Privacy Policy

1. Introduction

Buildorado ("we," "our," or "us") operates a visual workflow builder platform that enables users to create forms, process payments, and automate business processes. We are committed to protecting your privacy and being transparent about how we collect, use, and safeguard your information.

This Privacy Policy applies to our website at buildorado.io, our applications, and all related services (collectively, the "Services"). By using our Services, you agree to the collection and use of information in accordance with this policy.

If you are a European resident, Buildorado acts as a "data controller" for personal data we collect about you as a customer. For form submission data collected through workflows you create, you are the data controller and Buildorado acts as a "data processor" on your behalf.

2. Information We Collect

2.1 Information You Provide

When you register for an account, create workflows, or interact with our Services, you may provide:

• Account Information: Name, email address, password, organization name, and profile details
• Payment Information: Billing address and payment details (credit card information is processed securely by our payment processors, Stripe and PayPal, and is not stored on our servers)
• Workflow Data: Forms, conditional logic, integrations, and automation rules you create
• Communications: Messages you send to our support team, feedback, and survey responses

2.2 Form Submission Data (Respondent Data)

When individuals submit responses to forms you create using Buildorado ("Respondents"), we collect and store that submission data on your behalf. This may include any information the Respondent provides, such as names, email addresses, phone numbers, uploaded files, payment information, and any other data fields in your forms.

Important: You, as the form creator, are the data controller for Respondent data. You are responsible for ensuring you have appropriate legal basis to collect this data and for informing Respondents about how their data will be used. Buildorado processes this data solely on your behalf and according to your instructions.

2.3 Automatically Collected Information

When you access our Services, we automatically collect:

• Device Information: IP address, browser type, operating system, device identifiers, and hardware settings
• Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns
• Log Data: Access times, referring URLs, error logs, and diagnostic information
• Cookies and Similar Technologies: Information collected through cookies, pixel tags, and similar tracking technologies (see Section 11)

2.4 Information from Third Parties

We may receive information about you from third-party services you connect to your Buildorado account, including:

• Authentication providers (e.g., Google, when you sign in with Google)
• Payment processors (transaction confirmations and fraud prevention data)
• Integration partners (data you authorize to be shared through connected apps like Slack, Calendly, or Stripe)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

• Create and manage your account
• Process workflows, form submissions, and automate actions
• Execute integrations with third-party services you configure
• Process payments and prevent fraud
• Provide customer support and respond to inquiries
• Monitor, analyze, and improve our Services
• Develop new features and functionality

3.2 Communications

• Send transactional emails (account verification, password resets, payment receipts)
• Deliver workflow notifications and alerts you configure
• Provide technical notices, updates, and security alerts
• Send marketing communications (with your consent, where required)

3.3 Safety and Security

• Detect, prevent, and address fraud, abuse, and security issues
• Enforce our Terms of Service and other policies
• Comply with legal obligations

3.4 AI-Powered Features

Buildorado uses artificial intelligence to help you generate forms and workflows from natural language prompts. When you use AI features, your prompts and generated content are processed to provide the service. We do not use your form submission data to train AI models without your explicit consent.

4. Legal Basis for Processing (EEA, UK, and Swiss Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our Services and fulfill our contractual obligations to you
• Legitimate Interests: Processing for our legitimate business interests, such as improving our Services, marketing, and fraud prevention, where these interests are not overridden by your rights
• Consent: Where you have given explicit consent for specific processing activities, such as marketing emails
• Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. How We Share Your Information

We do not sell your personal data. We may share your information in the following circumstances:

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Services, including:

• Cloud hosting providers (Amazon Web Services)
• Payment processors (Stripe, PayPal)
• Email delivery services
• Analytics providers
• Customer support tools

These providers are contractually obligated to use your data only for the purposes of providing services to us and must maintain appropriate security measures.

5.2 Third-Party Integrations

When you connect third-party services to your Buildorado account (such as Slack, Google Calendar, Stripe, PayPal, or Calendly), data may be shared with those services as directed by your workflow configurations. Your use of these integrations is governed by those services' privacy policies.

5.3 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to:

• Comply with applicable laws or regulations
• Protect the rights, property, or safety of Buildorado, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

5.4 Business Transfers

If Buildorado is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal data.

6. Data Retention

We retain your information for as long as necessary to provide our Services and fulfill the purposes described in this policy. Specific retention periods include:

• Account Data: Retained while your account is active and for 90 days after account deletion
• Form Submission Data: Retained according to your subscription plan (30 days for Free, 90 days for Basic, 3 years for Pro) or until you delete it
• Payment Records: Retained for 7 years to comply with tax and accounting requirements
• Usage Logs: Retained for up to 2 years for analytics and security purposes

When you delete your account, we will delete or anonymize your personal data within 90 days, except where we are required to retain it for legal, tax, or regulatory purposes.

7. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
• Access Controls: Strict role-based access controls and multi-factor authentication for our systems
• Infrastructure: Our Services are hosted on secure cloud infrastructure with regular security audits
• Monitoring: Continuous security monitoring and intrusion detection systems
• Incident Response: Documented procedures for responding to security incidents

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

8. International Data Transfers

Buildorado is based in Canada, and our Services are hosted on servers located in the United States. If you are accessing our Services from outside these countries, your information may be transferred to, stored, and processed in jurisdictions with different data protection laws.

For transfers of personal data from the EEA, UK, or Switzerland to countries not deemed to provide adequate protection, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Other lawful transfer mechanisms as appropriate

9. Your Rights and Choices

9.1 All Users

Regardless of your location, you can:

• Access and Update: Access and update your account information through your dashboard settings
• Delete Account: Request deletion of your account by contacting support
• Export Data: Export your workflow configurations and submission data
• Opt Out: Unsubscribe from marketing emails using the link in each email

9.2 EEA, UK, and Swiss Residents

Under GDPR, you have additional rights including:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

9.3 California Residents (CCPA)

California residents have the right to:

• Know what personal information we collect and how it is used
• Request deletion of personal information
• Opt out of the "sale" of personal information (we do not sell personal data)
• Non-discrimination for exercising your privacy rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days (or as required by applicable law).

10. Information for Form Respondents

If you have submitted a response to a form created using Buildorado and have questions about how your data is used, please contact the organization or individual who created the form. They are the data controller for your submission data and determine how it is used.

Buildorado processes submission data on behalf of our customers and treats it as confidential. We will not use your submission data for our own purposes except to provide the Services to our customers.

If you believe a form is being used inappropriately or to collect data illegally, please contact us at [email protected].

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core functionality like authentication and security
• Analytics Cookies: Help us understand how visitors interact with our Services
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our Services.

We use Google Analytics to analyze usage patterns. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

12. Children's Privacy

Our Services are not directed to children under 16 years of age. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal information, please contact us at [email protected], and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. For significant changes, we will also send you an email notification. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: