B
BuildForge

Privacy Policy

Last updated: 19 March 2026

Black Mountain AI Pty Ltd (trading as BuildForge) (ABN 87 673 936 448) ("BuildForge", "we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

By using our website (buildforge.com.au), mobile application, or any of our services (collectively, the "Services"), you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, phone number, company name, ABN (if applicable), and billing address. This information is necessary to provide our Services and manage your subscription.

1.2 Usage Data

We automatically collect information about how you use our Services, including pages visited, features used, actions taken, timestamps, and session duration. This helps us improve the platform and provide better support.

1.3 Payment Information

Payment processing is handled by Stripe Payments Australia Pty Ltd. We do not store your full credit card number, CVV, or bank account details on our servers. Stripe may collect and store payment information in accordance with their own privacy policy and PCI DSS requirements.

1.4 Device and Technical Information

We collect your IP address, browser type and version, operating system, device type, screen resolution, and timezone. This information helps us optimise the platform for your device and diagnose technical issues.

1.5 Content You Provide

You may upload project data, documents, plans, photos, estimates, schedules, and other content to the platform. This content belongs to you and is processed solely to provide our Services.

1.6 Communications

We collect information from your communications with us, including support requests, feedback, and survey responses.

2. How We Use Your Information

We use your personal information to:

  • Provide, maintain, and improve our Services
  • Process your subscription and payments
  • Send transactional emails (account confirmations, invoices, security alerts)
  • Provide customer support and respond to enquiries
  • Analyse usage patterns to improve our platform
  • Power AI features (such as AI estimating and document analysis)
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Send marketing communications (with your consent)

3. How We Share Your Information

We do not sell your personal information. We may share your information with the following categories of third parties, solely to provide our Services:

3.1 Service Providers

  • Supabase Inc. — Database hosting and authentication. Data is stored on servers in the Sydney (ap-southeast-2) region.
  • Stripe Payments Australia Pty Ltd — Payment processing. Stripe is PCI DSS Level 1 compliant.
  • Anthropic PBC — AI processing for features such as AI estimating, document analysis, and AI agents. Project data sent to Anthropic is processed in accordance with our Data Processing Agreement and is not used to train AI models.
  • Vercel Inc. — Application hosting and content delivery.
  • Analytics providers — We use privacy-focused analytics to understand platform usage.

3.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4. Data Security

We implement industry-standard security measures to protect your personal information:

  • All data is encrypted in transit using TLS 1.3
  • Data at rest is encrypted using AES-256
  • Row-level security (RLS) ensures organisation-level data isolation
  • Regular security audits and penetration testing
  • Multi-factor authentication available for all accounts
  • Access controls and audit logging for all data access

While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure.

5. Your Rights Under Australian Privacy Principles

Under the APPs, you have the right to:

  • Access — Request access to the personal information we hold about you.
  • Correction — Request correction of inaccurate, incomplete, or out-of-date information.
  • Complaint — Lodge a complaint if you believe we have breached the APPs.
  • Data export — Export your data at any time in standard formats (CSV, PDF, JSON).
  • Account deletion — Request deletion of your account and associated personal information.

To exercise any of these rights, contact us at privacy@buildforge.com.au. We will respond within 30 days.

6. Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Maintain your authenticated session
  • Remember your preferences and settings
  • Understand how you use our platform (analytics)
  • Improve performance and user experience

Essential cookies are required for the platform to function. Analytics cookies can be disabled through your browser settings. We do not use advertising or tracking cookies.

7. Children's Privacy

Our Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly.

8. International Data Transfers

Our primary database is hosted in Australia (Sydney region). However, some of our service providers may process data in other jurisdictions, including the United States. When data is transferred internationally, we ensure that adequate protections are in place through contractual safeguards and compliance with APP 8 (cross-border disclosure of personal information).

Specifically:

  • Supabase: Primary data stored in Sydney (ap-southeast-2)
  • Stripe: PCI DSS compliant, data processed in Australia where possible
  • Anthropic: AI processing may occur in the United States under a Data Processing Agreement
  • Vercel: Edge functions run in the nearest region; core data remains in Australia

9. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. After account closure:

  • Account data is retained for 90 days to allow recovery, then permanently deleted
  • Billing records are retained for 7 years as required by Australian tax law
  • Audit logs are retained for 7 years for compliance purposes
  • Anonymised and aggregated data may be retained indefinitely for analytics

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and by posting a notice on our website at least 30 days before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.

11. Complaints

If you believe we have breached the APPs or are unhappy with how we have handled your personal information, you may:

  1. Contact us at privacy@buildforge.com.au and we will investigate and respond within 30 days.
  2. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, contact our Privacy Officer: