How BuildSolver handles your data.

Account

Email address (for sign-in via magic link or Google OAuth).

Subscription

Stripe customer ID, subscription status, billing dates, billing address (required for tax calculation in Canada and Australia).

Branding (Pro / Team only)

Company name, contact phone and email, license number, and an uploaded logo image. Used solely to render your branded PDF exports.

Calculation history

For signed-in users, calculation inputs and chat messages are stored in our database so you can reload past sessions and re-generate PDFs. Anonymous (signed-out) calculations are not stored.

Supabase

Authentication, database, file storage. Data hosted in AWS (us-east).

Stripe

Payment processing, subscription management, and Stripe Tax for GST/HST/PST/QST (Canada) and GST (Australia). PCI-DSS Level 1 certified.

Resend

Transactional email delivery (sign-in links, billing receipts).

Vercel

Application hosting and edge network.

Anthropic / OpenRouter

LLM inference for chat orchestration. See Section 03 below for our training carve-out.

Upstash

Rate-limit and anti-abuse counters keyed by your IP address (stored in plaintext for rate-window expiry, typically 1–31 days depending on the bucket).

Cloudflare Turnstile

Bot detection on anonymous chat. No tracking cookies; the challenge token is verified server-side and discarded.

Resend (deliverability)

In addition to sending email, Resend reports delivery events (bounce, complaint, inbound reply) to our webhook. Addresses that bounce or are reported as spam are added to an internal suppression list so we stop sending to them.

We do not sell or rent your personal data. We do not share branding logos with third parties beyond what is necessary to render and deliver your PDFs.

We do not use your calculation inputs, chat messages, uploaded logos, or branding data to train artificial intelligence or large language models. Calculation inputs are sent to our AI inference provider (Anthropic via OpenRouter) solely to generate the response to your request. Anthropic's commercial terms prohibit use of API inputs for model training, and we have not opted into any data-sharing program for training purposes.

If a downstream provider changes its terms, we will update this section before the change takes effect for our users.

Active account

Retained while your account is active. Calculation history persists across sessions so you can re-open past projects.

After deletion

When you delete your account, personal data is purged within 30 days from active systems (database, storage, backups rotated within that window).

Billing records

Stripe transaction records are retained for 7 years to comply with US tax and accounting laws (IRS recordkeeping rules). This applies regardless of account deletion.

Uploaded logos

Deleted immediately when you remove them from /account/branding, or when your account is deleted.

Analytics events

Page views, chat events, tool calls, and the IP address / country / region / city associated with each event are retained for 90 days, then automatically deleted by a scheduled database job.

Email suppression list

Email addresses that bounced or were reported as spam are kept indefinitely so we do not attempt to resend to them. This is a deliverability requirement (CAN-SPAM, Gmail and Yahoo sender guidelines). The list contains the normalised email address and the reason (bounce or complaint) — nothing else.

We use strictly necessary cookies only: Supabase session tokens for authentication, Stripe payment cookies for secure checkout, Vercel performance cookies for hosting (anonymous, non-advertising), and a first-party bs_session_id cookie (random UUID, HttpOnly, SameSite=Lax, 30-day expiry) that lets us enforce per-visitor rate limits and connect your pre-signup activity to your account when you eventually register. Not used for advertising or cross-site tracking.

We do not use advertising or cross-site tracking cookies. You may disable non-essential cookies in your browser; sign-in and checkout will not function without session and payment cookies.

Data is transmitted over HTTPS (TLS 1.2 or higher). Data at rest is stored in Supabase Postgres with encryption at rest provided by the underlying AWS infrastructure.

Payment card details never reach our servers — all billing flows through Stripe, which is PCI-DSS Level 1 certified. We use rate limits, bot detection, and access logs to identify abuse. No system is perfectly secure; we work continuously to harden ours.

For every request to our chat and tool APIs we record: a timestamp, your IP address (in plain text), the country, region (state/province), and city derived from your IP by our hosting provider Vercel, your browser's user-agent string (truncated to 200 characters), and the endpoint or page you requested. This data is retained for 90 days, then automatically deleted.

We use these logs to enforce rate limits (free anonymous users are capped at 3 chat sends per day per IP), debug failures, investigate abuse, and aggregate coarse geographic usage for product planning. We do not collect GPS coordinates or precise location (latitude/longitude). We do not sell or share this data with advertisers or data brokers.

BuildSolver is a professional tool intended for use by individuals 18 years of age or older. We do not knowingly collect personal information from persons under 18. If you believe a minor has registered, email support@buildsolver.com and we will delete the account.

You can access and correct your branding info at any time on the Branding page and delete uploaded logos there regardless of subscription tier. To delete your account entirely, export your data, or correct any personal information not surfaced in the UI, email support@buildsolver.com. We respond within 45 days (or sooner where required by local law).

For material changes to this Privacy Policy we will surface an in-app banner on /chat and /account and update the “Last updated” date above at least 30 days before the changes take effect. Continued use of BuildSolver after the effective date constitutes acceptance of the updated policy. Non-material clarifications take effect immediately on posting.

Current upcoming change (effective 2026-06-16): We have added the request-log details in Section 07 (IP address, country/region/city), the cookie disclosure for bs_session_id in Section 05, and the analytics-events and email-suppression-list retention items in Section 04. These reflect our existing rate-limit and deliverability infrastructure — they were not new collection practices but were not yet documented. Nothing about who we share data with has changed.

BuildSolver is operated by Neurolinker AI LLC (a US-based limited liability company). All personal data is stored and processed in the United States (Supabase on AWS, us-east region). If you are based in Canada or Australia, by using BuildSolver you acknowledge and consent to the transfer of your personal data to the United States, which may have data protection laws different from those of your home country.

We collect, use, and disclose personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). You have the right to access, correct, or withdraw consent for the use of your personal information. To exercise these rights, email support@buildsolver.com. If you are unsatisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

Quebec residents: BuildSolver is provided in English only. By signing up, Quebec residents acknowledge they have chosen to receive the service in English and accept that all contractual and privacy documentation is provided in English.

We handle personal information in accordance with the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs). You have the right to access and correct your personal information. To exercise these rights or to make a complaint about our handling of your personal information, email support@buildsolver.com. If you are unsatisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Per Cal. Civ. Code § 1798.100 et seq.: categories of personal information collected, purposes, and retention are described in Sections 01–07 above. We do not sell or share your personal information within the meaning of the CCPA/CPRA, including for cross-context behavioural advertising.

California residents have the right to know, delete, correct, and to non-discrimination for exercising these rights. To exercise any of these rights, email support@buildsolver.com. We respond within 45 days.

Email support@buildsolver.com. We aim to respond within 2 business days for general inquiries and within 45 days (or sooner where required) for rights requests.