Privacy Policy

Last updated: June 2025  |  Effective date: June 2025

1. Who We Are

BuildCheck AI ("we", "our", "us") is an Australian software application designed to assist builders, contractors, and construction professionals with NCC compliance, floor plan generation, 3D modelling, pre-inspection checklists, and client communication. For privacy enquiries, contact us at support@buildcheckai.com.au.

2. Information We Collect

2.1 Information You Provide

• Account information: email address and display name used to create your Firebase account.
• Floor plan & project images: photos and documents you upload for AI processing.
• Construction project details: project name, address, client name, contract value, and stage information entered into the Client Portal.
• Client information: your client's name, email address, and phone number that you choose to enter when creating a project.
• Messages: text messages exchanged between you (builder) and your client through the in-app messaging feature.
• Variation requests: titles, descriptions, cost amounts, and supporting photos for variation approvals.
• Feedback: optional feedback text you submit through the Feedback screen.

2.2 Information Collected Automatically

• Device token (FCM): Firebase Cloud Messaging token used to deliver push notifications when your AI jobs complete. Not linked to personal identity.
• Firebase Analytics: anonymous usage events (screen views, feature usage) to help us improve the app. No personally identifiable information is sent.
• Crash reports (Firebase Crashlytics): device model, OS version, and crash stack traces to help us fix bugs.
• Variation audit data: when a client approves or declines a variation through the Client Portal, we record their IP address, device user-agent, decision, and timestamp as an immutable legal audit trail.

2.3 Information We Do NOT Collect

• We do not collect or store payment card details (processed by RevenueCat/Apple/Google).
• We do not use cookies or advertising trackers on our mobile app.
• We do not build behavioural profiles for advertising purposes.
• We do not collect biometric data.

3. How We Use Your Information

• Service delivery: to process your floor plan, 3D model, compliance analysis, and inspection requests using AI.
• Client Portal: to display project updates, photos, and variation requests to the client you have invited.
• AI summaries: your builder notes and variation details are sent to Google Gemini to generate plain-English summaries for your clients. This data is processed under Google's API terms and is not used to train Gemini models.
• Push notifications: to notify you when a background AI job (floor plan, 3D model) is complete.
• Legal compliance: variation approval audit records are stored to satisfy Australian electronic transactions law requirements.
• App improvement: anonymous crash and usage data to fix bugs and improve the user experience.

4. Legal Basis for Processing (Australian Privacy Act 1988)

We process your personal information on the following bases:

• Contract performance: to provide the services you have signed up for.
• Legitimate interests: to maintain security, prevent fraud, and improve our services.
• Legal obligation: to retain variation approval records as required by the Electronic Transactions Act 1999 (Cth) and equivalent state legislation.
• Consent: for push notifications and optional analytics, where you have granted permission on your device.

5. Third-Party Services

We use the following third-party services to operate BuildCheck AI. Each operates under its own privacy policy:

• Supabase (database & file storage) — supabase.com/privacy. Data is stored on servers in the United States.
• Google Firebase (authentication, push notifications, analytics, crash reporting) — firebase.google.com/support/privacy.
• Google Gemini API (AI summaries and analysis) — ai.google.dev/terms. Input data is not used to train models.
• ModelsLab / Stable Diffusion (floor plan & 3D model generation) — images you upload may be processed on ModelsLab servers.
• Pinecone (vector database for NCC compliance search) — stores anonymised NCC content only, not personal data.
• RevenueCat (subscription management) — handles in-app purchase validation. We do not receive card details.
• Render (API server hosting) — our backend API is hosted on Render infrastructure in the United States.

6. Data Storage and Security

Your data is stored in Supabase (US region) and protected by:

• HTTPS encryption for all data in transit.
• Row-level security on our database (service-role access only from our backend).
• Firebase Authentication for user account security.
• Token-based (UUID) access for Client Portal links — each project has a unique, unguessable access token.

No security system is 100% impenetrable. We encourage you not to share your Client Portal link with people who should not have access to your project information.

7. Data Retention

• Project data: retained for as long as your account is active, or until you delete the project.
• Variation approval records: retained indefinitely as an immutable legal audit trail. If you need these removed for a specific legal reason, contact us.
• Uploaded images: stored in Supabase Storage and retained until you delete the project or request removal.
• Account data: deleted within 30 days of account deletion request.

8. Your Rights

Under the Australian Privacy Act 1988 (and applicable state privacy legislation), you have the right to:

• Access the personal information we hold about you.
• Request correction of inaccurate information.
• Request deletion of your personal information (subject to our legal obligations to retain variation approval records).
• Withdraw consent for analytics and push notifications at any time through your device settings.
• Lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, contact us at support@buildcheckai.com.au.

9. Children's Privacy

BuildCheck AI is designed for use by construction industry professionals. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

10. Client Portal — Information About Your Clients

When you use the Client Portal, you enter your client's personal information (name, email, phone). By doing so, you represent that:

• You have obtained your client's consent to share their information with BuildCheck AI for project communication purposes.
• You are sharing only the minimum information necessary.
• You will inform your client that their project information will be accessible via a secure link and that their variation approvals are digitally recorded.

BuildCheck AI acts as a data processor for your client's information on your behalf. You remain the data controller responsible for ensuring lawful collection of your client's data.

11. Terms of Service (Summary)

By using BuildCheck AI, you agree that:

• The app is provided as a tool to assist professionals. AI-generated outputs (floor plans, compliance answers, 3D models) are not a substitute for licensed professional advice and should be verified before use.
• You are responsible for the accuracy of information you enter into the app.
• Variation approval records created through the Client Portal may constitute legally binding agreements under Australian electronic transactions law. Consult a lawyer if you are unsure about the legal effect of digital approvals.
• We reserve the right to suspend accounts that abuse the service or violate these terms.
• The service is provided "as is" without warranty. We are not liable for decisions made based on AI-generated content.

A full Terms of Service document is available on request at support@buildcheckai.com.au.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes through the app or by email. Continued use of the app after changes constitutes acceptance of the updated policy.