Safebuilds

Privacy Policy

Last updated: April 12, 2026

Introduction

Safebuilds (“we,” “our,” or “us”) is committed to protecting your privacy and the privacy of data you process through our platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use Safebuilds.

Because Safebuilds is designed for regulated industries, we take data protection exceptionally seriously. This policy is written plainly — not buried in legalese.

Data We Collect

We collect the following categories of information:

  • Account information: Name, email address, company name, industry, and password (hashed, never stored in plaintext).
  • App data: Forms, fields, submissions, and configurations you create within Safebuilds.
  • Usage analytics: Anonymized usage data (pages visited, features used, session duration) to improve the product. No personally identifiable information is included in analytics.
  • Billing information: Payment data is processed and stored by Stripe. We store only the last 4 digits of your card and billing address. We never store full card numbers.
  • Audit logs: Records of who accessed what data and when, for compliance purposes.

Data Storage and Security

All data stored on Safebuilds is protected by:

  • Encryption at rest: AES-256 encryption for all stored data, including form submissions and PHI fields.
  • Encryption in transit: TLS 1.3 for all data transmitted between your browser and our servers.
  • Access controls:Role-based access control (RBAC) ensures users can only access data they're authorized to see.
  • Infrastructure: Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance in progress.

PHI and HIPAA Compliance

If you use Safebuilds to collect Protected Health Information (PHI) under HIPAA, the following applies:

  • Safebuilds processes PHI only as a Business Associate, not a Covered Entity. We act under the direction of your organization, which remains responsible for HIPAA compliance.
  • Business Associate Agreements (BAAs) are available on the Enterprise plan. Contact us at hello@safebuilds.app to initiate the BAA process.
  • PHI fields within Safebuilds are tagged, encrypted separately, and subject to enhanced access logging. Field-level PHI protection is automatic — you don't need to configure it.
  • We maintain a complete audit trail for all PHI access, modification, and deletion events.

Third-Party Services

We use the following third-party services:

  • Stripe: Payment processing. Stripe is PCI DSS Level 1 certified. Your payment data never touches our servers.
  • Analytics: We use privacy-preserving, cookieless analytics. No personal data is shared with analytics providers. IP addresses are anonymized.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as required to operate the service or comply with law.

Data Retention

  • Active accounts: Data is retained indefinitely while your account is active.
  • Canceled accounts: Data is retained for 30 days after cancellation, giving you time to export. After 30 days, all data is permanently deleted per our secure deletion policy.
  • Audit logs: Audit trail data is retained for 7 years on Enterprise plans to support regulatory compliance requirements.

Your Rights

You have the right to:

  • Access: Request a complete export of all data associated with your account.
  • Deletion: Request permanent deletion of your account and all associated data.
  • Portability: Export all submissions, forms, and audit logs in CSV or PDF format at any time.
  • Correction: Update or correct your account information at any time via account settings.

To exercise any of these rights, contact us at hello@safebuilds.app. We respond to data rights requests within 30 days.

Compliance Certifications

  • SOC 2 Type II: In progress. Expected completion Q3 2026.
  • HIPAA-ready architecture: Implemented from day one. BAAs available on Enterprise.
  • GDPR-compliant data handling for EU customers.

Contact

Questions about this Privacy Policy? Contact our privacy team at: hello@safebuilds.app