BuildFetch

BuildFetch Inc. Cloud Services Privacy Policy

Last Updated: April 2, 2026

BuildFetch Inc. (“BuildFetch,” “we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our Cloud Services (as defined in our Cloud Services Terms of Service https://buildfetch.com/tos), the website at buildfetch.com and any subdomains, relevant public and beta APIs, and any additional or future cloud-hosted products or services (collectively, the “Cloud Services”).

This Policy applies to our Customers (Orgs, Projects, authorized Users and Systems) and describes our practices regarding personal information. For Customer Data (any data, information, metadata, files, or other content that you or your authorized users or systems upload, store, or transmit to the Cloud Services), we act as a data processor; you are the data controller. This Policy is incorporated into and forms part of our Cloud Services Terms of Service https://buildfetch.com/tos.

By using the Cloud Services, you agree to the practices described here. If you do not agree, you must not access or use the Cloud Services.

1. INFORMATION WE COLLECT

1.1 Account and Contact Information. When you register an Org, create a Project, subscribe, or interact with us, we collect:

  • Name, email address, Org name, Project(s) names, and information regarding Users assigned to the Org/Project(s).
  • Billing and payment information (processed by third-party providers; we do not store full payment details).
  • Login credentials and authentication data.

1.2 Usage and Technical Data. Automatically collected:

  • IP address, device type, browser information, operating system.
  • Usage metrics, analytics data, logs, and performance data.

1.3 Customer Data. Any data, files, metadata, or content that you or your authorized users or systems upload, store, or transmit through the Cloud Services (“Customer Data”). This may include personal information of your end users, employees, or third parties. You retain all ownership and control of Customer Data.

1.4 Aggregated Data. “Aggregated Data” means data derived from Customer Data that has been de-identified and aggregated such that it cannot reasonably be used to identify Customer, any individual, or any specific Project.

1.5 Other Information. Communications with support, feedback, or information from public sources or third parties (with your consent or as permitted by law).

1.6 Information from Third Parties. We may receive additional information about you, your Org, Projects, assigned Users, or Systems from third-party sources (such as public records, business directories, or service referrers) as permitted by law and only to the extent necessary to provide and improve the Cloud Services.

2. HOW WE USE YOUR INFORMATION

We use the information to:

  • Provide, maintain, secure, and improve the Cloud Services, including hosting, caching, transmitting, serving, and analyzing Customer Data solely for analytics as described on our website.
  • Manage your Org, Projects, Subscription Plan, billing, and deliver per-Project analytics.
  • Communicate with you about your account, updates, support, and (with consent or where permitted) marketing.
  • Create, use, and disclose “Aggregated Data” for any purpose, including product improvement, benchmarking, and marketing.
  • Ensure security, prevent fraud, enforce our Cloud Services Terms of Service, and comply with legal obligations.
  • Respond to data-subject requests as required by law.

For Customer Data, we process it only as necessary to provide the Cloud Services and as expressly permitted in the Cloud Services Terms of Service. BuildFetch will not sell, lease, transfer to any third party (whether for commercial purpose or otherwise), or commercially exploit Customer Data except as expressly permitted in the Cloud Services Terms of Service or required by law. BuildFetch processes any personal data contained in Customer Data in accordance with this Privacy Policy and applicable data protection laws.

3. LEGAL BASES FOR PROCESSING

Where applicable (e.g., under the GDPR), we rely on the following legal bases for processing personal information:

  • Performance of contract (providing the Cloud Services).
  • Legitimate business interests (providing core functionality of the Cloud Services, improvement, security, marketing where permitted).
  • Legal obligations.
  • Consent (where required, e.g., certain marketing or non-essential cookies).

4. SHARING AND DISCLOSURE OF INFORMATION

We do not sell or share personal information (as those terms are defined under the California Consumer Privacy Act or other applicable privacy laws). BuildFetch aims to use a minimal number of subprocessors necessary to provide its services. We maintain a list of main subprocessors, available upon request or published on our website. All subprocessors are bound by contracts (including Data Processing Agreements where required) that require appropriate data protection and confidentiality.

