Privacy Policy

Information We Collect

When you create a BuildFlow account, we collect your name, email address, and authentication credentials. For Google OAuth sign-ins, we receive your public profile information as authorized by you.

As you use our platform, we collect workflow data, BIM model metadata, and execution logs to provide and improve our services. We process IFC file headers and structural data — your actual building models are never stored permanently on our servers.

We automatically collect usage analytics including page views, feature interactions, and performance metrics to optimize the platform experience for AEC professionals.

How We Use Your Data

Your workflow configurations and execution results are used solely to deliver the BuildFlow service. We leverage aggregated, anonymized usage patterns to improve our AI-powered node recommendations and workflow templates.

BIM data processed through our pipeline (IFC parsing, floor plan analysis, 3D generation) is handled in-memory and transmitted via encrypted channels. Processed artifacts are stored in your account and can be deleted at any time.

We never sell your data to third parties. We may share anonymized, aggregate statistics about AEC workflow patterns to contribute to industry research.

Data Security

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 Type II compliance.

Authentication credentials are hashed using bcrypt with 12 rounds of salting. Session tokens are cryptographically signed and rotated regularly. We enforce Content Security Policy (CSP) headers and sanitize all user inputs.

Access to production systems is restricted to authorized personnel with multi-factor authentication. We conduct regular security audits and penetration testing to maintain the highest standards of data protection.

Cookies & Tracking

We use essential cookies for authentication session management and user preferences (such as language selection). These are strictly necessary for the platform to function.

Analytics cookies help us understand how AEC professionals interact with our workflow builder. You can opt out of non-essential tracking through your account settings without affecting core functionality.

We do not use third-party advertising cookies or cross-site tracking pixels. Your browsing activity within BuildFlow stays within BuildFlow.

Your Rights & Controls

You have the right to access, export, correct, or delete your personal data at any time. Use the Settings panel in your dashboard to manage your data, or contact us directly for assistance.

You can request a complete export of your workflows, execution history, and artifacts in standard formats (JSON, CSV). Account deletion is permanent and irreversible — all associated data is purged within 30 days.

For users in the European Economic Area, we comply with GDPR requirements including data portability, the right to be forgotten, and lawful basis for processing.

International Data Transfers

BuildFlow operates globally to serve AEC teams worldwide. Your data may be processed in data centers located in the United States and European Union, with appropriate safeguards in place.

We rely on Standard Contractual Clauses (SCCs) and adequacy decisions for international data transfers, ensuring your data receives equivalent protection regardless of where it is processed.

Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable regulations. Material changes will be communicated via email and an in-app notification at least 30 days before taking effect.

Your continued use of BuildFlow after changes become effective constitutes acceptance of the revised policy. We encourage you to review this page periodically.

Last updated: March 2026. For questions about this policy, contact us at privacy@buildflow.app.