Privacy Policy
Last updated: February 2026
1. Who We Are
BuildersAI is operated by CM Digital Solutions Ltd, a company registered in England and Wales. We provide construction project management software including a mobile app and website.
CM Digital Solutions Ltd
Suite A, 82 James Carter Road
Mildenhall, IP28 7DE
United Kingdom
For privacy enquiries, contact us at privacy@buildersai.co.uk.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. All our data processing occurs within EU data centres with no international transfers.
2. Information We Collect
Account Information
When you create an account, we collect your email address, full name, and password (which is securely hashed and never stored in plain text). You may optionally provide a phone number, job title, and profile photo.
Project Content
When using our services, you may upload photos, files, documents, floor plans, and drawings. We also store tags, annotations, captions, comments, messages, work items, tasks, and project settings that you create.
AI Interaction Data
When you use our AI assistant features, we collect your questions and the responses generated, along with any feedback you provide (such as ratings or corrections). This helps us improve the quality and accuracy of AI responses.
Usage and Analytics Data
We automatically collect information about how you use our services, including feature usage patterns, session duration, navigation flows, and app performance metrics. On our website, we use Google Analytics to understand traffic sources and user journeys, and Microsoft Clarity to generate heatmaps and session replays that help us improve the user experience.
Technical Data
We collect device information (type, model, operating system), app version, browser type and version (on the website), and screen resolution. IP addresses are anonymised immediately and not stored in identifiable form.
Device Registration
When you use our mobile app, we create a device identifier derived from your device name, model, and operating system version. We also collect your push notification token (to send notifications to your device), device name (e.g., "John's iPhone"), and per-device settings such as whether site tracking is enabled. This allows you to use BuildersAI across multiple devices with separate settings on each.
Location Data (Optional)
With your explicit consent, we may collect GPS coordinates to geotag photos with their capture location. This helps you organise site photos and track where work was documented. Location is only captured when you choose to add it to a photo.
Geofencing & Site Presence (Optional)
Our mobile app includes an optional geofencing feature that can automatically record when you arrive at or leave a construction site. This is designed to help with site attendance tracking, health & safety compliance, and time management.
Geofencing is disabled by default and requires three levels of consent to activate:
- Granting foreground location permission
- Granting background location permission
- Explicitly enabling geofencing in the app settings
When enabled, your device monitors for entry and exit from project site boundaries, even when the app is closed. We record timestamped enter/exit events and GPS accuracy data. You can disable geofencing at any time in the app settings or by revoking location permission in your device settings.
3. How We Use Your Information
Providing Our Services
We use your information to provide photo and file management, enable team collaboration, process AI chat requests, sync data across your devices, and send transactional notifications such as project invites and updates.
Improving Our Products
We analyse usage patterns to prioritise feature development, review AI interactions to improve response quality, study project workflows to identify pain points, and conduct A/B testing of features and interfaces. This analysis uses aggregated and anonymised data wherever possible.
Safety and Quality
We monitor for misuse, abuse, or terms violations, review flagged content for policy compliance, ensure AI responses are accurate and helpful, and detect and prevent fraudulent activity.
4. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following legal grounds:
- Contract performance: To provide our services, manage your account, and deliver customer support.
- Legitimate interests: To improve our products, analyse usage patterns, fix bugs, ensure security, and prevent fraud. We balance these interests against your privacy rights.
- Consent: For marketing communications, location services (photo geotagging), geofencing and site presence tracking, optional beta features, and non-essential cookies (including Google Analytics and Microsoft Clarity on our website).
- Legal obligation: To comply with tax records retention and respond to lawful requests from authorities.
5. Who We Share Your Data With
We work with trusted third-party service providers to deliver our services. All processors are GDPR-compliant with Data Processing Agreements in place, and all data remains within EU data centres.
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database, Auth, Storage | EU (Ireland) |
| Google Analytics | Website Analytics | EU |
| Microsoft Clarity | Heatmaps & Session Replay | EU |
| PostHog | Mobile App Analytics | EU |
| Sentry | Error Tracking | EU |
| PowerSync | Offline Sync | EU |
| Stripe | Payment Processing | EU-compliant |
| AWS Bedrock | AI Processing (Claude) | EU (Ireland) |
| Resend | Email Delivery | EU (Ireland) |
We never: sell your personal data to third parties, share your data with advertisers, or transfer your data outside the EU/EEA.
6. International Data Transfers
All your data is stored and processed within EU data centres. We do not transfer personal data outside the European Economic Area. Our database is hosted in Ireland, file storage is in the EU, and AI processing occurs in AWS Ireland. This means no Standard Contractual Clauses or additional safeguards are required for international transfers.
7. How Long We Keep Your Data
We retain your data only as long as necessary for the purposes described in this policy:
- Account data: Until you delete your account, plus 30 days grace period for restoration
- Project content: Until deletion, plus 90 days for legal backup and team access
- AI chat logs: 24 months for quality improvement
- Usage analytics: 12 months for product improvement
- Error logs: 90 days for bug fixing
- Site presence events: 12 months for attendance and health & safety records
- Device registration: Until you remove the device or delete your account
- Payment records: 7 years as required by UK tax law
When you request deletion, we immediately hide your data (soft delete), provide a 30-day grace period during which you can restore your account, then permanently delete your data. Aggregated statistics are anonymised and retained.
8. Your Rights
Under UK GDPR, you have the following rights regarding your personal data:
- Access: Request a copy of all your personal data
- Rectification: Correct any inaccurate information
- Erasure: Request deletion of your account and data
- Portability: Export your data in a machine-readable format
- Restriction: Request we temporarily stop processing your data
- Object: Opt out of certain types of processing
- Withdraw consent: Remove consent for marketing or analytics at any time
To exercise these rights, contact us at privacy@buildersai.co.uk. We will respond within 30 days (or 60 days for complex requests, with explanation).
9. Cookies and Tracking
Essential Cookies
We use essential cookies for authentication and session management. These are necessary for the website to function and cannot be disabled.
Analytics Cookies
With your consent, we use Google Analytics to understand how visitors use our website, including page views, user journeys, and traffic sources. We also use Microsoft Clarity to generate heatmaps and session replays that show us how users interact with our pages. Both services are configured to store data in EU data centres, and IP anonymisation is enabled.
You can manage your cookie preferences through the cookie banner when you first visit our site, or by adjusting your browser settings.
No Advertising Cookies
We do not use advertising cookies, third-party ad networks, or retargeting/remarketing technologies.
10. AI Features
Our AI assistant features are powered by Claude (developed by Anthropic) via AWS Bedrock. All AI processing occurs in EU data centres (Ireland). When you use AI features, your queries and project context are processed to generate helpful responses.
Important: Your data is NOT used to train AI models. AWS Bedrock guarantees that customer data is not used for model training. We may review AI interactions internally for quality assurance and to improve response accuracy.
AI features are provided as an assistance tool only and should not be relied upon as professional construction, engineering, or legal advice. Always verify important information with qualified professionals.
11. Security
We implement appropriate technical and organisational measures to protect your data, including encryption at rest (AES-256) and in transit (TLS 1.3), row-level security database policies, secure password hashing, and regular security audits.
In the event of a data breach affecting your personal data, we will notify the ICO within 72 hours (where required) and inform affected users without undue delay.
12. Children's Privacy
Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email at least 30 days before they take effect, and update the "Last updated" date at the top of this page. Your continued use of our services after changes take effect constitutes acceptance of the updated policy.
14. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Privacy Enquiries
Email: privacy@buildersai.co.uk
Response time: Within 5 business days
Supervisory Authority
You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.
Website: ico.org.uk
Phone: 0303 123 1113