Privacy Policy

Last updated: April 15, 2026

Easy Building Codes ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services (collectively, "the Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information You Provide Directly

Account Information: Name, email address, and password when you create an account, or information received from your third-party login provider (e.g. Google)
Conversation Data: Questions you ask and conversations with the AI assistant
Uploaded Documents: Plans, specifications, or other documents you upload for analysis
Payment Information: Billing details processed securely by our third-party payment processor. We do not store your full credit card number or bank account details on our servers.
Communications: Information you provide when you contact us, submit feedback, or complete forms on our website
Team Information: Team name, member email addresses, and roles when you use team collaboration features

Information Collected Automatically

Usage Data: Pages visited, features used, actions taken, time spent, and referring URLs
Device Information: Browser type and version, operating system, screen resolution, and device type
Network Information: IP address, approximate geographic location (city/region level), and internet service provider
Cookies and Similar Technologies: Session identifiers, preference settings, and analytics data (see Section 8 for full details)

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service, including processing your queries and delivering AI-generated responses
Create and manage your account, authenticate your identity, and maintain session security
Process payments, manage subscriptions, and send transaction-related communications
Respond to your enquiries, provide customer support, and communicate service updates
Analyse usage patterns to improve the Service, fix issues, and develop new features
Detect, prevent, and address fraud, abuse, security incidents, and technical issues
Comply with legal obligations and enforce our Terms of Service
Send occasional marketing communications about our products and services, where you have given consent or where permitted by law (you may opt out at any time)

3. Data Sharing and Disclosure

We do not sell your personal information. We share your data only in the following limited circumstances:

Service Providers: We use trusted third-party providers to help us operate the Service, including providers of AI processing, payment processing, hosting infrastructure, content delivery, email delivery, and analytics. These providers are contractually obligated to protect your data and may only use it to perform services on our behalf.
Legal Requirements: We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.
With Your Consent: We may share your information for any other purpose with your explicit consent.

4. Data Storage and Security

We take the security of your data seriously and implement appropriate technical and organisational measures to protect it, including:

Encryption in transit using TLS/SSL for all data transmitted between your browser and our servers
Encryption at rest using AES-256 for uploaded documents and sensitive data
Access controls and authentication requirements for all administrative access
Regular security assessments and monitoring
Automated database backups with secure off-site storage

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.

5. International Data Transfers

The Service is operated from Australia. Your data may be transferred to, stored, and processed in countries outside of Australia, including the United States, where some of our third-party service providers operate. When we transfer data internationally, we ensure appropriate safeguards are in place, including encryption, contractual data protection clauses, and compliance with applicable data protection laws.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Account Data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
Conversation History: Retained until you delete individual conversations or your account.
Uploaded Documents: Retained until you delete them or your account is closed.
Payment Records: Retained as required by applicable tax and financial regulations (typically 7 years).
Consent Records: Retained for 3 years as audit evidence.
Server Logs: Retained for up to 90 days for security and operational purposes.

7. Your Rights

All Users

Regardless of your location, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your personal data (subject to legal retention requirements)
Export your data in a machine-readable format from your profile settings
Opt out of marketing communications at any time
Withdraw cookie consent at any time via Cookie Settings in the page footer

Additional Rights Under UK and EU GDPR

If you are located in the United Kingdom or European Economic Area, you have additional rights under the UK General Data Protection Regulation (UK GDPR) and the EU GDPR:

Right of Access (Article 15): Request a copy of all personal data we hold about you.
Right to Rectification (Article 16): Request correction of inaccurate or incomplete data.
Right to Erasure (Article 17): Request deletion of your personal data. You can delete your account from your profile settings.
Right to Restrict Processing (Article 18): Request that we limit how we use your data in certain circumstances.
Right to Data Portability (Article 20): Download your personal data in a machine-readable format from your profile settingsusing the "Download My Data" feature.
Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days, or within the timeframe required by applicable law.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service, remember your preferences, and analyse usage. We categorise cookies as follows:

Essential Cookies

Required for the Service to function. These cookies enable core functionality such as user authentication, session management, CSRF protection, and security features. Essential cookies cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website by collecting usage information. We use Google Analytics with IP anonymisation enabled. These cookies are only set after you provide consent.

Marketing Cookies

Used for advertising conversion tracking and campaign measurement. These cookies are only set after you provide consent.

You can manage your cookie preferences at any time via Cookie Settings in the page footer. You can also configure your browser to refuse cookies, although this may affect your ability to use certain features of the Service.

9. Lawful Basis for Processing (UK/EU GDPR)

We process your personal data on the following legal bases:

Contract Performance (Article 6(1)(b)): Account creation, chat service delivery, subscription management, and document processing, as necessary to provide the Service you have requested.
Legitimate Interest (Article 6(1)(f)): Security and fraud prevention, service improvement, analytics, and system administration, where our interests do not override your fundamental rights.
Consent (Article 6(1)(a)): Analytics cookies, marketing cookies, and marketing communications. You can withdraw consent at any time via Cookie Settings or by unsubscribing from emails.
Legal Obligation (Article 6(1)(c)): Compliance with applicable laws, regulations, and legal processes.

10. Third-Party Services

We use trusted third-party service providers to help us deliver and improve the Service. These providers fall into the following categories:

AI and Language Processing: To generate responses to your queries. Your questions and conversation content may be processed by our AI providers.
Payment Processing: To handle billing and subscription management securely. Your payment information is processed directly by our payment provider and is not stored on our servers.
Hosting and Infrastructure: To host our application, database, and related services.
Content Delivery and Security: To deliver content efficiently and protect against security threats.
Analytics and Advertising: To measure site usage and advertising effectiveness (with your consent).
Email Delivery: To send transactional and service-related emails.

All third-party providers are selected based on their data protection practices and are bound by contractual obligations to handle your data appropriately.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us immediately.

12. Australian Privacy Act

The Service is operated from Australia and complies with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). The APPs regulate how we collect, use, disclose, store, and provide access to personal information.

If you have a complaint about our handling of your personal information under Australian law, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

13. UK Information Commissioner

If you are a UK resident and believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. We will notify you of material changes by updating the "Last updated" date at the top of this page and, where required by law, by sending you an email or displaying a notice within the Service. We encourage you to review this Privacy Policy periodically.

15. Data Controller

Easy Building Codes is the data controller for personal data collected through this Service. For data protection enquiries or to exercise your rights, contact us at [email protected].

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at [email protected].