This Privacy Policy explains how BUILDMETRICS SRL (“Buildmetrics”, “we”, “us”) collects, uses, shares and protects personal data when you use the Buildmetrics platform, mobile/web application and this website (together, the “Service”). We have tried to keep it clear and practical.
We process personal data in accordance with the EU General Data Protection Regulation (GDPR), and, for users in the Republic of Moldova and the Republic of Türkiye, with applicable local data-protection law.
In short: we do not sell your personal data, and we do not use it to train our own AI models without your consent.
1. Who we are (Data Controller)
- Company: BUILDMETRICS SRL
- Registration: CUI 51592519 · Trade Register No. J2025025214007 · EUID ROONRC.J2025025214007
- Registered office: Str. Domnească 13, Bl. L, Sc. 3, Et. 1, Ap. 42, 800015 Galați, Romania (EU)
- Contact for privacy matters: info@buildmetrics.eu
We have not appointed a Data Protection Officer; data-protection matters are handled via the contact above.
2. Scope
This policy covers personal data processed when you register for and use the Service as a participant in a construction project — for example as a general contractor, administrator, executor, inspector or customer — and when you visit this website.
3. What data we collect
Account and registration data: your name, e-mail address, phone number, password (stored hashed), company name and the role assigned to you in a project.
Project and task content you create or upload: projects, tasks, descriptions, comments, checklists, statuses, and photos and videos you attach to tasks, and documents you upload. Photos, videos and free-text fields you provide may contain personal data (including images of people on site); you are responsible for the content you upload (see our Terms). Where you use the Service as a business customer, you act as the data controller for any personal data contained in the content you upload (including images of identifiable people on site) and Buildmetrics acts as a processor on your behalf under our Data Processing Agreement; you are responsible for having a valid legal basis and for informing the individuals concerned.
Communications: messages you send us, and demo or contact requests submitted through this website (name, company, phone, e-mail).
Technical and usage data: IP address, device and browser type, and server logs needed to operate and secure the Service.
4. Why we process your data and our legal basis
| Purpose | Categories of data | Legal basis (GDPR Art. 6) |
|---|---|---|
| Provide the Service, manage your account and project workflow | Account & registration data; project and task content | Performance of a contract |
| Generate task descriptions and checklists via AI assistance | Task content (category, type, description) | Performance of a contract / legitimate interest |
| Secure the Service, prevent abuse, keep logs | Technical and usage data | Legitimate interest |
| Respond to demo/contact requests | Contact-request data (name, company, phone, e-mail) | Legitimate interest / your consent |
| Comply with legal obligations | Relevant data as required by law | Legal obligation |
Where we rely on consent, you may withdraw it at any time without affecting prior processing.
5. AI features
Buildmetrics uses AI to help turn a short task description into a clear, professional description and to generate execution and acceptance checklists. For this, the task content (such as the work category, work type and description) is sent to third-party AI providers (currently OpenAI, Anthropic and Google) to return the result.
Buildmetrics strives to minimize the volume of information sent to third-party AI services. Because task descriptions are free-text fields, we recommend that you do not include in them personal data or other information not directly related to the work to be performed.
We do not use your content to train our own AI models without your consent. These features are assistive only: outputs are drafts that you review and edit. Buildmetrics’ AI features are assistive tools, and we monitor developments in AI regulation (including the EU AI Act) and adapt the Service accordingly.
6. Automated decision-making
Buildmetrics does not use automated decision-making — including profiling — that produces legal effects concerning you or similarly significantly affects you (Article 22 GDPR). AI outputs are suggestions that people review and decide upon.
7. Who we share data with (processors)
We do not sell personal data. We share it only with service providers (“processors”) acting on our instructions. We enter into a contract with each processor in accordance with Article 28 GDPR, requiring them to apply the same data-protection standards, and — where they are outside the EU — Standard Contractual Clauses (SCCs):
| Processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Hosting of the application and database | EU (Germany / Finland) |
| OpenAI, Anthropic, Google | AI generation of descriptions and checklists | United States |
| Cloudflare | Website delivery (CDN) and cookieless analytics | EU edge / global |
| E-mail / SMTP provider | Sending notifications and demo requests | EU |
If we change our processors, we will update this policy; for significant changes we will give notice and, where the law gives you a right to object, you may do so. We may also disclose data where required by law or to protect our rights. Where we act as a processor on behalf of a business customer, our Data Processing Agreement applies.
