Back to Home

Privacy Policy

Last updated: January 20, 2026

Data Controller:

Ahmad Mukhtar Sabri

Operating under the brand name Builddesk

Daubhausstraße 29

55283 Nierstein

Germany

E-Mail: info@builddesk.io

Privacy Inquiries: privacy@builddesk.io

1. Introduction

Builddesk ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our construction project management SaaS platform.

This policy applies to information collected through our website (builddesk.io) and our web application (app.builddesk.io).

Important note on roles under GDPR (B2B SaaS):

  • Builddesk acts as the Data Controller for data related to our website, sales, billing, account administration, and service communications.
  • Builddesk acts as a Data Processor for customer project data uploaded to the platform by business customers (e.g., project documents, photos, tasks, comments). In those cases, the business customer is typically the Data Controller and Builddesk processes such data only under the customer's instructions.

Processing as a processor is governed by our Data Processing Agreement (DPA / AVV).

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide when using our services:

  • Account Information: Name, email address, phone number, company name
  • Billing Information: Payment details are processed by third-party payment providers (we do not store credit card numbers or CVV codes)
  • Profile Information: Job title, role within your organization
  • Authentication Data: Account credentials (passwords are encrypted)

2.2 Usage Data

We automatically collect certain information when you use our platform:

  • Project Data: Projects, tasks, milestones, files, photos, and documents you upload
  • Communication Data: Messages, comments, and updates within the platform
  • Log Data: IP address, browser type, device information, access times, pages viewed
  • Analytics Data: Usage patterns, feature utilization, performance metrics

2.3 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For more details, please see our Cookie Policy.

Cookie consent:

  • Essential cookies (required for login, security, and core functionality) may be set without consent where legally permitted.
  • Non-essential cookies (e.g., optional analytics) are used only if you provide consent via our cookie consent mechanism. You may change your cookie preferences at any time.

3. How We Use Your Information

We process your personal data for the following purposes and legal bases:

3.1 Contract Performance (Legal Basis: Art. 6(1)(b) GDPR)

  • Providing and maintaining our SaaS platform
  • Processing your subscription and managing billing
  • Authenticating users and securing accounts
  • Delivering customer support
  • Storing and managing your project data

3.2 Legitimate Interest (Legal Basis: Art. 6(1)(f) GDPR)

  • Improving our platform features and user experience
  • Detecting and preventing fraud and security threats
  • Analyzing usage patterns to optimize performance
  • Sending important service announcements and updates

3.3 Consent (Legal Basis: Art. 6(1)(a) GDPR)

  • Marketing communications (you can opt out at any time)
  • Optional analytics and tracking beyond essential cookies
  • Testimonials and case studies (only with explicit permission)

3.4 Legal Obligation (Legal Basis: Art. 6(1)(c) GDPR)

  • Complying with tax and accounting requirements
  • Responding to lawful requests from authorities
  • Maintaining records as required by law

Service communications vs marketing: We may send you transactional and service-related messages (e.g., account verification, password resets, invoice notices, security alerts) even without marketing consent where necessary to provide the service. Marketing messages (if any) will be sent only based on consent (Art. 6(1)(a) GDPR) or as otherwise permitted by applicable law, and you can opt out at any time.

4. Data Sharing and Disclosure

We share your personal information only in the following circumstances:

4.1 Service Providers (Processors)

We engage trusted third-party service providers to support our operations:

  • Cloud Hosting: Cloudflare Pages and Workers (infrastructure and edge computing)
  • Payment Processing: Stripe (payment processing and subscription management)
  • Email Services: Resend (transactional emails and notifications)
  • Analytics: Cloudflare Analytics (privacy-friendly usage analytics)

All processors are contractually bound to process data only according to our instructions and comply with GDPR requirements. Where applicable, we have Data Processing Agreements (DPAs) in place.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Investigate potential violations of our Terms of Service
  • Respond to claims that content violates third-party rights

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change via email or prominent notice on our website.

5. International Data Transfers

Builddesk is operated from Germany. Your data is primarily stored within the European Union on Cloudflare's infrastructure.

Some of our service providers (e.g., Stripe) may process data outside the EU. When data is transferred internationally, we ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms under GDPR

6. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Active Accounts: Data is retained while your subscription is active
  • Cancelled Accounts: Account data is deleted 30 days after cancellation (unless you request earlier deletion)
  • Billing Records: Financial records are retained for 10 years to comply with German tax law
  • Logs and Analytics: Aggregated, anonymized data may be retained indefinitely for statistical purposes

Backups: Upon deletion, data is removed from active systems. Backups are routinely overwritten and may persist for up to 90 days.

7. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

7.1 Right of Access (Art. 15 GDPR)

You can request a copy of the personal data we hold about you.

7.2 Right to Rectification (Art. 16 GDPR)

You can request correction of inaccurate or incomplete data.

7.3 Right to Erasure (Art. 17 GDPR)

You can request deletion of your personal data ("right to be forgotten").

7.4 Right to Restriction (Art. 18 GDPR)

You can request that we limit how we process your data.

7.5 Right to Data Portability (Art. 20 GDPR)

You can request your data in a structured, machine-readable format.

7.6 Right to Object (Art. 21 GDPR)

You can object to processing based on legitimate interests or for direct marketing.

7.7 Right to Withdraw Consent (Art. 7(3) GDPR)

Where processing is based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights, please contact us at privacy@builddesk.io. We will respond within 30 days of receiving your request.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Supervisory authority (Germany):

You may also lodge a complaint with the competent supervisory authority in Germany, in particular:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz (LfDI RLP)
https://www.datenschutz.rlp.de

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: Data in transit is protected using TLS/SSL encryption
  • Access Controls: Role-based permissions and multi-factor authentication (where supported)
  • Monitoring: Continuous security monitoring and audit logs
  • Infrastructure: Hosted on Cloudflare's secure infrastructure
  • Regular Audits: Periodic security assessments and updates

For more details, please see our Security & Compliance page.

9. Children's Privacy

Our platform is not intended for children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete it.

10. Third-Party Links

Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

11. Automated Decision-Making

Builddesk does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you within the meaning of Art. 22 GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

  • Email notification to registered users
  • Prominent notice on our website
  • In-app notifications

The "Last updated" date at the top of this policy indicates when it was last revised. Continued use of our platform after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Inquiries:
E-Mail: privacy@builddesk.io

General Support: support@builddesk.io

Postal Address:
Ahmad Mukhtar Sabri (Builddesk)
Daubhausstraße 29
55283 Nierstein
Germany

Summary:

We respect your privacy. We collect only necessary data to provide our service, process it transparently under GDPR, use trusted processors, and give you full control over your data. Your project data belongs to you, and you can export or delete it at any time.