buildprophet← Back to home

Privacy Policy

Last updated: June 7, 2026

1. Who We Are

BuildProphet LLC ("BuildProphet," "we," "our," or "us") operates the BuildProphet platform at buildprophet.com. We provide AI-powered real estate investment analysis tools including the ProphetAnalyzer, deal calculator, contractor quote management, and related features.

Questions about this policy: hello@buildprophet.com

2. Information We Collect

Information you provide:

  • Account information: email address, name, company name
  • Deal data: property addresses, purchase prices, rehab budgets, ARV estimates
  • Contractor information you add to your account
  • Communications with BuildProphet support

Vendor order data (when using the Chrome Extension):

  • Order numbers, order dates, order totals
  • Per line item: product name, quantity, unit price, SKU

Information collected automatically:

  • Usage data: features used, calculations run, pages visited, session duration
  • Device and browser information: browser type, operating system, screen size
  • Approximate location: state and city (derived from IP address)
  • Calculator inputs: deal types selected, funding sources, exit strategies, ARV ranges (stored without personal identifiers)

3. How We Use Your Information

  • To provide the service: Running deal analyses, storing your assessments, processing contractor quotes
  • To improve the product: Understanding which features are used and how
  • To communicate with you: Account confirmations, feature updates, support responses
  • To prevent abuse: Detecting multi-account creation, blocking fraudulent signups
  • For aggregate analytics: We compute anonymized, aggregate statistics (e.g., total calculations per month by state, average deal sizes by region). These statistics cannot identify any individual user and are used for internal business purposes.

4. Your Personal Data Is Never Sold

BuildProphet does not sell, rent, or trade your personal data to any third party.

"Personal data" means information that identifies or can identify you individually — your name, email address, specific deal numbers, contractor contacts, or any combination thereof. We do not share this information with advertisers, data brokers, or any other third party for their marketing purposes.

BuildProphet does not sell your personal information and does not share it for cross-context behavioral advertising.

5. Third-Party Services We Use

To operate BuildProphet, we share minimal data with these service providers under strict data processing agreements:

  • Supabase — database and authentication (your data is stored here)
  • Vercel — application hosting (processes requests)
  • Groq — AI analysis (we send property data to generate deal analyses; Groq does not train on API inputs by default)
  • Resend — transactional emails (we share your email address to send confirmations and notifications)
  • PostHog — product analytics (usage events, anonymized)
  • Intuit (QuickBooks) — accounting integration for users who choose to connect their QuickBooks account. When you connect QuickBooks, BuildProphet exchanges an authorization code with Intuit for OAuth access and refresh tokens. Those tokens are encrypted at rest in our database (see Section 8) and used solely to pull your project transaction data into BuildProphet on your behalf. We do not share your financial data with Intuit beyond what is necessary to complete the OAuth flow; Intuit's own privacy policy governs their handling of your QuickBooks account data.
  • Plaid Technologies, Inc. — bank account connectivity. When you connect your bank account, BuildProphet uses Plaid to securely handle the bank authorization process. Plaid receives your bank credentials and delivers your transaction data to BuildProphet. Plaid's privacy policy (plaid.com/legal/privacy-policy) governs how Plaid handles your credentials and data during the connection process. After delivery to BuildProphet, your transaction data is subject to this Privacy Policy.
  • Sentry — application error monitoring. Error reports may include limited user context (such as browser type, page URL, and feature identifiers) to help us diagnose issues. Sentry is contractually prohibited from using this data for their own marketing purposes.
  • Anthropic — AI analysis features (applies when AI analysis features are live). When AI-powered analysis features are active, property and deal data you submit may be processed by Anthropic's models to generate analysis outputs. Anthropic does not train on API inputs by default.

We may update this vendor list as we add or remove service providers. Material changes to our data handling practices will be communicated to registered users per Section 10.

These providers are contractually prohibited from using your data for their own marketing purposes.

5A. Bank Account Data

This section supplements our general privacy policy and applies specifically to users who connect a bank account through BuildProphet's bank sync feature (powered by Plaid). If you do not connect a bank account, this section does not apply to you.

What we collect.

When you connect your bank account, BuildProphet receives the following data from Plaid:

  • Transaction records: date, amount, merchant name, and transaction type for each payment
  • Account metadata: account type (checking, savings, or credit card) and the last four digits of your account number

BuildProphet does not receive and does not store your full account number, routing number, or your bank login credentials (username or password). Those credentials are handled exclusively by Plaid and are never transmitted to BuildProphet.

How we use this data.

