Privacy Policy

BuildAHouse is operated by Jure Mali s.p. (RadicalAI), a sole proprietorship registered in Slovenia, EU (VAT: SI67756553). This Privacy Policy explains how we collect, use, and protect personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Slovenian law.

Data controller contact: info@buildahouse.app

Account data: name, email address, hashed password, role, registration date.

Project data: project names, budgets, documents, timeline events, payment requests, and settlements that you or your team upload.

Billing data: subscription plan and payment status. Credit card details are processed directly by Stripe — we never store card numbers.

Usage data: server logs may include IP addresses, browser type, and accessed URLs for security and debugging purposes.

Communications: if you contact us by email, we retain the correspondence.

• To provide and maintain the Service (legal basis: performance of contract).
• To send transactional emails (verification, invitations, billing notifications) (legal basis: contract / legitimate interest).
• To process payments via Stripe (legal basis: contract).
• To comply with legal obligations (legal basis: legal obligation).
• To improve the Service through anonymised analytics (legal basis: legitimate interest).

We do not sell your data. We do not use your project content for advertising or AI training.

We share data only with trusted sub-processors required to operate the Service:

• Railway (hosting, EU region) — application and database hosting.
• Vercel (frontend hosting, EU-optimised CDN).
• Supabase (file storage).
• Stripe (payment processing).
• Resend (transactional email delivery).

All sub-processors are contractually bound to protect your data and comply with GDPR.

We retain your account and project data for as long as your account is active. When you delete your account, your personal data is permanently deleted within 30 days, except where we are legally required to retain it longer.

As a data subject you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — correct inaccurate data.
• Erasure — request deletion of your data ("right to be forgotten").
• Portability — receive your data in a machine-readable format.
• Restriction — limit how we process your data in certain circumstances.
• Objection — object to processing based on legitimate interests.

To exercise any right, email info@buildahouse.app. We will respond within 30 days. You also have the right to lodge a complaint with the Slovenian Information Commissioner (ip-rs.si).

BuildAHouse uses only strictly necessary cookies (authentication token stored in localStorage, no tracking cookies). We do not use analytics cookies or advertising cookies. No consent banner is required for strictly necessary cookies under GDPR.

We implement industry-standard security measures: HTTPS everywhere, bcrypt password hashing, JWT authentication, and role-based access control. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

The Service is not directed to persons under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify registered users by email of material changes at least 14 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

Data controller: Jure Mali s.p. (RadicalAI)
Address: Slovenia, EU
Email: info@buildahouse.app