We may share information with:

  • Service Providers and Subprocessors: Cloud hosting providers, payment processors, analytics tools, and support vendors.
  • Affiliates: Within the BuildFetch group.
  • Business Transfers: In connection with a merger, acquisition, corporate reorganization, or sale of all or substantially all of our assets.
  • Legal Requirements: To comply with law, court orders, government requests, or to protect rights, safety, or the integrity of the Cloud Services.
  • With Your Direction: For Customer Data, as you instruct or as permitted by the Cloud Services Terms of Service.

5. DATA SECURITY

We implement industry-standard technical and organizational measures to protect information, including encryption of Customer Data and Aggregated Data at rest and in transit, access controls, monitoring, and regular security assessments. No system is completely secure.

BuildFetch recommends that Customer encrypt its Customer Data prior to uploading it to the Cloud Services to the extent such encryption does not prevent BuildFetch from providing the Cloud Services. Customer is responsible for protecting its credentials.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify affected Customers and applicable regulators as required by law.

6. DATA RETENTION

We retain information only as long as necessary for the purposes outlined, to fulfill legal obligations, resolve disputes, and enforce agreements:

  • Account and billing information: while your account is active plus the period required for tax, accounting, or legal purposes.
  • Customer Data: during the Term; upon termination or your deletion request (after all outstanding Fees are paid), we use commercially reasonable efforts to delete it within thirty (30) calendar days, except as required for legal or regulatory compliance (per Cloud Services Terms of Service Section 12.3).
  • Usage and technical data: for shorter periods or in aggregated/de-identified form.
  • Aggregated Data: may be retained indefinitely for analytics, product improvement, benchmarking, and other legitimate business purposes, as it cannot reasonably identify Customer, any individual, or any specific Project.

You may request deletion of Customer Data or your account information via the Cloud Services dashboard or by contacting us (subject to payment of all outstanding Fees).

7. YOUR RIGHTS AND CHOICES

Depending on applicable jurisdiction (e.g., GDPR for EEA/UK residents, CCPA/CPRA for California residents), you or your end users may have rights to:

  • Access, correct, or delete personal information.
  • Data portability.
  • Object to or restrict processing.
  • Withdraw consent.
  • Opt out of marketing communications (via unsubscribe link or account settings).

For Customer Data: You control access and deletion primarily through the Cloud Services. We will assist you (or data subjects whose information is contained in your Customer Data) with data-subject requests to the extent required by applicable law. To exercise rights, contact privacy@buildfetch.com or use Cloud Services tools. We respond within applicable legal timelines (e.g., thirty (30) calendar days under GDPR) after verifying identity. We may not be able to fulfill a request if it would violate legal obligations or our Cloud Services Terms of Service.

California Residents: In addition to the rights above, California residents may exercise additional rights under CCPA/CPRA.

8. COOKIES AND TRACKING TECHNOLOGIES

We use cookies, pixels, and similar technologies for functionality, analytics, performance, and security. You can manage preferences via browser settings or our consent tools (where required). Strictly necessary cookies are always active; analytics and advertising cookies require consent where applicable. Full details are available in the Cloud Services or upon request.

9. INTERNATIONAL DATA TRANSFERS

BuildFetch Inc. is incorporated in the State of Wyoming, United States. Personal data may be transferred to, stored, and processed in the U.S. or other countries. Where required (e.g., EEA/UK transfers), we use appropriate safeguards such as Standard Contractual Clauses (SCCs), EU-U.S./UK Extension/Swiss-U.S. Data Privacy Framework certification (if applicable), or other approved mechanisms. Customer Data storage location options (if offered) will be communicated in advance.

10. CHILDREN’S PRIVACY

Our Cloud Services are not directed to children under 16 and are intended for business use. We do not knowingly collect personal information from children.

11. CHANGES TO THIS PRIVACY POLICY

We may update this Policy. We will notify you of material changes by email or in-Service notice at least thirty (30) calendar days before the effective date (consistent with our Cloud Services Terms of Service). Continued use after the effective date constitutes acceptance.

12. CONTACT US

For questions, requests, concerns, or to exercise rights: