10 free spots open for UK builders — apply for the BuildHub beta Apply →

Legal

Privacy Policy

Effective date: 1 May 2026 · BuildHub Digital Ltd (Company No. 17187064)

1. Who We Are

BuildHub Digital Ltd ("BuildHub", "we", "us", "our") is registered in England and Wales under Company No. 17187064, with its registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ.

We are the data controller in respect of personal data you provide directly to us when you register for an Account or use the BuildHub platform (getbuildhub.com). Where a Builder uses our platform to manage their clients' data, the Builder is the data controller and BuildHub acts as a data processor.

We are committed to handling your personal data responsibly, transparently, and in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have questions about how we handle your data, contact us at .

2. Personal Data We Collect

We collect personal data in the following ways:

Data you provide directly:

  • Registration information: name, email address, business name, phone number
  • Profile and account settings
  • Content you upload to the Platform: documents, images, messages, project information
  • Payment information (processed by Stripe — we do not store card details ourselves)
  • Communications with our support team

Data generated through your use of the Platform:

  • Usage data: pages visited, features used, actions taken
  • Log data: IP address, browser type, operating system, referring URLs, timestamps
  • Session data: authentication tokens used to keep you signed in

Data about third parties you provide: If you are a Builder using the Platform, you may upload personal data about your clients (Homeowners), team members, and subcontractors. You are responsible as the data controller for ensuring you have a lawful basis to process this data and that any individuals are informed appropriately.

3. How We Use Your Data

We use your personal data to:

  • Create and manage your Account
  • Provide, maintain, and improve the Platform and its features
  • Process payments and manage your Subscription
  • Send transactional communications (account confirmations, password resets, payment receipts)
  • Respond to support requests and enquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with our legal obligations
  • Where you have consented: send marketing communications and product updates

We do not sell your personal data to any third party. We do not use your data or your clients' data to train AI models.

4. Lawful Basis for Processing

We rely on the following lawful bases under UK GDPR:

  • Contract performance: Processing necessary to provide the Platform services to you under our Terms and Conditions.
  • Legitimate interests: Processing necessary for our legitimate business interests, such as fraud prevention, security monitoring, and improving the Platform — balanced against your interests and rights.
  • Legal obligation: Processing necessary to comply with applicable law (including financial record-keeping requirements).
  • Consent: Where you have explicitly opted in to marketing communications. You may withdraw consent at any time.

5. Third-Party Processors

We use a limited number of trusted third-party services to operate the Platform. All processors are contractually bound to handle your data in compliance with UK GDPR.

Processor Purpose Location
Stripe Secure payment processing and subscription management USA (Standard Contractual Clauses)
Replit / Google Cloud Platform Application hosting, database hosting, and object storage USA (Standard Contractual Clauses)
Resend Transactional email delivery USA (Standard Contractual Clauses)
Postmark (Backup) Transactional email delivery (backup) USA (Standard Contractual Clauses)

AI Processing — OpenAI & Anthropic

Some features of BuildHub use large language models (AI) to generate content — for example, drafting client updates from rough notes or answering homeowner questions about a project.

These AI features are powered by APIs provided by OpenAI and/or Anthropic. When you use an AI feature, the relevant input data (your notes, project context, or query) is transmitted to the AI provider's API to generate a response. This data is processed under our data processing agreements with those providers.

We do not use your data or your clients' data to train AI models. Our agreements with AI providers prohibit them from using API inputs to train their models.

AI-generated outputs are for your review only. You are responsible for reviewing and verifying any AI-generated content before relying on or sending it.

6. Cookies

We use a small number of strictly necessary cookies and similar technologies. Full details are set out in our Cookie Policy.

Session / authentication tokens — used to keep you signed in to the Platform. These are essential and cannot be disabled.

Stripe.js — Stripe sets cookies to support secure payment processing and fraud prevention.

We do not currently use any analytical, advertising, or tracking cookies. You can manage your cookie preferences at any time using the Cookie Preferences link in the site footer.

7. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete data.
  • Right to erasure: You may ask us to delete your personal data in certain circumstances.
  • Right to restrict processing: You may ask us to stop processing your data in certain circumstances.
  • Right to data portability: Where processing is based on consent or contract, you may request your data in a machine-readable format.
  • Right to object: You may object to processing based on legitimate interests.
  • Rights related to automated decision-making: You have the right not to be subject to solely automated decisions that produce significant effects.

To exercise any of these rights, contact us at . We will respond within one month of receiving your request.

8. Data Retention

We retain your personal data for as long as your Account is active or as necessary to provide the Platform services. Where you close your Account, we will retain your data for a further period as required by law or for legitimate business purposes (such as resolving disputes or fulfilling our financial record-keeping obligations), and then securely delete or anonymise it.

You may request deletion of your data at any time by contacting . We will respond within one month.

9. International Transfers

Some of our third-party processors are located outside the UK (primarily in the USA). Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or adequacy decisions under UK GDPR.

10. Security

We take security seriously. Our technical and organisational measures include encryption in transit (TLS), encrypted storage, access controls, and regular security monitoring. Further details are set out in our Data Handling & Security page.

Despite our efforts, no system is completely secure. If you become aware of a security vulnerability or incident related to BuildHub, please report it promptly to .

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to you by email or by a prominent notice on the Platform. The effective date at the top of this page will always indicate when the policy was last updated.

Your continued use of the Platform after changes take effect constitutes your acceptance of the revised policy.

12. Contact and Complaints

For any questions about this Privacy Policy or how we handle your personal data, please contact us:

BuildHub Digital Ltd
71–75 Shelton Street, Covent Garden, London, WC2H 9JQ
Email:

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's data protection supervisory authority, at ico.org.uk or by calling 0303 123 1113.

i

Note: This document represents a good-faith draft produced for operational use. It has not been reviewed by a solicitor. For advice specific to your circumstances, please seek independent legal counsel.