BuildProphet uses your bank transaction data solely to support the budget-tracking features you have subscribed to. Specifically, we use transaction data to automatically categorize your spending into your project budgets, match payments to the correct project and budget line, and keep your budget-vs-actual numbers current without requiring manual data entry. We do not use your bank transaction data for advertising, resale, or any purpose unrelated to your project financial management.

How we store and protect it.

Your bank connection credentials (specifically, the Plaid access token that allows us to pull transactions) are encrypted at rest using AES-256-GCM encryption before being stored in our database. The encryption key is derived from a server-side master key that resides in our hosting environment — not in the database itself — so a database compromise alone does not expose your credentials.

Transaction data is stored in your BuildProphet account and is subject to the same row-level security controls that govern all user data (see Section 8 — Security). Token values and account credentials are never logged or transmitted in plaintext.

Who we share this data with.

Your bank transaction data is shared only with the service providers necessary to operate BuildProphet, as listed in Section 5. It is not shared with advertisers, data brokers, or any third party for marketing or commercial purposes. Within our infrastructure, your transaction data is accessible only to the systems and personnel necessary to provide the bank sync feature.

Data retention.

Your transaction data remains in your account as long as your account is active. If you disconnect your bank account, no new transactions will be pulled, but your existing transaction records are preserved as part of your project financial history. If you delete your BuildProphet account, your personal data — including bank transaction records — is removed within 30 days.

Your rights.

  • Right to disconnect.You can disconnect your bank account at any time by going to Settings → Bank Sync and clicking “Disconnect.” Disconnection immediately stops all future transaction syncing and revokes BuildProphet's access to your bank feed.
  • Right to delete. You can request deletion of your bank transaction data by emailing hello@buildprophet.com. We will process your request within 30 days.
  • Right to know. You may request a description of the bank data we hold about you by emailing hello@buildprophet.com. We will respond within 30 days.

We do not sell your bank data.

BuildProphet does not sell, rent, or share your bank transaction data with any third party for their marketing or commercial purposes. This commitment is absolute and is not subject to any exception, including exceptions that may apply to aggregate or anonymized data under other sections of this policy.

Consent.

Before connecting your bank account, BuildProphet presents a disclosure and requires your affirmative consent. Your consent is timestamped and retained as part of your account record. By connecting your bank account, you also agree to BuildProphet's Terms of Service, including the Bank Connection Terms (Section 8A).

5B. Chrome Extension (if installed)

This section applies only to users who install the optional BuildProphet Chrome Extension. If you have not installed the extension, this section does not apply to you.

What the extension is.

The BuildProphet Chrome Extension is an optional browser add-on available to Prophet-tier subscribers. It lets you import vendor order data from supported retailer websites directly into your BuildProphet project expense ledger — eliminating manual data entry.

Retailers it operates on (v1).

The extension is active only on pages you open at the following retailers:

  • The Home Depot (homedepot.com)
  • Lowe's (lowes.com)
  • Wayfair (wayfair.com)
  • Floor & Decor (flooranddecor.com)

The extension does not activate on any other website. Supported retailers may be updated in future extension versions, at which time this policy will be updated accordingly.

What data it reads — and when.

The extension reads data only when you actively click the BuildProphet button on a supported page. It never reads data in the background or without your interaction.

On order detail pages, the extension reads:

  • Order number, order date, and order total
  • Per line item: product name, quantity, unit price, and SKU (when available)

On product detail pages, the extension reads:

  • Product name, price, product image, and the product page URL

The extension does not read and does nottransmit your name, billing or shipping address, payment card information, or login credentials. Those fields are excluded at the data-capture layer — the extension's capture schema has no field for them — and product-name strings are additionally processed through a PII-stripping pass that redacts any email addresses, phone numbers, or street address fragments that may appear adjacent to product text on the page.

Where your data goes.

Captured order data is transmitted to BuildProphet's servers over HTTPS and stored exclusively within your organization's account. It is never aggregated across users, shared with the retailer, or used for any purpose other than populating your project expense ledger.

Local extension storage.

The extension stores an authentication token in your browser's extension storage (chrome.storage.local) to authenticate requests to BuildProphet's servers. This token:

  • Contains no personal information — it is a signed opaque credential only
  • Is not accessible to any retailer website or other browser extension
  • Expires automatically after 90 days
  • Can be revoked at any time from Settings → Extension in your BuildProphet account

Limited use.

Data captured by the extension is used solely to populate your project expense ledger. It is not used for advertising, resale, or any purpose unrelated to your project financial management.

5C. Cookies & Analytics Tracking

BuildProphet uses cookies and similar browser storage mechanisms to operate the service and understand how users interact with the platform.

What we use.

