Privacy Policy

Last Updated: May 9, 2026

Bileg Duro LLC ("Build AI", "we", "us", or "our") respects your privacy and is committed to protecting personal data we process in connection with the Build AI platform (BuildPlan, BuildManage, BuildCost, and related services — collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it. It applies to visitors to our websites, customers using the Service, and authorized end users invited by those customers. For business customers using the Service to manage their own projects and personnel, the customer is the "data controller" of personal data their authorized users submit, and we act as a "data processor" on the customer's instructions. The agreement governing that relationship — including any applicable data processing terms — is the customer's Order Form together with our Terms of Service.

1. Personal Data We Collect

We collect the following categories of personal data: • Identity Data: full name, username, organization name, job title. • Contact Data: email address, phone number, business address. • Account Data: hashed credentials, multi-factor authentication enrollment, language and locale preferences. • Project Data submitted by you: construction-project metadata, drawings, photographs, financial records, schedules, comments, and other content you upload. • Usage Data: pages viewed, features used, timestamps, approximate location derived from IP, error logs. • Device & Connection Data: IP address, browser type and version, device type, operating system, time-zone setting. • Marketing Data: your preferences for receiving marketing communications and your opt-in / opt-out choices. We do not knowingly collect special-category personal data (racial or ethnic origin, religious beliefs, biometric data, etc.). Please do not upload such data to the Service.

2. How We Use Personal Data and Lawful Basis

We use personal data only where we have a lawful basis under applicable data-protection law. The lawful bases we typically rely on are: • Performance of a contract — to provide the Service to you under your subscription, including authentication, hosting your data, sending transactional emails (invitations, password resets, billing receipts), and providing customer support. • Legitimate interests — to operate, secure, and improve the Service; to protect against fraud and abuse; to communicate with you about service updates; and to maintain commercial relationships. We balance these interests against your rights and freedoms. • Compliance with legal obligations — for tax, accounting, audit, and lawful requests by competent authorities. • Consent — for optional marketing communications, certain analytics, and any processing where consent is explicitly required by law. You may withdraw consent at any time.

3. Customer Data

Personal data submitted by an organization customer or its authorized users to the Service ("Customer Data") is processed on the customer's behalf and under the customer's instructions. We will not access, use, or disclose Customer Data except (a) as necessary to provide and maintain the Service, (b) as the customer instructs in writing, (c) as required by applicable law, or (d) with the customer's consent. We do not use Customer Data to train artificial-intelligence or machine-learning models that are made available to other customers, except where data has been irreversibly aggregated or anonymized so that no individual or organization can be identified.

4. Cookies and Similar Technologies

We use first-party cookies that are necessary for the Service to function (for example, to keep you signed in and to remember your language preference). We may also use a small number of analytics cookies to understand how the Service is used in aggregate, for example, which pages are visited and how long sessions last. Where required by law, we will request your consent before setting non-essential cookies. You can manage cookies through your browser settings; disabling required cookies may prevent the Service from working correctly.

5. Service Providers

We share personal data only with carefully selected service providers acting on our behalf to deliver the Service, under written agreements that require them to handle the data with appropriate confidentiality and security. These providers fall into the following categories: • Cloud hosting and database infrastructure. • Authentication, error monitoring, and observability tooling. • Payment processing (for paid plans). • Email delivery for transactional and, where you have opted in, marketing communications. • AI / machine-learning processing for features you actively invoke (for example, document analysis or summary generation). We do not sell or rent personal data to third parties.

6. International Data Transfers

The Service is hosted on infrastructure located primarily in Japan and may also use service providers in other jurisdictions. As a result, your personal data may be transferred to, stored in, and processed in countries other than the one in which you are located. Where we transfer personal data across borders, we rely on appropriate safeguards under applicable law — for example, the data-transfer terms required by your jurisdiction, contractual protections in our service-provider agreements, and security measures that travel with the data.

7. Data Retention

We retain personal data only for as long as needed for the purposes described in this Policy and to comply with our legal, accounting, and reporting obligations. In practice this means: (a) Customer Data is retained for the duration of the customer's subscription; on termination, the customer can request export within 30 days, after which we delete or anonymize Customer Data in the ordinary course unless legal retention applies; (b) account-related personal data is kept while the account is active and for a limited period afterwards; (c) financial records are retained for the period required by tax and accounting law; (d) backups containing personal data are rotated and overwritten on our standard schedule.

8. Security

We protect personal data with industry-standard administrative, technical, and physical measures appropriate to the risk, including encryption in transit, encryption at rest, access controls based on least privilege, secure software development practices, and ongoing monitoring. No method of transmission or storage is perfectly secure; we work continuously to improve our defenses and we expect customers to do the same on their side, including good password hygiene and timely revocation of access for departing personnel.

9. Personal-Data Breach Notification

If a security incident results in the unauthorized disclosure of, access to, alteration of, or loss of personal data, we will notify the affected customer without undue delay and, where required by applicable law, within the timeframes prescribed by that law (for example, within 72 hours of becoming aware, where applicable). Our notice will describe the nature of the incident, the categories and approximate volume of data affected, the likely consequences, and the measures taken or proposed to address it.

10. Your Rights

Subject to applicable law, you may have the following rights regarding personal data we hold about you: • Right of access — to obtain confirmation of whether we process personal data about you and a copy of that data. • Right to rectification — to correct inaccurate or incomplete personal data. • Right to erasure — to request deletion of personal data, subject to legal retention obligations. • Right to restriction — to limit our processing of personal data in certain circumstances. • Right to data portability — to receive personal data in a structured, machine-readable format. • Right to object — including to object to processing based on legitimate interests and to direct marketing. • Right to withdraw consent — where processing is based on consent. • Right to lodge a complaint — with a competent supervisory authority in your jurisdiction. If you are an authorized user of an organization customer, please direct rights requests to your organization first; we will support the customer in responding.

11. Children

The Service is intended for business use and is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at the email below and we will take appropriate steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. When we make material changes, we will provide reasonable advance notice — for paid plans, by email to the account contact and by a notice in the Service. The "Last Updated" date at the top of this Policy reflects the latest version.

13. Contact

Bileg Duro LLC Email: contact@build-ai.tech Registered office: Yalalt Plaza Office, 4th Floor #409, 5th Khoroo, Chingeltei District, Ulaanbaatar, Mongolia Japan office: 1-15-30 Tenjin, Chuo-ku, Fukuoka-shi, Fukuoka, 810-0001, Japan For privacy-related requests (including access, correction, or deletion), please contact the email above. For security disclosures, use the same email and mark the subject line "Security".