Privacy Policy

BuildStack ("BuildStack", "we", "us") operates the website at getbuildstack.com and provides AI agents (SMS, email, social, and voice) that respond to customer messages on behalf of trades businesses.

For UK customers, BuildStack is the data controller in respect of personal data you provide to us about your business. For end-customer messages handled by the agents we operate for you, BuildStack acts as a data processor under your direction. A separate Data Processing Agreement governs that relationship.

For US customers, references to "business", "service provider", and "consumer" in CCPA/CPRA map to this controller/processor structure.

We collect personal information in three categories:

• Account & business data — the name, email, business name, trade type, phone number, service area, and pricing information you provide so we can set up your front desk stack.
• End-customer messages — SMS, email, and social media messages between your customers and the agents we run for you. We process these strictly to deliver the service you have engaged us to provide.
• Site & product analytics — pages visited, device and browser information, IP address, referral source, and similar diagnostic data collected through Google Analytics, Meta Pixel, and standard server logs.

We use personal information to:

• Provide and improve the BuildStack service.
• Train, tune, and audit the AI agents we operate for your business. Where we use conversation data to improve our service, it is anonymised and aggregated before it leaves your tenant.
• Communicate with you about onboarding, service updates, and billing.
• Detect and prevent fraud, abuse, and spam.
• Comply with our legal obligations.

We do not sell personal information. We do not share end-customer message content with third parties for advertising. We do not use your business data to train third-party AI models.

Under UK GDPR, the lawful bases we rely on are:

• Contract — to deliver the BuildStack service you have signed up for.
• Legitimate interests — to run, improve, and secure our service, balanced against your rights.
• Consent — for analytics and marketing cookies where required. You can withdraw consent at any time.
• Legal obligation — for tax, accounting, and lawful requests from authorities.

We share personal information with sub-processors that help us operate BuildStack — including cloud hosting (AWS, Vercel), telephony and messaging providers (Twilio, Meta), email delivery (Resend, Postmark), CRM integrations (Jobber, Housecall Pro, ServiceTitan, Tradify, ServiceM8), analytics providers, and our payment processor (Stripe).

A current list of sub-processors is available on request. We bind every sub-processor by written contract with confidentiality and data-protection obligations consistent with this policy.

Some sub-processors are located outside the UK or EEA. Where required, we use Standard Contractual Clauses or the UK International Data Transfer Addendum to safeguard transfers.

We retain personal information only as long as needed:

• Account & business data — for the duration of your contract and up to 24 months after, then deleted unless we are required to keep it longer.
• End-customer messages — retained on your behalf for the duration of your contract. On termination, you may request export or deletion; we delete within 30 days unless legally required to retain.
• Analytics — retained for up to 26 months in aggregated form.

UK / EU residents: you have the right to access, rectify, erase, restrict, port, and object to the processing of your personal data, and to withdraw consent where processing is based on consent. To exercise these rights, email hello@getbuildstack.com. You can also lodge a complaint with the UK Information Commissioner's Office (ICO).

US residents: depending on your state, you have rights to know, access, correct, delete, and opt out of the sale or sharing of your personal information. BuildStack does not sell personal information and does not engage in cross-context behavioural advertising of end-customer data. To exercise your rights, contact us at the email above.

We use industry-standard administrative, technical, and physical safeguards — including encryption in transit and at rest, principle-of-least-privilege access, audit logging, and regular reviews — to protect personal information.

No system is perfectly secure. In the event of a breach affecting your data, we will notify you and the relevant regulator within the timeframes required by applicable law.

BuildStack uses cookies and similar technologies for essential site functionality, analytics, and (where you consent) marketing. You can manage cookies through your browser settings.

We may update this Privacy Policy from time to time. Material changes will be announced on this page and, where required, by direct notice to affected users.