Buildaur LLC ("Buildaur," "we," "us," or "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use and share it, and the choices and rights you have. It applies to information we collect through the Buildaur platform, our website buildaur.app, and related services (collectively, the "Service").
Buildaur serves two main groups: businesses that subscribe to use Buildaur ("Business Clients" or "Merchants") and the customers of those businesses who place custom orders through builders powered by Buildaur ("End Customers"). This Policy describes our practices for both.
1. Our Role and Yours
Where Business Clients use the Service, Buildaur acts as a "controller" of Business Client account data and as a "processor" or "service provider" of End Customer data that is collected through the Business Client's builder.
- For Business Client account information: Buildaur is the controller.
- For End Customer data submitted through a builder: the Business Client is the controller and Buildaur is the processor / service provider.
- For buildaur.app marketing-site visitors: Buildaur is the controller.
2. Information We Collect
2.1 Information You Provide.
- Account information: for all users, your first name, last name, and email address. For Business Clients, additionally your business name. We do not collect a phone number or billing address at account signup; phone numbers and shipping addresses are only collected at the order level (see "Order details" below) when a Merchant configures their builder to ask for them.
- Payment information: handled by Stripe; Buildaur receives only tokens and limited metadata (last 4 digits, card brand, expiration). Billing addresses associated with a payment method are collected and stored by Stripe, not by Buildaur.
- Builder configurations and designs: images, text, dimensions, colors, files, and other content that Business Clients or End Customers upload.
- Order details: items selected, quantities, customer name, customer email, customer phone (when provided), shipping address, and any customer notes — collected when the Merchant's builder is configured to capture them at checkout.
- Communications: support email correspondence (and any attachments you send with it). Buildaur does not currently operate a live-chat product or run customer surveys; if we add either in the future, the messages you send through them will fall under this category.
2.2 Information Collected Automatically.
- Device and usage data: IP address, browser type, operating system, referrer, pages viewed, timestamps.
- Cookies and similar technologies: see our Cookie Policy.
- Log data and error reports generated by the web server and the application.
2.3 Information from Third Parties.
- Stripe — payment status, refunds, disputes, and the limited card metadata described in Section 2.1.
- Transactional email providers — send / deliver / bounce status for emails Buildaur sends to you (such as order confirmations or support replies).
- Merchant-configured integrations — where a Business Client has connected their Buildaur account to a third-party service they themselves operate (for example, Squarespace or Shopify), Buildaur receives order, payment, and customer data forwarded from that service so it can be matched against the Buildaur order.
Buildaur does not currently offer customer sign-in via third-party authentication providers (such as "Sign in with Google" or "Sign in with Apple"); if we add support for those in the future, the information they share with us will fall under this section.
3. How We Use Information
We use information to:
- provide, operate, maintain, and improve the Service;
- create and manage accounts, authenticate users, and prevent fraud;
- process payments, send invoices, and handle subscription billing;
- enable Business Clients to receive and process End Customer orders;
- provide customer support and respond to inquiries;
- send service-related notices, updates, and security alerts;
- with consent or as otherwise permitted, send marketing communications;
- comply with legal obligations and enforce our Terms;
- monitor and analyze usage to develop new features.
4. Legal Bases (EEA / UK)
If you are in the European Economic Area, the United Kingdom, or Switzerland, the legal bases on which we rely include:
- Performance of a contract — to provide the Service you have requested.
- Legitimate interests — to operate, secure, and improve the Service, in a manner that does not override your rights.
- Consent — for certain marketing communications and non-essential cookies; you may withdraw consent at any time.
- Legal obligation — to comply with applicable laws and regulatory obligations.
5. How We Share Information
We share personal information with:
- Business Clients (as their processor) — End Customer data is shared with the Business Client whose builder you used.
- Service providers — payment processors (Stripe), hosting providers, email and analytics vendors, and similar processors who handle data on our behalf under contractual confidentiality and security obligations.
- Legal and safety — when we believe in good faith disclosure is necessary to comply with law, respond to legal process, protect our rights, or protect the safety of any person.
- Business transfers — in connection with a merger, acquisition, financing, or sale of assets, with appropriate confidentiality protections.
We do not sell personal information for money. We do not "share" personal information for cross-context behavioral advertising as those terms are defined under California law.
6. Data Retention
We retain account and order data for as long as necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce agreements.
As described in our Master Terms of Service, Buildaur retains order metadata indefinitely (order id, design id, customer name and contact information, status, dates, totals, payment confirmations, shipping and tracking information, and product type ordered) for tax, dispute, audit, and customer-support purposes. The design canvas data and associated production files — specifically, the canvas_data blob and the on-disk source uploads and generated print sheets associated with each order — are automatically purged three hundred sixty-five (365) days after the order's creation date.
If a customer duplicates an existing order, the duplicate creates a new order with a fresh three-hundred-sixty-five-day retention window for its own design data; the original order's clock is unchanged. Business Client account data and builder configurations are retained until the Business Client requests deletion, the account is permanently terminated under the Master Terms, or retention is no longer necessary for any of the purposes above. End Customer data submitted through a builder is retained according to the Business Client's instructions and applicable law.
7. Security
We use reasonable technical, organizational, and physical safeguards to protect personal information, including encryption in transit, restricted access controls, and vendor due diligence. No system is perfectly secure; we cannot guarantee absolute security. If you believe your account has been compromised, contact support@buildaur.app immediately.
8. International Transfers
Buildaur is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States and other countries that may have different data protection laws than your country. Where required, we use appropriate transfer mechanisms such as Standard Contractual Clauses.
9. Your Rights and Choices
9.1 Universal Rights.
- Access and obtain a copy of personal information we hold about you;
- Correct inaccurate or incomplete personal information;
- Request deletion of personal information, subject to certain exceptions;
- Object to or restrict certain processing;
- Data portability (where applicable);
- Withdraw consent at any time, where processing is based on consent.
To exercise these rights, email support@buildaur.app. We will verify your identity before responding. If we deny your request, we will explain why.
9.2 EEA / UK Rights.
If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority.
9.3 California Rights (CCPA / CPRA).
California residents have the right to know what categories of personal information we collect, the sources, the purposes, and the categories of third parties with whom we share it; to request deletion or correction; to opt out of "sale" or "sharing" (we do not sell or share, as defined); and to limit use of sensitive personal information. We do not discriminate against you for exercising your rights.
9.4 Other U.S. State Rights.
Residents of Colorado, Connecticut, Virginia, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws have similar rights, including access, correction, deletion, opt-out of targeted advertising and profiling, and (where applicable) appeal of our decisions. To exercise these rights, contact support@buildaur.app.
9.5 Global Privacy Control.
We honor the Global Privacy Control (GPC) signal as a valid opt-out request from your browser, where required.
10. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact support@buildaur.app and we will delete it.
11. Do Not Track
We do not currently respond to "Do Not Track" browser signals other than as described above for GPC.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Effective Date" reflects the latest version. Material changes will be communicated by email to Business Clients and posted prominently on buildaur.app. Continued use of the Service after the effective date constitutes acceptance.
13. Contact Us
Questions, requests, or complaints regarding this Privacy Policy may be sent to:
Buildaur LLC
Email: support@buildaur.app
Website: buildaur.app