Privacy

Our privacy promises.

When you upload a project schedule to BuilderPlan, you're trusting us with sensitive commercial information — task names, subcontractor identities, bid logic, full network dependencies. This page explains, in plain language, what we do with your data and what we promise we won't.

Last updated: 5 May 2026

1. We don't use your data to train AI models.

Your schedule and the summary we send to our AI provider are not used to train, fine-tune, or otherwise improve any AI model. We use OpenAI's standard API, which by policy does not train on data submitted via the API. We do not opt in to any training or evaluation program. If we ever change this, we will update this page first.

2. We delete your uploaded project file, typically within 24 hours.

This promise is specifically about the raw .mpp or .xer file you upload — the file that contains your full schedule logic, dependencies, and task detail. We delete that file from our storage on a regular cadence, typically within 24 hours of your submission.

This is currently a manual operational process, not an automated scheduled job. If you'd like your uploaded file removed sooner, reply to the email we sent you with your report and we'll remove it the same business day.

What this promise does not cover: the generated risk report itself (we keep this so paid customers can re-download it), Stripe purchase records (kept for legal and tax reasons), and your contact details (kept for the purposes described below). The narrow wording is deliberate — the leak fear with project files is the file itself, and that's specifically what we're committing to remove.

One consequence: once your raw upload is deleted, we can no longer re-run the analysis on it. Your generated report stays viewable, but getting different output from the same schedule means re-uploading.

3. We don't share or sell your data with third parties — with one named exception.

We do not sell your data. We do not share it with marketing partners, data brokers, or any third party for their own use. The one named exception is the AI provider that generates your report: a structural summary of your schedule (extracted task list, dates, dependencies) is sent to OpenAI for the sole purpose of generating your risk report. No contact details and no raw project file are sent.

Beyond that, a small number of service providers process your data on our behalf to run the service. These are processors, not third-party data buyers, and each has a narrow operational role:

  • OpenAI — receives a structural schedule summary to generate your report. Subject to OpenAI's API data handling policy (no training on API data by default).
  • Microsoft Azure — hosts our application and stores your uploaded file and generated report.
  • Stripe — handles payment if you purchase the full report. Stripe sees your payment details; we never receive your card number.
  • Amazon SES — delivers the email containing your generated report.
  • Azure Application Insights — records anonymous operational telemetry (page views, response times, errors). No project file content and no contact details are sent to telemetry. See our retention policy below.

4. Your contact details are used only to deliver your report and follow up if needed.

We use the name, email, company, and phone number you provide to send you your report and to follow up on the analysis if it would be helpful. We do not currently run a marketing email programme. If we ever introduce one, we will update this page first and will not silently re-purpose contact details collected under the wording on this page.

What happens to your data, step by step

  1. You upload a Microsoft Project (.mpp) or Primavera P6 (.xer) file along with your contact details.
  2. The file is stored in our Azure Storage account. Our schedule converter parses it into a structural representation (tasks, dates, dependencies).
  3. That structural representation is sent to OpenAI to generate the written analysis that becomes your Risk Report. The raw .mpp / .xer file itself is not sent to OpenAI.
  4. The generated report is rendered as HTML and stored alongside a preview version. We email you a link to the preview.
  5. If you purchase the full report, Stripe handles checkout and we unlock the full version. The full report is emailed to you.
  6. Your raw uploaded file, and the converter's intermediate representation of it, are deleted on our regular cadence (typically within 24 hours). The generated report stays available so you can return to it.

How long we keep things

  • Your raw uploaded project file: deleted on a regular cadence, typically within 24 hours.
  • Intermediate parsed representation of your schedule: deleted on the same cadence as the raw upload.
  • Generated report (HTML and preview): kept so you can return to it. Email us if you'd like it removed.
  • Stripe purchase records: kept as required for legal, tax, and accounting purposes.
  • Contact details you provided: kept so we can answer follow-up questions about your report.
  • Operational telemetry (Application Insights): kept for a limited operational window for debugging and performance monitoring; contains no project file content and no contact details.

Asking for earlier deletion

If you want your uploaded project file removed sooner than our regular cadence, or if you want your generated report or contact details removed entirely, just reply to the email we sent you with your report. We'll action it the same business day.

Changes to this policy

If we make a material change to how we handle your data, we'll update this page and bump the “last updated” date at the top. We won't quietly broaden a promise — the four promises on this page are commitments, not aspirations.

Questions

Email support [at] builderplan [dot] com if anything on this page is unclear, if you'd like to request earlier deletion, or if you'd like to know more about how a specific piece of your data was handled.