Privacy Policy

1. Introduction

FAIND Inc., a C Corporation registered in the State of Delaware, United States, operating as Buildorado ("FAIND," "Buildorado," "we," "our," or "us"), operates a platform that enables users to build and publish websites, create forms, process payments, and automate business workflows. We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

This Privacy Policy applies to our website at buildorado.io, our applications, and all related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

If you are a European resident, Buildorado acts as a "data controller" for personal data we collect about you as a customer. For form submission data collected through workflows you create and visitor data on websites you publish, you are the data controller and Buildorado acts as a "data processor" on your behalf.

2. Information We Collect

2.1 Information You Provide

When you register for an account, create websites, workflows, or interact with our Services, you may provide:

• Account Information: Name, email address, password, organization name, and profile details
• Payment Information: Billing address and payment details (credit card information is processed securely by our payment processors, Stripe and PayPal, and is not stored on our servers)
• Website Data: Website designs, pages, content, images, custom domain configurations, and publishing settings you create through our website builder
• Workflow Data: Forms, conditional logic, integrations, and automation rules you create
• AI Prompts and Generated Content: Instructions you provide to our AI tools and the resulting generated websites, forms, and workflows
• Communications: Messages you send to our support team, feedback, and survey responses

2.2 Form Submission Data (Respondent Data)

When individuals submit responses to forms you create using Buildorado ("Respondents"), we collect and store that submission data on your behalf. This may include any information the Respondent provides, such as names, email addresses, phone numbers, uploaded files, payment information, and any other data fields in your forms.

Important: You, as the form creator, are the data controller for Respondent data. You are responsible for ensuring you have appropriate legal basis to collect this data and for informing Respondents about how their data will be used. Buildorado processes this data solely on your behalf and according to your instructions.

2.3 Published Website Visitor Data

When visitors access websites you publish through Buildorado, we may automatically collect basic data on your behalf, including IP addresses, browser type, pages visited, and visit timestamps. This data is collected to provide you with website analytics and to maintain the security and performance of hosted websites.

Important: As the website publisher, you are the data controller for all visitor data collected through your published websites. You are responsible for providing appropriate privacy notices on your websites, obtaining any required consent from visitors, and complying with all applicable privacy and data protection laws (including GDPR, CCPA, and ePrivacy Directive). Buildorado processes visitor data solely on your behalf.

2.4 Automatically Collected Information

When you access our Services, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers, and hardware settings
• Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns
• Log Data: Access times, referring URLs, error logs, and diagnostic information
• Cookies and Similar Technologies: Information collected through cookies, pixel tags, and similar tracking technologies (see Section 12)

2.5 Information from Third Parties

We may receive information about you from third-party services you connect to your Buildorado account, including:

• Authentication providers (e.g., Google, when you sign in with Google)
• Payment processors (transaction confirmations and fraud prevention data)
• Integration partners (data you authorize to be shared through connected apps like Slack, Calendly, or Stripe)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

• Create and manage your account
• Process workflows, form submissions, and automate actions
• Execute integrations with third-party services you configure
• Process payments and prevent fraud
• Provide customer support and respond to inquiries
• Monitor, analyze, and improve our Services
• Develop new features and functionality

3.2 Communications

• Send transactional emails (account verification, password resets, payment receipts)
• Deliver workflow notifications and alerts you configure
• Provide technical notices, updates, and security alerts
• Send marketing communications (with your consent, where required)

3.3 Safety and Security

• Detect, prevent, and address fraud, abuse, and security issues
• Enforce our Terms of Service and other policies
• Comply with legal obligations

3.4 AI-Powered Features

Buildorado uses artificial intelligence (via third-party AI providers including OpenAI and Anthropic) to help you generate websites, forms, and workflows from natural language prompts. When you use AI features, your prompts are transmitted to these AI providers for processing. We do not use your form submission data, website visitor data, or personally identifiable information to train AI models.

We may use aggregated, de-identified usage patterns (such as which features are most used and general prompt categories) to improve our Services. "De-identified" means the data has been irreversibly stripped of all personal identifiers, account references, and content details such that it cannot reasonably be linked back to any individual user. This aggregated data is used only for internal product improvement and is never sold or shared with third parties.

3.5 Abuse Prevention and Content Monitoring

We reserve the right to scan, review, or analyze published websites, forms, and workflows to detect and prevent abuse, fraud, phishing, malware distribution, and other violations of our Terms of Service. This may include automated scanning of website content and manual review when abuse is reported or suspected. We do not guarantee that all abusive content will be detected or removed. We may share information with law enforcement or regulatory authorities when we identify illegal activity or when required by law.

4. Legal Basis for Processing (EEA, UK, and Swiss Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Services and fulfill our contractual obligations to you
• Legitimate Interests: Processing for our legitimate business interests, such as improving our Services, marketing, and fraud prevention, where these interests are not overridden by your rights
• Consent: Where you have given explicit consent for specific processing activities, such as marketing emails
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

5.1 Service Providers (Sub-Processors)

We share data with trusted third-party service providers ("sub-processors") who assist us in operating our Services. Our current sub-processors include:

• Amazon Web Services (AWS) — United States — Cloud hosting, database, storage, email delivery (SES)
• Cloudflare — United States — CDN, website hosting (R2), DNS, security
• Stripe — United States — Payment processing
• PayPal — United States — Payment processing
• OpenAI — United States — AI content generation
• Anthropic — United States — AI content generation
• Resend — United States — Transactional and marketing email delivery
• Google Analytics — United States — Website analytics

These providers are contractually obligated to use your data only for the purposes of providing services to us and must maintain appropriate security measures. We will update this list when we add or change sub-processors.