8. International data transfers
Your project data is stored on servers located in the European Union (Hetzner, Germany/Finland). Some processors are located in the United States — limited to the AI providers in Section 5, which receive only the task content needed to produce the result, as described in Section 5. Such transfers are made under the European Commission’s Standard Contractual Clauses (SCCs) and, where applicable, additional safeguards (such as technical and organisational measures); where a provider is certified under the EU–US Data Privacy Framework, that mechanism may also apply, or, where applicable, your explicit consent. The current list and details are available on request. For users in Türkiye, cross-border transfers are handled in line with KVKK requirements (see Section 14).
9. How long we keep data
We keep personal data only as long as necessary for the purposes above. As a general guide:
| Data category | Retention |
|---|---|
| Account and registration data | While your account is active; after closure, up to 3 years for legal and accounting purposes |
| Project and task content (incl. photos/videos) | While the project is active and for the period agreed with the customer; then deleted or anonymized |
| Demo / contact requests | Up to 24 months |
| Server logs and technical data | Up to 12 months |
Where the law requires a longer retention period, we comply with it. During the pilot program, we make reasonable efforts to preserve data and will notify users in advance of any planned bulk deletion (for example, at the end of the pilot). You can also request deletion of your data at any time.
10. Your rights
Subject to applicable law, you have the right to: access your data; rectify inaccurate data; erase data; restrict or object to processing; data portability; and to withdraw consent. To exercise any right, contact info@buildmetrics.eu.
We respond within one month, which may be extended by up to two further months for complex or numerous requests (we will tell you if so). Data exports are provided in a commonly used, machine-readable electronic format. We do not charge a fee for handling requests, except where they are manifestly unfounded or excessive.
You also have the right to lodge a complaint with a supervisory authority:
- EU / Romania: the National Supervisory Authority for Personal Data Processing (ANSPDCP), dataprotection.ro
- Moldova: the National Center for Personal Data Protection (CNPDCP), datepersonale.md
- Türkiye: the Personal Data Protection Authority (KVKK), kvkk.gov.tr
11. Data breaches
If a personal-data breach occurs, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, where required by law. If the breach is likely to result in a high risk to your rights and freedoms, we will also inform affected users without undue delay.
12. How we protect your data
We apply technical and organizational measures appropriate to the risk, including: role-based access control; encryption in transit (HTTPS/TLS); a full activity audit trail; regular backups; and hosting within the European Union. No method of transmission or storage is completely secure, but we work to protect your data.
13. Cookies and analytics
This website uses cookieless analytics (Cloudflare Web Analytics) and does not set tracking cookies, so no cookie-consent banner is required. The application may use strictly necessary cookies or tokens to keep you signed in.
14. Country-specific notices
Moldova. Personal data of users in the Republic of Moldova is processed in accordance with Law No. 133/2011 on the protection of personal data, under the supervision of the CNPDCP.
Türkiye. For users in the Republic of Türkiye, processing is carried out in accordance with Law No. 6698 on the Protection of Personal Data (KVKK). The information in this policy also serves as our clarification notice (aydınlatma metni) under Article 10. Where KVKK requires explicit consent (açık rıza) — including for certain cross-border transfers — it is requested separately at the point of collection.
15. Children
The Service is intended for business use by professionals aged 18 or over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with personal data, contact us and we will delete it. If we become aware that we have processed the data of a person under 18 without parental consent, we will delete it.
16. Changes to this policy
We may update this policy; the “Last updated” date at the top reflects the latest version. For material changes we will provide notice — for example by e-mail to the address associated with your account — at least 30 days before they take effect, where practicable.
17. Contact
Questions about this policy or your data: info@buildmetrics.eu, BUILDMETRICS SRL, Str. Domnească 13, 800015 Galați, Romania.