BuildX Software

1. Introduction

BuildX Software ("we", "us", "our") operates the CMS & CamX platforms. This Privacy Policy explains how we collect, use, store & protect your personal information when you use our services.

We are committed to protecting your privacy and handling your data transparently. By using our Services, you consent to the practices described in this policy.

2. Information We Collect

Information You Provide

Account information: Name, email address, company name, phone number
Payment information: Credit card details (processed securely by Stripe — we never store card numbers)
Project data: Project names, addresses, contacts, tasks, reports, notes, checklists
Photos and files: Job site photos, documents, before/after comparisons uploaded to the platform
Communications: Chat messages, comments, support requests

Information Collected Automatically

Device and usage data: Browser type, operating system, IP address, pages visited, features used
Location data: GPS coordinates from photos (EXIF data) when geo-tagging is enabled
Log data: Server logs including timestamps, API requests, error reports

3. How We Use Your Information

Provide the Services: Store and organize your photos, generate reports, manage projects
AI Features: Process photos and text through AI models to generate descriptions, summaries, suggestions, and search results
Billing: Process payments, manage subscriptions, apply promo codes
Communication: Send service notifications, security alerts, product updates
Improvement: Analyze usage patterns to improve features and performance (aggregated, non-personal data only)
Support: Respond to your questions and resolve issues
Legal: Comply with legal obligations, enforce our terms, protect against fraud

4. AI Data Processing

Our CamAI features use third-party AI providers (Anthropic Claude) to process your photos and text. Important details:

Photos and text are sent to AI providers only when you actively use AI features (not automatically)
AI providers process your data under strict data processing agreements
Your data is NOT used to train AI models — it is processed and discarded
AI-generated content (descriptions, summaries) is stored in your account as part of your data

5. Data Storage & Security

Storage: Your data is stored on secure cloud infrastructure (DigitalOcean) in the United States.

Encryption: All data is encrypted in transit (TLS/SSL) and at rest. Passwords are hashed using bcrypt.

Access controls: Access to your data is restricted to authorized personnel and governed by role-based permissions.

Photos: Uploaded photos are stored in secure cloud storage with unique URLs. Photos are not publicly accessible unless you create a share link.

Backups: We maintain regular backups for disaster recovery. However, you are encouraged to maintain independent backups of critical data.

6. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

Service providers: Stripe (payments), Anthropic (AI), DigitalOcean (hosting), email delivery services — under strict data processing agreements
Your team: Data within your organization is accessible to team members based on their assigned roles
Collaborators: When you invite subcontractors or external collaborators, they can access shared project data
Share links: When you create share links for reports or galleries, the linked content is accessible to anyone with the URL
Legal requirements: When required by law, court order, or government request
Business transfer: In connection with a merger, acquisition, or sale of assets (with prior notice)

7. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising trackers.

Authentication cookies: JWT tokens stored in localStorage to keep you signed in
Preference cookies: Theme (light/dark mode), language settings
Analytics: We may use privacy-respecting analytics to understand feature usage (no personal data shared with analytics providers)

8. Your Rights

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate data
Deletion: Request deletion of your account and personal data
Export: Download your data in standard formats (PDF, photos, CSV)
Restriction: Request that we limit processing of your data
Objection: Object to certain processing activities

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

9. California Privacy Rights (CCPA)

California residents have the right to:

Know what personal information we collect and how it's used
Request deletion of personal information
Opt out of the sale of personal information (we do not sell personal information)
Non-discrimination for exercising privacy rights

10. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. Data Retention

We retain your data for as long as your account is active. After account cancellation:

Account data is retained for 30 days (grace period for reactivation)
After 30 days, personal data and photos are permanently deleted
Anonymized usage statistics may be retained indefinitely
Legal and billing records are retained as required by law

12. International Transfers

Your data is processed and stored in the United States. If you access the Services from outside the US, your data will be transferred to and processed in the US. We ensure appropriate safeguards are in place for international data transfers.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or in-app notification. The "Last updated" date at the top reflects the most recent revision.

14. Contact Us

For privacy questions or to exercise your rights:

BuildX Software
Email: [email protected]