For GDPR-covered customers: We will notify you at least 30 days before authorizing any new sub-processor to process personal data. If you object to a new sub-processor, you may terminate your account before the new sub-processor begins processing your data.

5.2 Third-Party Integrations

When you connect third-party services to your Buildorado account (such as Slack, Google Calendar, Stripe, PayPal, or Calendly), data may be shared with those services as directed by your workflow configurations. Your use of these integrations is governed by those services' privacy policies.

5.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to:

• Comply with applicable laws or regulations
• Protect the rights, property, or safety of Buildorado, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

If Buildorado is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal data.

6. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specific retention periods include:

• Account Data: Retained while your account is active and for 90 days after account deletion
• Published Websites: Hosted while your account is active; taken offline and deleted within 30 days of account termination or unpublishing
• Website Visitor Data: Retained according to your subscription plan or until you delete it
• Form Submission Data: Retained according to your subscription plan (30 days for Free, 90 days for Basic, 3 years for Pro) or until you delete it
• AI Prompts and Generated Content: Retained while your account is active; deleted with account data upon termination
• Payment Records: Retained for 7 years to comply with tax and accounting requirements
• Usage Logs: Retained for up to 2 years for analytics and security purposes
• Abuse and Security Logs: Retained for up to 3 years for abuse prevention and legal compliance

When you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Strict role-based access controls and multi-factor authentication for our systems
• Infrastructure: Our Services are hosted on secure cloud infrastructure with regular security audits
• Monitoring: Continuous security monitoring and intrusion detection systems
• Incident Response: Documented procedures for responding to security incidents

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. Data Breach Notification

In the event of a confirmed security breach that affects your personal data, we will:

• Notify affected users by email without unreasonable delay, and in any event within 72 hours of confirming the breach (as required by GDPR Article 33 for EEA users)
• Notify relevant supervisory authorities as required by applicable law
• Provide details about the nature of the breach, the data affected, and the measures we are taking to address the breach and mitigate its effects
• Provide guidance on steps you can take to protect yourself

If you are a form creator or website publisher and the breach affects your Respondent or visitor data, we will notify you promptly so that you can fulfill your own notification obligations as data controller.

9. International Data Transfers

FAIND Inc. (d/b/a Buildorado) is incorporated in Delaware, United States, with operations in California. Our Services are hosted on servers located in the United States (AWS us-east-1 region and Cloudflare global CDN). If you are accessing our Services from outside the United States, your information may be transferred to, stored, and processed in jurisdictions with different data protection laws.

For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed to provide adequate protection, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Other lawful transfer mechanisms as appropriate

10. Your Rights and Choices

10.1 All Users

Regardless of your location, you can:

• Access and Update: Access and update your account information through your dashboard settings
• Delete Account: Request deletion of your account by contacting support
• Export Data: Export your workflow configurations and submission data
• Opt Out: Unsubscribe from marketing emails using the link in each email

10.2 EEA, UK, and Swiss Residents

Under GDPR, you have additional rights including:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

10.3 California Residents (CCPA)

California residents have the right to:

• Know what personal information we collect and how it is used
• Request deletion of personal information
• Opt out of the "sale" of personal information (we do not sell personal data)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or as required by applicable law).

11. Information for Form Respondents and Website Visitors

If you have submitted a response to a form or visited a website created using Buildorado and have questions about how your data is used, please contact the organization or individual who created the form or website. They are the data controller for your data and determine how it is used.

Buildorado processes submission data and website visitor data on behalf of our customers and treats it as confidential. We will not use your data for our own purposes except to provide the Services to our customers and to prevent abuse.

If you believe a form or website is being used inappropriately, for phishing, to collect data illegally, or for any other abusive purpose, please report it immediately at [email protected] or [email protected]. We investigate all abuse reports and take action promptly, including taking down offending content and cooperating with law enforcement when appropriate.

12. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality like authentication and security
• Analytics Cookies: Help us understand how visitors interact with our Services
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

We use Google Analytics to analyze usage patterns. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

13. Children's Privacy

Our Services are not directed to children under 18 years of age. We do not knowingly collect personal information from children under 13 (the age threshold under the Children's Online Privacy Protection Act, or COPPA) or under 16 (the age threshold under GDPR for EEA residents).

Users of our Services must not create forms, websites, or workflows that knowingly target or collect personal information from children under 13 without verifiable parental consent as required by COPPA.

If we learn that we have collected personal information from a child under 13 (or under 16 for EEA residents) without appropriate consent, we will take steps to delete that information promptly. If you become aware that a child has provided personal information through our platform, please contact us at [email protected].

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also send you an email notification. We encourage you to review this policy periodically.

15. Data Processing Agreement (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, and you use our Services to collect or process personal data from your form respondents or website visitors, Buildorado acts as a data processor on your behalf within the meaning of GDPR Article 28.

By using our Services, you enter into our Data Processing Agreement (DPA), which governs how we process personal data on your behalf and includes:

• The subject matter, duration, nature, and purpose of the processing
• The types of personal data processed and categories of data subjects
• Your obligations and rights as the data controller
• Our obligations as the data processor, including confidentiality, security measures, and sub-processor management
• Audit rights: you may request evidence of our compliance with data protection obligations
• Data return and deletion obligations upon termination
• Standard Contractual Clauses (SCCs) for international data transfers where applicable

To request a signed copy of our DPA or to exercise your audit rights, contact us at [email protected].

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: