← Back

Privacy Policy

BuildAura

Last updated: March 2025

BuildAura (“we”, “us”, “our”) operates the BuildAura platform and related services (the “Service”). This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our Service. Please read it carefully.

1. Data controller

The data controller responsible for your personal data in connection with the Service is the entity operating BuildAura (e.g. the company or individual that owns and runs the BuildAura application and infrastructure). If you have questions about this policy or your data, you may contact us using the details provided in the “Contact” section below.

2. Personal data we collect

We collect and process the following categories of personal data.

2.1 Account and profile data

Email address — used for account creation, login, and communications.
Name and last name — used to identify you within the Service and in any communications.
Username (optional for some account types) — if you choose to set one, used for identification and login.
Company name — for supplier accounts, used to represent your business and to create or link to your company profile.
Password — stored in hashed form only; we do not store or have access to your plain-text password.

2.2 Company and business data

If you use the Service as a supplier, we store data related to your company profile, including:

Company name, description, and associated metadata (e.g. ratings, tags).
Images and media you upload for your company (e.g. logos, gallery images), which may be stored and served via our content delivery network (CDN) or other storage providers.

2.3 Product and listing data

When you create or manage product listings, we collect and store:

Product title, description, category, and price.
Product images and other media you upload, which may be stored and served via our CDN or other storage providers.

2.4 Usage and technical data

When you access the Service, we may automatically collect:

IP address and general location information.
Browser type, device type, and operating system.
Pages visited, actions taken, and timestamps (e.g. for security, analytics, or improving the Service).
Session and authentication-related data (e.g. tokens used for secure access).

2.5 Cookies and similar technologies

We may use cookies, local storage, or similar technologies to maintain your session, remember preferences, and support security and functionality. You can control cookies through your browser settings; disabling certain cookies may affect how the Service works.

2.6 Error and performance monitoring

In production, we may use third-party error and performance monitoring services (e.g. Sentry). These services may receive limited technical data (such as error messages, device/browser information, and URLs) to help us fix issues and improve the Service. We configure such tools to minimise the inclusion of personally identifiable information where possible.

3. Legal basis for processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following bases:

Contract — to provide the Service, manage your account, and fulfil our terms of service.
Legitimate interests — to operate, secure, and improve the Service, prevent fraud, and communicate with you about the Service.
Legal obligation — where we must retain or disclose data to comply with applicable law.
Consent — where we have asked for your consent for a specific use (e.g. optional marketing). You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

4. How we use your data

We use the data we collect to:

Create and manage your account and authenticate you.
Provide, maintain, and improve the Service (including company and product listings, search, and communications between users where applicable).
Store and serve your uploaded content (e.g. company and product images) via our infrastructure and CDN or storage partners.
Send you service-related messages (e.g. account or security notices).
Comply with legal obligations and enforce our terms.
Detect, prevent, and address fraud, abuse, and security issues.
Analyse usage to improve the Service (where we do so, we aim to use aggregated or anonymised data where possible).

5. Data retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account and profile data are generally retained while your account is active and for a reasonable period after deletion to allow for recovery and legal compliance. Usage and technical data may be retained for a shorter period. You may request deletion of your data as described in the “Your rights” section.

6. Sharing and disclosure

We do not sell your personal data. We may share your data in the following circumstances:

Service providers — with vendors that help us operate the Service (e.g. hosting, database, CDN, email, and error-monitoring providers). These providers are contractually required to use your data only to provide services to us and to protect it appropriately.
Other users — information you choose to make public (e.g. company name, product listings, profile information) may be visible to other users of the Service as intended by the product.
Legal and safety — where required by law, court order, or government request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers — in connection with a merger, sale, or other transfer of assets, your data may be transferred as part of that transaction, subject to the same privacy commitments.

7. International transfers

Your data may be processed in countries other than your country of residence, including countries that may not provide the same level of data protection. Where we transfer data from the EEA or UK to a country not recognised as providing adequate protection, we implement appropriate safeguards (such as standard contractual clauses or other mechanisms approved by relevant authorities) to protect your data.

8. Security

We implement technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include secure transmission (e.g. HTTPS), access controls, and secure storage. Passwords are hashed and not stored in plain text. Despite our efforts, no method of transmission or storage over the internet is completely secure; we encourage you to use a strong password and to keep your login details confidential.

9. Your rights

Depending on your location, you may have the following rights in relation to your personal data:

Access — to obtain confirmation of whether we process your data and a copy of that data.
Rectification — to have inaccurate or incomplete data corrected.
Erasure — to have your data deleted in certain circumstances (e.g. where it is no longer necessary or you withdraw consent where consent was the basis).
Restriction — to restrict processing in certain situations (e.g. while accuracy is contested).
Data portability — to receive your data in a structured, commonly used format and to transmit it to another controller where technically feasible and the processing is based on contract or consent.
Objection — to object to processing based on legitimate interests, including profiling where applicable.
Withdraw consent — where processing is based on consent, to withdraw that consent at any time.
Complaint — to lodge a complaint with a supervisory authority in your country (e.g. in the EEA, your local data protection authority).

To exercise these rights, please contact us using the details in the “Contact” section. We will respond within the time required by applicable law. You may also have the ability to update or delete certain data through your account settings.

10. Children

The Service is not directed at individuals under the age of 16 (or higher where local law requires). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

11. Third-party links and services

The Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We are not responsible for their privacy practices; we encourage you to read their privacy policies before providing any data.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and, where required by law or where changes are material, we will notify you (e.g. by email or a notice in the Service) and, where necessary, obtain your consent. The “Last updated” date at the top indicates when the policy was last revised. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy, except where further consent or other steps are required by law.

13. Contact

If you have questions about this Privacy Policy, wish to exercise your rights, or have a complaint, please contact us:

By email at the contact address published for BuildAura (e.g. [email protected] or the general contact address), or
Through the contact or support mechanism provided in the BuildAura application or website.

We will respond to your request in accordance with applicable data protection laws.