less page-view counts. Only loads after you accept on the consent banner. Opt out any time by clearing your bildr-consent key or changing browser site settings for bildr.au.
  • Error replay (consent-gated): Sentry Session Replay. Only activates after consent AND only if a crash or JavaScript error occurs. PII masking enabled by default.

We do not use advertising cookies or share cookie data with advertisers. We do not use third-party tracking pixels.

For a full per-cookie breakdown and the exact steps to revoke consent, see our Cookies Policy.

12. Children's Privacy

Bildr is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from minors.

13. Lawful Basis for Processing

We process your personal information on the following bases:

  • Contract: Processing necessary to deliver the Bildr service you have subscribed to (account management, AI features, payment processing)
  • Consent: Marketing communications (opt-in at signup, unsubscribe any time)
  • Legitimate interest: Platform security, fraud prevention, service improvement, and error monitoring
  • Legal obligation: Tax record retention, law enforcement requests, regulatory compliance

14. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to you, we will:

  • Notify the Office of the Australian Information Commissioner (OAIC) as required under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988
  • Notify affected individuals as soon as practicable, including a description of the breach, the types of information involved, and recommended steps to reduce potential harm
  • Take reasonable steps to contain the breach and mitigate any damage

15. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email. The updated policy will be posted on this page with a revised date.

16. Contact & Complaints

For privacy-related questions or complaints, contact our Privacy Officer at:

support@bildr.au
Bildr Labs Pty Ltd, PO Box 261, Hunters Hill NSW 2110, Australia

If we cannot resolve your complaint, you may contact the OAIC at oaic.gov.au.