Privacy Policy

BuildCrux (“we,” “our,” or “us”) is a product of TackOn Labs. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the BuildCrux platform, including our website at buildcrux.com, our mobile applications, and all related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you create an account, we collect your name, email address, password, company name, phone number, and trade/industry type.
• Billing Information: Payment details such as credit card numbers and billing addresses are collected and processed securely by our payment processor, Stripe. We do not store full credit card numbers on our servers.
• Project Data: Information you enter about your projects, clients, invoices, estimates, contracts, expenses, mileage logs, photos, team members, and other business data.
• Communications: Messages sent through the platform, support requests, and any other communications with us.
• E-Signature Data: When contracts are signed electronically through BuildCrux, we collect the signer's name, email address, IP address, signature image, and timestamp for audit purposes.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
• Device Information: Browser type, operating system, device identifiers, and screen resolution.
• Location Data: If you enable mileage tracking or GPS features, we collect precise location data (including when the BuildCrux mobile app is in the background, solely while a trip is active) from your device. You can revoke location permission in your device settings at any time.
• Camera and Photo Access: The mobile app requests camera and photo library access so you can capture receipts, upload project photos, and scan blueprints. Media is only accessed when you explicitly choose to capture or upload.
• Crash Diagnostics and Performance Data: We collect crash logs, error stack traces, device model, OS version, app version, and anonymized user identifiers via our error-monitoring provider (Sentry) to diagnose bugs and improve stability. No message content, project data, or payment details are included in crash reports.
• Push Notification Tokens: If you grant permission, the mobile app registers a push token with Expo / Apple APNs / Google FCM so we can deliver transactional notifications (invites accepted, invoice paid, etc.).
• Log Data: Server logs that include your IP address, access times, and referring URLs.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to maintain your session, remember preferences, and analyze usage. See our Cookie Policy for details.

1.3 Information from Third Parties

• Payment Processor: Stripe may provide us with limited transaction information such as payment status and the last four digits of the card used.
• Authentication Providers: If you sign in using a third-party service, we may receive your name, email, and profile information from that provider.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process transactions and send related billing information
• Send you transactional notifications (e.g., contract signing requests, payment confirmations, invoice reminders)
• Provide customer support and respond to your requests
• Improve and optimize the Service through analytics and usage patterns
• Generate AI-powered estimates based on project data you provide
• Enforce our Terms of Service and protect against fraud or abuse
• Send marketing communications about product updates and new features (with your consent, and you can opt out at any time)
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share your information with the following sub-processors, each contractually obligated to protect your data:

• Supabase — database hosting, authentication, and file storage (receipts, photos, blueprints)
• Stripe — payment processing and subscription billing
• Vercel — web application hosting and CDN
• AI infrastructure provider — third-party AI processing for blueprint analysis and cost estimates. Content submitted is not used to train external AI models. The specific provider is available on request to support@buildcrux.com.
• Sentry — error monitoring and crash reporting
• Google Cloud (Maps, Places, Distance Matrix) — address autocomplete, geocoding, and mileage distance calculation
• Titan (Hostinger) — transactional email delivery (invitations, password resets, invoice notifications)
• GoHighLevel / Twilio — SMS delivery for team invitations and customer notifications when you opt into SMS
• Expo (push notifications) — routes push tokens to Apple APNs and Google FCM for mobile notifications

Additionally:

• Your Team and Clients: When you invite team members to your workspace or send contracts/invoices to clients, those users will see the project and business data you share with them.
• Legal Requirements: We may disclose your information if required by law, subpoena, or government request, or to protect the rights, property, or safety of BuildCrux, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.

4. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with hashed passwords
• Row-level security (RLS) policies ensuring users can only access their own workspace data
• PCI-compliant payment processing through Stripe
• Regular security monitoring and updates

While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or compliance purposes. Business data (invoices, contracts, project records) may be retained longer to comply with record-keeping obligations.

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Portability: Request your data in a portable, machine-readable format (CSV export is available from your dashboard).
• Opt-Out: Unsubscribe from marketing emails at any time using the link in any marketing email.
• Restrict Processing: Request that we limit how we use your data in certain circumstances.

To exercise any of these rights, contact us at privacy@buildcrux.com.

7. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

8. International Data Transfers

Your data may be processed and stored on servers located in the United States. If you are accessing the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer.

9. SMS Messaging

BuildCrux operates an SMS messaging program (A2P 10DLC, brand registered with The Campaign Registry) that enables contractors to send transactional messages to their customers and team members. Messages include invoice ready notifications with secure payment links, change order approval requests, project status updates, two-way customer messages tied to a specific project, and team invitations.

How phone numbers are collected.Phone numbers are collected at three points, each of which displays an explicit consent disclosure before submission: (i) when a contractor adds a customer record in their workspace, (ii) when a contractor invites a team member or subcontractor, and (iii) when an individual creates a BuildCrux contractor account. The contractor attesting on a customer's behalf is also responsible for confirming that the customer has consented to receive SMS messages.

Opt-out. Recipients can opt out of SMS messages at any time by replying STOP, OPTOUT, CANCEL, END, QUIT, UNSUBSCRIBE, REVOKE, or STOPALL to any message they receive. Opt-out is enforced at the messaging-service layer, so a recipient who opts out will not receive further messages from BuildCrux unless they explicitly resubscribe by replying START or UNSTOP.

Standard message and data rates may apply. Carriers are not liable for delayed or undelivered messages.

Full SMS program documentation is available at our public SMS Consent & Opt-In Documentation page, and the complete program terms are in our Terms of Service, Section: SMS Messaging Program Terms.

10. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy policies before providing any personal data.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also send you an email notification. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at: