1. What We Collect
When you use Built n' Tallied, we collect:
- Account information: Your name, email address, and password (stored securely via Amazon Cognito).
- Business information: Company name, phone number, and address that you enter in Settings.
- Job data: Job names, addresses, line items, costs, photos, daily logs, invoices, and notes that you create.
- Client data: Names, emails, phone numbers, and addresses of your clients that you enter.
- Usage data: Pages visited, features used, and basic analytics (no tracking pixels or third-party trackers).
- Payment information: Processed by Stripe. We never see or store your credit card number.
2. How We Use Your Data
- To provide the Built n' Tallied service (estimates, job costing, invoicing, etc.).
- To send transactional emails (estimates, invoices, password resets) via Amazon SES.
- To process optional AI features (see Section 5 below).
- To improve the product based on aggregate usage patterns.
We do NOT sell, rent, or share your data with third parties for marketing purposes. Ever.
3. Where Your Data Lives
All data is stored on Amazon Web Services (AWS) in the US-East-1 (Virginia) region:
- Database: Amazon RDS (PostgreSQL) — encrypted at rest with AES-256.
- Files: Amazon S3 — photos, receipts, and PDFs, encrypted at rest.
- Auth: Amazon Cognito — passwords are hashed, never stored in plain text.
- In transit: All data encrypted via TLS 1.3.
4. Your Client's Data
When you enter your clients' names, emails, and phone numbers into Built n' Tallied, you are the data controller and we are the data processor. This means:
- You are responsible for having your clients' consent to store their contact information.
- We process this data only to provide the service (sending estimates, invoices, portal links).
- We do not use your clients' data for any other purpose.
- If a client requests deletion, you can remove them from Built n' Tallied and the data is permanently deleted.
5. AI Features & Data Processing
Built n' Tallied offers optional AI-powered features. When enabled:
- Your input is processed by Amazon Bedrock on AWS infrastructure.
- We automatically strip personally identifiable information (phone numbers, emails, addresses, SSNs) before sending any text to the AI.
- Your data is NOT used to train AI models.
- AWS does NOT share your data with the model provider.
- AI features are opt-in and can be disabled in Settings at any time.
6. Your Rights
- Export: You can export all your data (jobs, clients, line items) as CSV at any time from Settings.
- Delete: You can delete individual jobs, clients, and photos. To delete your entire account, contact us.
- Correct: You can edit any data you've entered at any time.
- Portability: CSV exports are in standard format that works with any spreadsheet or competing tool.
If you are a California resident, you have additional rights under the CCPA including the right to know what data we collect, request deletion, and opt out of data sales (we don't sell data, so this is already satisfied).
7. Data Retention
Your data is retained for as long as your account is active. If you cancel your subscription, your data is preserved for 90 days in case you resubscribe. After 90 days, all data is permanently deleted.
8. Cookies
We use essential cookies only — authentication session tokens (httpOnly, secure). We do not use tracking cookies, advertising pixels, or third-party analytics cookies.