Privacy Policy

Last updated: 12 February 2025

1. Introduction

Buildprint ("the Service") is operated by Not Quite Unicorns Ltd ("we", "us", or "our"), a company registered in England and Wales (company number 14847764). We are committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, share, and protect your information when you use the Service. It applies to all users of Buildprint, regardless of location.

For the purposes of the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR), we are the data controller.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and — if you sign up with Google — your profile image. If you register with email and password, we store a hashed version of your password (we never store passwords in plain text).

Workspace and Project Data

We collect information about the workspaces and projects you create, including names, logos, and team membership details.

AI Provider Credentials

If you connect your Anthropic (Claude) or OpenAI account, we store encrypted OAuth tokens to authenticate requests on your behalf. These tokens are encrypted at rest and are only used to communicate with the respective AI providers.

Usage Data

We collect information about how you use the Service, including AI conversation history, tool usage logs, and feature interactions. This helps us provide and improve the Service.

Content You Create

We store content you create within the Service, such as project notes and files you upload (e.g. translation CSVs).

Analytics Data

We use PostHog to collect anonymised analytics data about how the Service is used. This includes page views, feature usage, and general interaction patterns. We only create analytics profiles for identified (logged-in) users.

3. How We Use Your Information

We use your information to:

  • Provide, operate, and maintain the Service
  • Authenticate your identity and manage your account
  • Connect to AI providers and Bubble.io on your behalf
  • Improve, personalise, and develop new features for the Service
  • Send you transactional emails (e.g. account verification, security alerts)
  • Respond to your support requests
  • Detect, prevent, and address technical issues or abuse
  • Comply with legal obligations

4. Legal Basis for Processing (GDPR)

If you are in the UK or EEA, we process your personal data on the following legal bases:

  • Contract: Processing necessary to provide the Service to you (e.g. account management, AI queries)
  • Legitimate interests: Improving the Service, analytics, and preventing abuse — where these interests are not overridden by your rights
  • Consent: Where you have given specific consent, such as connecting third-party accounts
  • Legal obligation: Where processing is required to comply with applicable law

5. Data Sharing and Third Parties

We share your data with third-party service providers that help us operate the Service. These include:

  • Convex — database
  • Vercel — hosting
  • Cloudflare — hosting and object storage
  • Google — authentication (OAuth)
  • Anthropic & OpenAI — AI providers (accessed using your own credentials)
  • Resend — transactional email delivery
  • PostHog — product analytics
  • Axiom — log analytics and monitoring

These providers only process your data as necessary to provide their services to us and are bound by their own privacy policies and, where applicable, data processing agreements.

We do not sell your personal data. We do not share your personal data with third parties for their own marketing purposes.

6. International Data Transfers

Some of our service providers are based outside the UK and EEA, including in the United States. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions, in accordance with applicable data protection law.

7. Data Security

We take reasonable technical and organisational measures to protect your data, including:

  • Encryption of sensitive data such as OAuth tokens and API credentials at rest
  • Hashing of passwords and access tokens (we never store these in plain text)
  • Access controls to limit who can access your data internally
  • Use of HTTPS for all data transmitted between your browser and our servers

No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. If you close your account, we will delete or anonymise your personal data within a reasonable timeframe, unless we are required to retain it for legal or regulatory purposes.

9. Your Rights

UK and EEA Residents (GDPR)

You have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your personal data ("right to be forgotten")
  • Restrict processing of your data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent

You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).

California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect, use, and disclose
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information — we do not sell your personal information
  • Right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, please contact us at support@getbuildprints.com. We will respond within the timeframes required by applicable law.

10. Cookies and Tracking

We use the following types of cookies and tracking:

  • Essential cookies: Required for authentication and core functionality of the Service
  • Analytics: PostHog collects usage data to help us improve the Service. Analytics profiles are only created for logged-in users.

11. Children's Privacy

The Service is not intended for anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

Not Quite Unicorns Ltd
Email: support@getbuildprints.com