Privacy Policy

Who we are and scope

Bildstak is headquartered in Toronto, Ontario, Canada, and offers our construction-intelligence platform to business customers through cloud (SaaS) and self-hosted deployment options.

This Policy applies to personal information we handle as a business — for example, information about prospects, website visitors, and the authorized users of our customers. Where we process project data on behalf of a business customer, we generally act as a processor under our customer's instructions, and our Data Processing Addendum governs that activity.

Information we collect

We collect the categories of information described below, depending on how you interact with us.

• Account and contact data: names, business email addresses, job titles, company names, and credentials used to register and administer access.
• Customer project data: the BIM/IFC models, contracts, schedules, cost data, RFIs, specifications, and documents that customers connect or upload to the platform, which may include personal information about a customer's own personnel, contractors, or counterparties.
• Usage and log data: IP address, device and browser information, pages viewed, feature interactions, timestamps, and diagnostic events used to operate and secure the service.
• Cookies and similar technologies: identifiers and preferences stored on the marketing site, including a language preference retained in your browser's local storage.
• Communications: messages, support requests, and feedback you send to us.

How we use information

We use personal information to provide, maintain, and improve the platform; to authenticate users and administer accounts; to deliver support and respond to inquiries; to send service and administrative communications; to monitor performance, security, and abuse; to develop new features; and to meet legal, tax, and regulatory obligations.

Customer project data is processed to deliver the contracted functionality — unifying connected sources into a queryable live model and answering questions about a project. We do not sell personal information, and we do not use customer project data to train shared or third-party models for our other customers.

Legal bases for processing

Where the EU/EEA General Data Protection Regulation (GDPR) applies, we rely on the following legal bases: performance of a contract (to provide the service and account administration); our legitimate interests (to secure, maintain, and improve the platform, and to communicate about our business); consent (for certain cookies and optional communications, where required); and compliance with legal obligations.

In Canada, we handle personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, relying on consent and other permitted bases as recognized under those laws.

Sharing and subprocessors

We share personal information with service providers (subprocessors) who help us operate the platform — for example, cloud hosting, email delivery, error monitoring, analytics, and payment processing. These providers are bound by contract to use personal information only to provide services to us and to protect it appropriately.

We may also disclose information to comply with law, enforce our agreements, protect rights and safety, or in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards. A list of our subprocessors is available to customers on request.

International data transfers

We are based in Canada and may process and store information in Canada, the United States, and the European Union depending on the deployment and the subprocessors involved.

Where personal information is transferred out of the EU/EEA, we rely on appropriate transfer mechanisms such as the European Commission's Standard Contractual Clauses, together with supplementary measures where needed. Self-hosted deployments allow customers to keep project data within an environment and region of their choosing.

Data retention

We retain personal information for as long as needed to provide the service, maintain our business records, and meet legal obligations. Customer project data is retained for the duration of the customer's subscription and is deleted or returned after termination in accordance with the applicable agreement and our Data Processing Addendum.

Account and marketing data are retained while a relationship is active and for a reasonable period afterward, after which they are deleted or anonymized.

Security

We maintain administrative, technical, and organizational measures designed to protect personal information, including encryption of data in transit and at rest, role-based access controls, least-privilege principles, network segmentation, logging and monitoring, and regular review of our practices.

No method of transmission or storage is completely secure, but we work to protect information consistent with the sensitivity of the data and applicable law.

Your rights

Subject to applicable law, you may have the right to access, correct, update, or delete your personal information, to request a portable copy, to object to or restrict certain processing, and to withdraw consent where processing is based on consent.

Where we handle personal information on behalf of a customer as a processor, we will refer your request to that customer (the controller) and support them in responding. To exercise your rights or raise a concern, contact [email protected]. You also have the right to complain to your local data protection authority or, in Canada, to the Office of the Privacy Commissioner.

Children's information

Bildstak is a business-to-business platform intended for use by organizations and their authorized personnel. It is not directed to children, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact [email protected] so we can take appropriate action.

Changes and contact

We may update this Policy from time to time. When we make material changes, we will revise the "Last updated" date and, where appropriate, provide additional notice.

Questions about this Policy or our privacy practices can be sent to [email protected], or to [email protected] for legal matters.