Privacy Policy
Last updated: April 2, 2026
BuildKin ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our building management platform.
1. Data Controller
BuildKin acts as the data controller for the personal data processed through our platform. We are committed to complying with the General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act.
2. Information We Collect
We collect information that you provide directly to us, including:
- Account information (name, email address, password)
- Profile information (organization name, role)
- Contact information for issue reporting (name, email, phone number)
- Issue reports and descriptions, including photos
- Payment information processed securely through Stripe
- Usage data and analytics
- Device and browser information
3. Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Contract performance: Processing necessary to provide our services
- Consent: When you have given explicit consent for specific processing
- Legitimate interests: For improving our services and security
- Legal obligation: When required by applicable laws
4. How We Use Your Information
We use the collected information for:
- Providing and maintaining our building management services
- Communicating with you about issues and updates
- Processing payments and subscriptions
- Improving and personalizing user experience
- Ensuring the security of our platform
- Complying with legal obligations
5. Data Sharing
We may share your information with:
- Supabase: Our database and authentication provider
- Stripe: Our payment processing partner
- Legal authorities when required by law
- Business partners with your consent
6. Payment Processing
All payment processing is handled securely by Stripe, a PCI-DSS compliant payment processor. We collect and process the following payment-related information:
- Billing name and email address
- Subscription plan details and billing cycle (yearly)
- Payment transaction history and invoices
- Stripe customer ID for managing your subscription
We never store your complete credit card information on our servers. All sensitive payment data is handled exclusively by Stripe in compliance with PCI-DSS standards.
When you upgrade your plan, we process prorated charges for the difference in subscription tiers. Downgrade requests are scheduled to take effect at the end of your billing period, subject to our 15-day advance notice requirement.
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, typically for the duration of your account plus a reasonable period for legal compliance and dispute resolution.
9. Your Rights
Under GDPR and Bulgarian law, you have the following rights:
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restriction of processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time
10. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including encryption, access controls, and regular security assessments.
11. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with the Commission for Personal Data Protection of the Republic of Bulgaria (CPDP) at:
Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: www.cpdp.bg
12. Contact Us
For any questions about this Privacy Policy or to exercise your rights, please contact us at: