← Home

Privacy Policy

Effective date: April 5, 2026 | Last updated: April 5, 2026

1. Introduction

BuildChart ("we," "our," or "the Service") is a construction project management platform that provides Gantt chart visualization, task management, team collaboration, and project tracking tools. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our Service.

By creating an account or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

2. What We Collect

2.1 Account Information

When you create an account, we collect your email address and an encrypted password. You may optionally provide a display name, company name, and phone number through your account settings.

2.2 Project and Task Data

We store the project data you create, including: project names, descriptions, start and end dates, task names, task descriptions, assigned team member names, task statuses, completion percentages, notes, dependencies between tasks, and activity history. This data is created and controlled entirely by you.

2.3 File Attachments

Files you upload to projects are stored in Cloudflare R2 object storage. Files are encrypted at rest and in transit.

2.4 Usage Data

We collect anonymized usage data including page views and feature usage patterns. This data is aggregated and cannot be used to identify individual users. We do not use analytics tracking scripts, advertising pixels, or fingerprinting technologies.

2.5 Payment Information

Payments are processed by Stripe. We never store credit card numbers, CVVs, or other sensitive payment details on our servers. We only receive confirmation of your subscription status and plan tier from Stripe.

2.6 Automatically Collected Information

We automatically collect: IP addresses (for rate limiting and security), browser type and version (via standard HTTP headers), and timestamps of requests.

3. How We Use Your Data

  • Provide the BuildChart service: Display your projects, tasks, and Gantt charts; enable team collaboration and notifications
  • Transactional emails: Send invite emails, notification emails for task updates, approval requests, and completion alerts via Resend
  • Payment processing: Manage subscriptions and billing through Stripe
  • Anonymized analytics for AI improvement: Aggregated, anonymized usage data may be used to improve scheduling accuracy and develop AI-powered features. You can opt out at any time in Account Settings → Data & Privacy.
  • Security: Rate limiting on authentication endpoints to prevent brute force attacks; session management with 8-hour timeout

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not serve advertisements.

4. Third Parties Who Touch Your Data

We use the following third-party services to operate the platform. None of these parties sell your data.

  • Supabase — Database hosting, authentication, and real-time subscriptions. supabase.com
  • Vercel — Application hosting and content delivery. vercel.com
  • Cloudflare — File storage (R2) and security. cloudflare.com
  • Resend — Email delivery for invites, notifications, and transactional emails. resend.com
  • Stripe — Payment processing for subscriptions. stripe.com

5. AI and Machine Learning

BuildChart collects anonymized, aggregated project data to potentially train AI features in the future. This data is stripped of all identifying information before aggregation.

  • No project names, client names, addresses, or personally identifiable information is ever used in AI training
  • Third-party AI APIs we use (such as Google Gemini, Anthropic Claude, or OpenAI) do not train on your data — all major AI API providers contractually prohibit using API data for model training
  • Only the minimum necessary data is sent to third-party AI services to complete requested operations
  • You can opt out of contributing to anonymized analytics at any time in Account Settings → Data & Privacy

When you connect your own AI agent to BuildChart via our API (Business plan), that agent's use of your data is governed by your agreement with your AI provider. BuildChart is not responsible for how third-party AI services process data transmitted by user-configured agents.

6. Data Storage and Security

Your data is stored using the following infrastructure:

  • Supabase — Your project data and account information are stored in a PostgreSQL database with encryption at rest (AES-256) and in transit (TLS 1.2+). Database access is protected by Row Level Security (RLS) policies that ensure users can only access their own data and data from projects they are members of.
  • Cloudflare R2 — File attachments are stored in Cloudflare R2 with encryption at rest.
  • Vercel — The web application is deployed on Vercel's edge network. Vercel does not store your project data.

Passwords are never stored in plain text. They are hashed using bcrypt before storage. Authentication sessions use secure, HTTP-only cookies with strict same-site policies and an 8-hour inactivity timeout.

7. Cookies

We use only essential cookies required for the Service to function:

  • Authentication session cookie: Maintains your login state. Expires after 8 hours of inactivity or when you log out. This is a secure, HTTP-only cookie that cannot be accessed by JavaScript.
  • Session activity timestamp: Stored in localStorage to track inactivity for session timeout warnings.

We do not use tracking cookies, analytics cookies, advertising cookies, or any third-party cookies.

8. Data Retention

  • Active project data: Retained while your account is active.
  • Completed projects: 7-year retention period. Construction documents must be retained for regulatory and insurance purposes. This aligns with the construction industry legal standard.
  • After 7 years: You will receive automated notice 90 days before data is scheduled for deletion.
  • Data export: You can export all project data at any time from Project Settings (CSV or PDF).
  • Account deletion: Personal data is removed within 30 days of account deletion. Previously anonymized analytics data may remain in aggregate form, as it cannot be linked back to any individual.

Server logs containing IP addresses and request information are retained for up to 30 days for security and debugging purposes, then automatically deleted.

9. Your Rights

You have the following rights regarding your data:

  • Export your data: Export project data to CSV or PDF from Project Settings at any time.
  • Access and correction: View and edit all your data through the application interface.
  • Delete your account: Contact support@buildchart.io to request account deletion. Personal data will be removed within 30 days.
  • Opt out of AI training data collection: Toggle off in Account Settings → Data & Privacy. This stops future data collection but does not remove previously anonymized data that has already been aggregated.
  • Portability: Contact us to request a full export of your data in a machine-readable format.

10. Children's Privacy

The Service is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 16, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting a notice on the Service or sending an email to your registered address. The "Last updated" date at the top of this page indicates when the policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

BuildChart
Email: contact@buildchart.io