← Back to home

Privacy Notice

Last updated: June 20, 2026

1. Who we are

This Privacy Notice explains how Buildex ("we", "us", "our") collects and uses personal data when you use our change-order pricing service. Buildex is the data controller for the personal data described below.

2. Data we collect and why

  • Account data (name, email, hashed password or OAuth identifier) — to create and secure your account. Legal basis: performance of contract.
  • Profile and company details you enter (business name, logo, default markup rules) — to provide the service. Legal basis: performance of contract.
  • Change-order content (line items, clients, PDFs you generate) — to provide and store the service for you. Legal basis: performance of contract.
  • Support communications — to respond to your requests. Legal basis: legitimate interests.
  • Usage and device data (pages viewed, feature usage, IP address, browser type, device identifiers, log timestamps) — to operate, secure, and improve the service and prevent abuse. Legal basis: legitimate interests.
  • Billing identifiers (customer reference from Paddle, plan, credit balance) — to provision your entitlement. Payment card details are collected and stored by Paddle, not by us.

3. Who we share data with

  • Paddle — our Merchant of Record. Paddle handles checkout, payment, subscription management, tax compliance, invoicing, and refund processing. See Paddle's Privacy Notice.
  • Hosting and infrastructure providers that operate our database, authentication, storage, and edge functions on our behalf, under written data-processing terms.
  • Professional advisers (legal, accounting) where necessary.
  • Authorities where required by law or to protect our rights, users, or the public.

We do not sell personal data.

4. Retention

We keep personal data for as long as your account is active and as needed to provide the service. After account closure we retain data for a limited period to meet legal, tax, accounting, and dispute-resolution obligations, then delete or anonymise it.

5. Your rights

Subject to your local law, you have rights to access, correct, delete, restrict, or object to processing of your personal data, to data portability, and to withdraw any consent you have given. Where GDPR or UK GDPR applies, you also have the right to lodge a complaint with your supervisory authority. To exercise your rights, contact us through your account; we aim to respond within one month.

6. International transfers

Your data may be processed in countries outside your own, including by Paddle and our hosting providers. Where data is transferred out of the UK / EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

7. Security

We use appropriate technical and organisational measures — including encryption in transit, access controls, and least-privilege database policies — to protect personal data. No system is perfectly secure; please use a strong, unique password.

8. Cookies and similar technologies

We use strictly necessary cookies and local storage to keep you signed in and remember preferences. We may use limited analytics to understand how the service is used. We do not use advertising cookies.

9. Changes

We may update this notice from time to time. Material changes will be communicated via the service or by email.

10. Contact

For privacy questions or to exercise your rights, contact us through the support channel available in your account.