BuildBase is operated by BUILDBASE SOFTWARE, ABN 22 673 457 592 ("we," "us," "our"). We are the data controller (for GDPR purposes) and the APP entity (for Australian Privacy Act purposes) responsible for your personal information when you use the BuildBase service ("Service").
Data Controller / APP Entity:
BUILDBASE SOFTWARE
ABN: 22 673 457 592
Email: [email protected]
Address: PO Box 38, Ormeau, QLD 4208, Australia
This Privacy Policy applies to all personal information collected through the BuildBase website, web application, and any related services. It does not apply to third-party websites or services that may be linked from our Service.
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
| Data Type | Examples | When Collected |
|---|---|---|
| Account Information | Email address, password (hashed), display name | Account registration |
| Google Account Data | Email, display name, profile photo URL (if you sign in with Google) | Google OAuth sign-in |
| Project Data | Project names, descriptions, budgets, BOMs, tasks, notes, timeline entries | When you create and use projects |
| Uploaded Files | Documents, images, CAD files, PDFs, and other attachments | When you upload files to projects |
| Payment Information | Billing name, card details, billing address | Subscription checkout (processed and stored by Stripe — we do not store full card numbers) |
| Communications | Email correspondence, support requests, feedback | When you contact us |
| Data Type | Examples | Purpose |
|---|---|---|
| Device & Browser Data | Browser type, operating system, screen resolution, device type | Service optimisation and compatibility |
| Log Data | IP address, access times, pages visited, referring URLs | Security, debugging, and analytics |
| Usage Data | Features used, actions taken, session duration | Service improvement |
| Firebase Authentication Data | Authentication tokens, sign-in method, last sign-in timestamp | Account security and session management |
We do not knowingly collect sensitive information (also known as "special category data") such as racial or ethnic origin, political opinions, religious beliefs, health information, sexual orientation, or biometric data. We do not collect information about children under 18.
We use your personal information for the following purposes:
| Purpose | Data Used |
|---|---|
| Providing the Service — creating your account, storing your projects, syncing data across devices, processing file uploads | Account info, project data, uploaded files |
| Processing Payments — managing subscriptions, processing charges, handling refunds | Payment info (via Stripe), email |
| Communications — sending account-related emails (verification, password reset, billing receipts, important service notices) | Email address |
| Security & Fraud Prevention — detecting and preventing unauthorised access, abuse, or security incidents | Log data, IP address, authentication data |
| Service Improvement — understanding how features are used, identifying bugs, improving performance | Usage data, device data (aggregated/anonymised where possible) |
| Legal Compliance — responding to legal requests, enforcing our terms, complying with applicable laws | Any data as required by law |
We do not use your personal information for automated decision-making or profiling that produces legal or similarly significant effects.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We will never do this.
If you are located in the European Economic Area (EEA), United Kingdom (UK), or another jurisdiction that requires a legal basis for processing personal data, we rely on the following:
| Legal Basis | Applies To |
|---|---|
| Performance of a Contract | Providing the Service, processing payments, managing your account — these are necessary to fulfil our contract with you (the Terms of Service). |
| Legitimate Interests | Security and fraud prevention, service improvement and analytics, responding to support requests. Our legitimate interests do not override your fundamental rights and freedoms. |
| Legal Obligation | Complying with tax, accounting, and other legal requirements. |
| Consent | Where we send optional marketing communications (you can withdraw consent at any time). We currently do not send marketing emails. |
We share your information only with the following categories of third parties, and only to the extent necessary to provide and improve the Service:
| Provider | Purpose | Data Shared | Location |
|---|---|---|---|
| Google Firebase (Google LLC) |
Authentication, database (Firestore), file storage (Cloud Storage), hosting | Account data, project data, uploaded files, authentication tokens | United States (Google Cloud infrastructure) |
| Stripe, Inc. | Payment processing, subscription management, invoicing | Email, payment details, billing address, subscription status | United States |
Each of these providers is bound by their own privacy policies and data processing agreements. We encourage you to review:
We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, the safety of others, investigate fraud, or respond to a legal request.
If BuildBase is involved in a merger, acquisition, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you (via email or notice on the Service) of any such change and any choices you may have regarding your information.
We may share your information with third parties when you have given us explicit consent to do so.
BuildBase is operated from Australia. However, as we use Firebase (Google Cloud) and Stripe, your data may be processed and stored in the United States and other countries where these providers operate infrastructure.
Where your data is transferred outside of Australia or the EEA, we ensure that appropriate safeguards are in place, including:
By using the Service, you acknowledge and consent to the transfer of your information to countries outside your country of residence, which may have different data protection standards.
We retain your personal information only for as long as necessary to fulfil the purposes described in this Policy:
| Data Type | Retention Period |
|---|---|
| Account data | For the duration of your account, plus 30 days after account closure to allow for reactivation. |
| Project data & uploaded files | For the duration of your active Subscription, plus 30 days after Subscription cancellation or account closure. |
| Payment & billing records | As required by tax and accounting laws (typically 7 years in Australia under ATO requirements). |
| Log data & usage analytics | Up to 12 months, then aggregated or deleted. |
| Support correspondence | Up to 24 months after the issue is resolved, unless a longer retention period is required for legal purposes. |
After the applicable retention period, personal data is either permanently deleted or irreversibly anonymised. Anonymised data that can no longer identify you may be retained indefinitely for statistical purposes.
We implement appropriate technical and organisational measures to protect your personal information, including:
While we take reasonable steps to protect your information, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users and relevant authorities in the event of a data breach, in accordance with the Notifiable Data Breaches (NDB) scheme under the Australian Privacy Act and GDPR breach notification requirements where applicable.
Depending on your location, you may have some or all of the following rights regarding your personal information:
Under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), you have the right to:
If you are located in the EEA or UK, you additionally have the right to:
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or sooner if required by applicable law). We may need to verify your identity before processing certain requests.
We will not discriminate against you for exercising any of your privacy rights.
BuildBase uses a minimal set of cookies and similar technologies:
| Cookie / Technology | Type | Purpose | Duration |
|---|---|---|---|
| Firebase Auth session | Strictly Necessary | Maintains your login session and authentication state | Session / persistent (per Firebase defaults) |
| Stripe session | Strictly Necessary | Facilitates secure payment processing during checkout | Session |
We do not currently use third-party advertising cookies, social media tracking pixels, or cross-site tracking technologies. We do not serve advertisements within the Service.
You can manage cookies through your browser settings. However, disabling strictly necessary cookies may prevent you from using the Service, as they are required for authentication and payment processing.
If we introduce analytics or non-essential cookies in the future, we will update this Policy and, where required by law, obtain your consent before deploying them.
The Service is not directed at, and we do not knowingly collect personal information from, children under the age of 18. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal information, please contact us at [email protected].
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes:
We encourage you to review this Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Policy.
If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal information, please contact us:
Privacy Enquiries
BUILDBASE SOFTWARE
Email: [email protected]
Postal: PO Box 38, Ormeau, QLD 4208, Australia
If you are not satisfied with our response to a privacy complaint, you have the right to lodge a complaint with the relevant supervisory authority: