Privacy Policy

Beacon Build is a financial decision-support service for building and capital project teams. This Privacy Policy explains what information we collect, how we use it, when we share it, and the choices available to account holders.

This policy applies to information collected through the web application, account signup and login flows, and support or operational interactions related to the service.

Beacon Build may receive documents that contain commercially sensitive project information and, depending on the document, personal information. This policy explains how we handle both categories and when third-party processors are involved.

The service is intended for use by individuals who are at least 18 years of age. By using the service, you represent that you meet this requirement.

We collect account and company details such as company name, user email address, authentication details, and role-based access information.

We collect business data that users enter into the product, including project details, scope, program or unit mix information, historical cost data, estimate outputs, notes, and manual overrides.

We collect billing and subscription information needed to administer company plans, company setup terms, extraction-credit balances, invoices, and payment status. Full payment card or bank-account details are handled by our payment processors rather than stored directly by us.

We collect technical and session information needed to secure the service, maintain logged-in sessions, prevent abuse, and diagnose operational issues.

We use session cookies and authentication tokens to maintain your logged-in state and secure your session. These are strictly necessary for the service to function and are not used for advertising, cross-site tracking, or third-party analytics.

You may configure your browser to block or delete cookies, but doing so will prevent you from using the service, as authentication depends on session state.

Customer-entered project records, historical costs, rents, notes, overrides, and similar business inputs are treated as confidential customer data.

Confidential customer data is used only to host, secure, maintain, support, and provide the service for the relevant customer account, and as otherwise required by law.

Confidential customer data is not sold and is not reused to benefit another customer without authorization.

If market-reference features are added in the future, any public or third-party reference data should come from lawful, licensed, or otherwise authorized sources.

Public or licensed market-reference data should be kept separate from confidential customer-entered data in both product logic and legal treatment.

Customer-entered rents, pricing assumptions, and similar confidential inputs should remain company-private and should not be pooled into cross-customer datasets.

We collect and process personal information on the basis of contract necessity (to provide the service you have requested), legitimate business interests (to operate, secure, and improve the service), and legal compliance (to meet obligations under applicable law, including PIPEDA).

We do not collect personal information that is not reasonably necessary for these purposes. Where you have submitted information about other individuals, you are responsible for ensuring that collection and submission was done lawfully and with appropriate authority.

We use information to provide, host, authenticate, secure, maintain, and support the service for the relevant company account, including organizing company-isolated records and generating estimates and related outputs for that customer.

We do not use a customer's confidential project or cost data for unrelated third-party purposes, and we do not sell that data.

We may use operational metadata, product diagnostics, and non-content service signals to improve reliability and performance. This does not make raw project records, cost figures, bid prices, vendor pricing, source line items, or company-identifying information available to other customers.

We may also use information to comply with legal obligations, enforce our terms, investigate misuse, and maintain business records related to the operation of the service.

We share information only with service providers needed to host, secure, authenticate, maintain, and support the product, including our database and authentication provider, Supabase. Those providers may process customer data only as part of delivering the service to us.

Where a company purchases or renews a subscription, we may share the minimum billing information needed to create, charge, renew, support, or reconcile that subscription with payment processors such as Stripe and PayPal.

Where a company uses AI-assisted extraction, we share the relevant document content with an underlying AI service provider needed to perform the extraction request. The product may refer to this workflow as Beacon managed AI Agent. Providers may include OpenAI ChatGPT as the primary managed provider, Anthropic Claude as a managed fallback, and Google Gemini only where enabled.

We act as a data controller in respect of account and profile information, and as a data processor in respect of business data you submit to the service. You are responsible for your own compliance obligations in respect of any personal information belonging to third parties that you input into the service.

We do not share confidential customer data with third parties for their own independent marketing, resale, or unrelated commercial use.

We may also disclose information when required by law, to protect rights or security, in connection with a business transaction, or with your direction.

Beacon Build includes an AI-assisted historical cost extraction feature. When you use this feature, the document you upload is received by our server and transmitted to an underlying AI service provider to perform the extraction request. The product may refer to this workflow as Beacon managed AI Agent. Providers may include OpenAI ChatGPT as the primary managed provider, Anthropic Claude as a managed fallback, and Google Gemini only where enabled.

The current workflow-specific AI Data Handling Notice is available at /ai-data-handling. If the notice version changes materially, the product may require a new approval before managed AI extraction can continue.

OpenAI is the primary managed AI provider for supported file types, including PDFs. Anthropic Claude may be used as a managed fallback if the primary provider is unavailable or cannot complete the extraction. Google Gemini is only included where separately enabled.

This transmission uses Beacon Build-managed provider credentials. Managed agent use does not remove the need to review extracted data before saving it into your company workspace.

Large text, CSV, and spreadsheet-derived uploads may be processed through managed intake sessions and chunks to reduce context loss and preserve source locators. Server-owned extraction candidates may be retained before a user accepts values into project memory or reporting history.

Under the current API policies of the providers we support, API inputs and outputs are not used for model training by default. The relevant provider's own API data-handling policy, privacy commitments, and terms still apply to the extraction request.

When AI-assisted historical intake creates source evidence, we may retain the uploaded source file, processed file metadata, extraction summary, managed agent, model and provider metadata, source-location evidence, review status, and related audit records inside the company-isolated workspace. This retained evidence lets authorized users review where extracted values came from before the record can be promoted for benchmark use.

Stored AI source evidence is kept in private storage, scoped to the customer company, and accessed through time-limited review links where the product exposes a source-file review action. It is not sold, disclosed to other customers, or used in another customer's workspace.

Company administrators may disable external AI processing for the workspace. When disabled, the historical extraction route must not send uploaded company documents to Beacon managed AI Agent, and users should use manual entry or another approved workflow.

When a document is processed, its contents may be handled outside Canada by the relevant underlying AI service provider. You are responsible for ensuring that documents you upload for AI extraction may lawfully be shared with that provider and do not violate your confidentiality, contractual, or regulatory obligations.

If your company starts a paid subscription or extraction-pack purchase, our payment processors may collect payment card, bank, billing-address, and tax-related details directly from you. We do not store full payment card or bank-account numbers in the product.

We may retain subscription records, invoice records, payment status, extraction-credit balances, processor customer identifiers, and related support history as long as reasonably necessary to administer billing, resolve disputes, prevent fraud, and meet tax and recordkeeping obligations.

Your information may be processed or stored outside your province, territory, or country. Our primary infrastructure and database provider (Supabase) may store and process data in the United States and other regions depending on service configuration. By using the service, you acknowledge that your information may be transferred to and processed in jurisdictions that may not have equivalent data protection laws to those in your home jurisdiction.

When we use third-party processors, we remain responsible for the information under our control and expect those providers to protect it using appropriate safeguards.

Canada: We handle personal information in a PIPEDA-aware manner, including limiting collection to identified service purposes, using safeguards appropriate to the sensitivity of the information, and providing access/correction request channels through the Privacy Officer contact listed in this policy.

United States and California: We do not sell confidential customer data or share it for cross-context behavioral advertising. Where California privacy laws apply to personal information we process, eligible individuals may have rights to know, access, correct, delete, and limit certain uses, subject to applicable business, security, and legal exceptions.

Country-specific product behavior: Beacon Build separates U.S. and Canadian project assumptions where country matters, including currency, state/province labels, market packs, escalation sources, benchmark cohorts, and regional cohort controls.

European Economic Area, United Kingdom, and Switzerland: Where GDPR-like laws apply, users may have rights to access, rectify, erase, restrict, object to processing, portability, and lodge a complaint with a supervisory authority. Cross-border processing may rely on contractual, operational, or other lawful transfer safeguards as applicable.

This product is primarily business software. Company administrators remain responsible for determining whether their own project documents contain personal information and whether they may lawfully upload those documents for the requested service workflow.

We retain account and business data only for as long as reasonably necessary to provide the service, maintain security, preserve backups, resolve disputes, enforce agreements, and comply with legal obligations.

Managed AI processing metadata and retained historical-intake source evidence may be kept as part of the customer workspace so extracted records can be audited, corrected, or excluded later. If a historical record or account is deleted, related retained evidence is handled under the same deletion and backup-retention rules that apply to other customer business data.

We may later add fuller AI-intake sessions, resumable upload history, or field-value ledgers. If that changes the categories of retained data or the applicable retention behavior, we will update this policy before that flow becomes part of the primary product path.

Company account administrators may request account closure through the service. Before closure is confirmed, the account holder will be shown a summary of the data associated with the account and the applicable retention period. Closure takes effect upon confirmation.

Following confirmed account closure, we will process deletion of customer data within approximately 90 days, subject to extended retention of up to 12 months where required for backup cycles, security, fraud prevention, recordkeeping, or legal compliance.

Beacon Build is currently operated by Beacon Build.

We use administrative, technical, and organizational safeguards appropriate to the sensitivity of the information we handle, including access controls designed to keep customer records isolated by company account. No system can guarantee absolute security, and users remain responsible for protecting their login credentials and reviewing access within their organizations.

In the event of a security breach that creates a real risk of significant harm to individuals, we will notify affected account holders and, where required by applicable law, the relevant privacy commissioner or regulatory authority, within the timeframes required by that law.

Subject to applicable law, you may request access to personal information we hold about you, request corrections, or ask about deletion or account closure.

To make a request or raise a privacy concern, contact our Privacy Officer at privacy@beaconbuild.app. We will respond within a reasonable time and no later than required by applicable law.

If you are not satisfied with our response, you have the right to escalate a complaint to the Office of the Privacy Commissioner of Canada or the applicable provincial privacy authority.

If you enter information about other individuals into the product, you are responsible for ensuring you have the right to do so and that the information is accurate and appropriate for the purposes of the service.

The construction-index helper in Beacon Build uses Statistics Canada Building Construction Price Index data for apartment construction. That content is reproduced under the Statistics Canada Open Licence.

Statistics Canada source: https://www150.statcan.gc.ca/n1/en/catalogue/1810028901

Statistics Canada Open Licence: https://www.statcan.gc.ca/en/terms-conditions/open-licence

We may update this Privacy Policy from time to time. The most recent version will always show the last updated date.

For privacy questions or requests, contact our Privacy Officer at privacy@beaconbuild.app.