  • Session and authentication cookies (Supabase) — required for you to stay signed in. These are functional cookies and cannot be disabled without breaking the service.
  • Product analytics (PostHog) — we track usage events such as pages visited, features used, and session duration. PostHog data is pseudonymous: events are associated with a randomly generated user identifier, not your name or email. PostHog does not use this data for advertising.

What we do not use.

BuildProphet does not use advertising cookies, third-party tracking pixels, or cross-site behavioral advertising technologies. We do not participate in any ad network or audience-targeting program.

No cookie banner.

We do not currently display a cookie consent banner because we do not use advertising or cross-site tracking cookies that require opt-in consent under most applicable laws. If our cookie usage changes in a way that requires a consent mechanism, we will implement one and update this section.

How to opt out of analytics.

To opt out of PostHog product analytics, email hello@buildprophet.com with the subject line “Opt out of analytics.” We will disable analytics tracking for your account within 30 days. Note that disabling analytics does not affect your ability to use BuildProphet.

5D. Floor Plan Scan Data

This section applies only if you use the optional Scan Mode in Plan Studio on the BuildProphet mobile app. If you use the manual floor-plan editor, or do not use the mobile app, this section does not apply to you.

What Scan Mode does.

When you use Scan Mode, your device's camera measures your room's dimensions to build a floor-plan layout. This process runs entirely on your device.

What BuildProphet receives.

BuildProphet receives only the floor-plan measurements (room dimensions, wall positions, and door/window locations) generated by the scan. BuildProphet does not receive, process, or store any photo or video of your home. No camera frames from your scan are transmitted to our servers.

How we use and store it.

Your floor-plan geometry is stored in your BuildProphet account, linked to your project, and protected by the same security and tenant-isolation controls that protect all your project data (see Section 8). It is never shared with other users unless you explicitly share a plan or invite a collaborator to your project. We do not use your floor-plan data to train AI models or for advertising.

How to delete it.

You can delete a floor plan from the plan's settings at any time. If you delete your BuildProphet account, your floor-plan data is removed within 30 days (see Section 6). You may also request deletion by emailing hello@buildprophet.com.

6. Data Retention

  • Active account data: retained while your account is active
  • Deleted accounts: personal data removed within 30 days of account deletion request
  • Aggregate/anonymized statistics: retained indefinitely (they cannot identify you)
  • Backup copies: may persist for up to 90 days in secure backups

7. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Update inaccurate information in your account settings
  • Deletion: Request deletion of your account and personal data
  • Portability: Export your deal data in a standard format
  • Opt-out of analytics: Contact us to opt out of usage tracking

To exercise any of these rights, email hello@buildprophet.com. We will respond within 30 days.

8. Security

  • All data in transit is encrypted via HTTPS / TLS 1.2+.
  • Row-level security (RLS) is enforced on user data tables in our Supabase database.
  • Bearer tokens issued by BuildProphet's MCP service are stored as one-way SHA-256 hashes — the plaintext token is never persisted after issuance.
  • External-service OAuth credentials (such as QuickBooks access and refresh tokens) are encrypted at rest using AES-256-GCM before being stored in our database. Each organization's tokens are encrypted with a unique key derived from a server-side master key that lives in our hosting environment — not in the database — so a database compromise alone does not expose your credentials. Token values are never logged or transmitted in plaintext.
  • The Chrome Extension authentication token is stored server-side as a one-way SHA-256 hash — the raw token exists only in your browser's local extension storage and is never persisted in plaintext on our servers.
  • Documents uploaded to BuildProphet (when supported in a future release) will be encrypted at rest with AES-256-GCM before persistence.
  • Regular security reviews and dependency scanning.

Using the Service to prompt-inject, manipulate, probe, attack, reverse-engineer, or exfiltrate data is prohibited conduct under our Terms of Service, Section 18 (Acceptable Use), which you should review.

No method of transmission or storage is 100% secure. If you discover a security issue, please contact hello@buildprophet.com immediately.

9. Children's Privacy

BuildProphet is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy periodically. When we make material changes, we will notify registered users by email and update the "Last updated" date above. Continued use of BuildProphet after changes constitutes acceptance of the updated policy.

11. Data Breach Notification

In the event of a security incident that results in the unauthorized access, acquisition, or disclosure of personal information, BuildProphet will notify affected users and relevant authorities as quickly as possible and without unreasonable delay, as required by applicable law — including Tex. Bus. & Com. Code § 521.053 (Texas Identity Theft Enforcement and Protection Act). Notification will be provided via email to the address associated with your account, or via a prominent notice on buildprophet.com, depending on the nature and scope of the incident. If you believe your account has been compromised, contact us immediately at hello@buildprophet.com.

12. Contact

BuildProphet LLC
Privacy inquiries: hello@buildprophet.com