Privacy Policy
Please read this policy (“Privacy Policy”) carefully to understand how Built processes your personal data, as well as your rights surrounding that data.
This policy applies to entities located in, or individuals residing in, the United States and Canada only. It is not intended for individuals within other countries, including the European Union and European Economic Area.
CCPA NOTICE AT COLLECTION
For information on our processing of personal information that is subject to the California Consumer Privacy Act (“CCPA”), please see Annex A – Supplemental CCPA Privacy Notice.
Overview
This policy describes the privacy-related practices of Built Technologies, Inc. (“Built”) applicable to the information we collect or that you may provide to us. The policy covers Built’s business functions including, but not limited to:
- Websites (including their subdomains) maintained by Built which link to this policy (“Website”).
- Web, desktop, and mobile application-based technology platforms provided by Built which link to this policy (“Services”).
This policy explains how Built processes your personal data and other data in connection with the operation of its business. Processing includes collection, storage, transfer, sharing, disclosure and handling of personal data and/or other data. This policy does not apply to any third-party web domains and services that may be linked to our Website or Services which Built does not control or maintain.
By using our Website or our Services, you acknowledge that you have read this policy and consent to Built’s privacy practices as described below. You further affirm your consent by submitting content, data, materials and/or personal data to or through our Website or Services. If you are accessing the Website or Services on behalf of a legal entity, references to you refer to you as an individual, and to the legal entity you are representing.
If you do not consent to the practices described in this Privacy Policy, you may choose not to use our Website or Services. This policy may change from time to time as our privacy practices are updated. We will notify you of any changes to this policy by posting the revised text and the policy’s last modified date on our Website. You may receive email notifications surrounding changes to this policy by clicking this Subscribe link. If you have a direct relationship with Built and continue to use our Website or Services after policy changes are made, you will be deemed to have granted consent to those changes. If we make a material change surrounding personal data processing, we will notify individuals with whom we have a direct relationship at the current email address specified in your account (if you are a Built customer) or through the email address you supply to us via the Subscribe link above.
Contacting Us
By using our Services, or by providing your personal data to us, you grant us permission to communicate with you electronically regarding any legal, regulatory, technical, security, privacy and administrative or consumer notification obligations that may be related to your use of the Website and the Services.
If you have any questions about this policy and our data processing practices, or would like to submit a data subject access request (DSAR), you can contact us by email or through the web form below.
Email: [email protected]
Web form: DSAR Form
DSARs are promptly reviewed by our compliance team, who will communicate with you directly if your request is valid.
Toll-Free Phone Number: (800) 655-8138
Summary
This policy covers the following areas related to our privacy practices.
- The types of personal data we process.
- Our purposes for processing your personal data.
- The ways in which your personal data is utilized by us.
- Who we share your personal data with.
- The choices available to you regarding the processing of your personal data.
- The actions available to you for:
- Requesting information about your personal data and our processing activities.
- Exercising your individual data privacy rights.
- The security and compliance practices we leverage to prevent unauthorized access, deletion, alteration, use, or disclosure of information you provide to us.
The Data We Process
We collect two types of data in connection with our Website and Services – non-personal data and personal data. These are described below.
Non-Personal or Pseudonymous Data
We gather broad, anonymized or pseudonymous data surrounding activity within our Website and our Services, including:
- Number of unique visitors.
- Frequency of visits.
- Date and time of visits.
- Public Internet Protocol (IP) addresses of visitors.
- Location information of visitors (geolocation).
- Basic web browser statistics (browser type, OS, screen resolution, screen colors).
- Basic device information (device type & brand, OS, service provider).
- Error log data reported by users’ web browsers.
- Incoming (referred) and outgoing URL links as users visit from other sites.
- Web page landing and view statistics.
We analyze the data above in summary form rather than on an individual basis. We may also combine (aggregate) this data with other information in a way that does not identify you. We process the non-personal data above so we can identify usage and functionality trends within our Website and Services.
Personal Data
Specific areas and functions of the Website and Services enable you to provide personal data to us. In some cases, personal data may be required in order to achieve full functionality within one or more Services. Personal data may be collected from manual submissions on our Website (e.g. web forms) as well as data fields that are populated as you use our Services.
We also leverage third-party tools and services to collect personal data for analytics, sales, and marketing purposes. Some of these tools and services are listed on our subprocessors page along with a website reference and purpose for each.
The personal data that we collect from you may include the categories and examples listed below.
| Data Category | Data Types |
|---|---|
| Identifiers | Name, Email address, Postal address, Account username, Telephone number, Business name (for B2B customers), Preferred locale, Social media links, Tax ID or SSN, Date of birth |
| Financial | Bank account number, Routing number, Loan ID number, Payments activity (within our platform) |
| Special/Protected | None |
| Commercial | Property owner name, Property owner address, Record of Built products or services purchased, obtained or considered |
| Biometric | None |
| Device & Location | Cookie data, IP address, Device or browser identifier, Geolocation data (regional only), Metadata relating to your behavior or use of a device accessing our services including typing/mouse patterns and touch gestures (for fraud detection), Port scan results (for fraud detection), Photo location metadata (for inspection services), Access timestamp (when accessing our Services), Device or browser identifier |
| Locally-Installed Apps (Built Connect Excel Add-In) | Application use logs related to errors and usage trends, Email address, Company name, Device identifier, IP address, