BuildPrompt
  • Solutions
    • Health & Safety
    • Quality Assurance
    • Project Handover
    • Asset Management
    • For regulated industries

      Configurable agentic workflows

      End-to-end automation tailored to assurance, compliance and audit needs across heavily regulated industries.

      Explore platform →
  • Platform
  • Partners
  • About Us
Contact us
Legal

Privacy Policy

BuildPrompt™ Privacy Policy (BuildScan Limited) · Version 2.0 · Effective 29 June 2026

About us. We are BuildScan Limited, trading as BuildPrompt™. Our registered office is 180 Strand, Temple, London, England, WC2R 1EA. Company number 12317238. This policy is written in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Introduction

BuildScan Limited (“BuildPrompt”, “we”, “us”, “our”) operates an AI platform that turns construction, infrastructure and real estate data into evidenced, auditable intelligence. This Privacy Policy explains how we collect, use, share and protect personal data in connection with our website at buildprompt.ai and the BuildPrompt service.

This policy is provided as notice under UK GDPR. It does not seek your consent for processing that does not require it. Where consent is required (for example, certain cookies and marketing communications) it is collected separately at the point of collection.

2. Our role: controller and processor

Our role under data protection law depends on the context:

  • Controller. For personal data we collect about visitors, prospects, contacts at customer or partner organisations, and individuals who otherwise engage with us (for example, through our website, marketing or events), BuildScan Limited is the controller.
  • Processor. For documents and personal data that customers upload to the BuildPrompt platform, the customer is the controller and BuildScan Limited acts as a processor on the customer’s behalf. That processing is governed by the Master Services Agreement (MSA) and Data Processing Addendum (DPA) between BuildScan Limited and the customer.

3. Data we collect

3.1 Contact and account information

Name, work email address, organisation, job title, telephone number and any other details you provide when you contact us, register interest, attend an event, or create an account.

3.2 Website usage information

Information collected automatically when you visit the site, including IP address, approximate location, device and browser type, referring URL, the pages you visit and the time and date of your visit.

3.3 Prompt and response information

For platform users, we log prompts and responses for service-delivery, security and audit purposes only. Customer data, prompts and responses remain the customer’s property and are never used to train our models or improve the service for other customers.

3.4 Document and data processing

Documents and data are processed within isolated, customer-specific environments using our proprietary technology. Where third-party model providers are used, they operate under contractual data-isolation protocols and zero-retention arrangements, so customer data is not retained, shared or used for training by those providers.

3.5 Enterprise controls

Customers can configure how data, prompts and responses are handled at the enterprise level, including choice of model, region of processing, retention windows and the ability to use only internal models where preferred.

4. Lawful bases for processing

We process personal data on the following bases under Article 6 UK GDPR:

  • Performance of a contract: to deliver the BuildPrompt platform to customers and to take steps prior to entering into a contract.
  • Legitimate interests: to operate and secure our website, to communicate with business contacts at customer and prospective customer organisations, to develop our products, and to keep records. We balance these interests against your rights and freedoms in each case.
  • Consent: for non-essential cookies and for direct marketing where required by law. You can withdraw consent at any time without affecting prior lawful processing.
  • Legal obligation: to meet our obligations under tax, accounting, employment, security and other applicable laws.

5. How we share data

We do not sell personal data. We share personal data only with:

  • Sub-processors and service providers who help us deliver the platform and run our business (for example, cloud hosting, model providers operating under zero-retention terms, security tooling, analytics and CRM). All sub-processors are bound by written agreements that require equivalent protection.
  • Professional advisers, including accountants, auditors and legal advisers, where required.
  • Authorities and regulators, where we are required by law to do so, or where necessary to protect our rights, the rights of our customers or the public.
  • Successors, in the event of a merger, acquisition, restructuring or sale of assets, subject to confidentiality protections.

A current list of platform sub-processors is available to customers on request.

6. International transfers

Where personal data is transferred outside the UK, we put in place appropriate safeguards under UK GDPR. These include reliance on UK adequacy regulations where they apply, the UK International Data Transfer Agreement (IDTA), or the EU Standard Contractual Clauses together with the UK Addendum. We assess transfers to ensure an essentially equivalent level of protection, and apply additional contractual, technical and organisational measures where necessary.

7. Data retention

We retain personal data only for as long as necessary for the purpose for which it was collected. Indicative retention periods:

  • Customer account and contract records: duration of the contract plus 6 years, in line with statutory limitation periods.
  • Prospect and marketing data: up to 24 months from last meaningful engagement, then deleted or anonymised.
  • Website analytics: up to 14 months.
  • Customer project data inside the platform: per the customer’s Order Form / MSA, after which it is deleted in accordance with documented deletion procedures.
  • Security, audit and incident logs: typically up to 12 months, longer where required for investigation or by law.

8. Data security

We operate an Information Security Management System aligned to ISO/IEC 27001:2022 and Cyber Essentials Plus. We apply technical and organisational measures appropriate to the risk, including access controls, encryption in transit and at rest, segregation of customer environments, vulnerability management, secure development practices, audit logging and staff training.

In the event of a personal-data breach affecting your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where required by Article 33 UK GDPR, and affected customers without undue delay.

9. Cookies and similar technologies

This website uses only strictly necessary cookies required for it to function. We do not currently set analytics or marketing cookies. If we introduce them in future, we will ask for your consent before doing so.

10. Automated decision-making and profiling

We do not make decisions about you that produce legal or similarly significant effects based solely on automated processing of your personal data on the website or in our marketing operations. Use of automation within the BuildPrompt platform is determined by the customer (as controller) and governed by the MSA.

11. Children

BuildPrompt is a business-to-business service and is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If you believe we hold data relating to a child, please contact us so we can investigate and delete it.

12. Marketing

Where we send marketing communications, you can opt out at any time by using the unsubscribe link in the message or by emailing info@buildprompt.ai. Opting out of marketing does not affect service-related communications.

13. Your rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Be informed about how we use your personal data (this policy).
  • Access your personal data.
  • Have inaccurate data corrected.
  • Have your data erased in certain circumstances.
  • Restrict or object to processing in certain circumstances.
  • Data portability (receive your data in a structured, commonly used, machine-readable format).
  • Withdraw consent at any time where processing is based on consent.
  • Not be subject to a decision based solely on automated processing where it has legal or similarly significant effects.

To exercise any of these rights, contact us at info@buildprompt.ai. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). We would, however, appreciate the chance to address your concerns before you approach the ICO.

14. Third-party links and services

Our website may contain links to third-party sites or services. We are not responsible for the content or privacy practices of those third parties, and their use is governed by their own terms and policies.

15. Country-specific provisions

We comply with privacy laws in the jurisdictions in which we operate. Depending on your country of residence, additional rights may be available to you. We process personal data in accordance with applicable local laws and collect consent where it is required.

16. Changes to this policy

We may update this policy from time to time. Where the change is material, we will notify you by email or via the platform before it takes effect. The version number and effective date above will be updated each time the policy changes.

17. Contact us

For any questions about this policy or our data practices, please contact:

  • Email: info@buildprompt.ai
  • Data Protection Officer: Nicola Owen, info@buildprompt.ai
  • Post: BuildScan Limited, 180 Strand, Temple, London, England, WC2R 1EA
BuildPrompt

BuildPrompt is a product of BuildScan Limited. Company No. 12317238.
180 Strand,
Temple,
London,
England,
WC2R 1EA.

LinkedIn
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
© BuildPrompt 2026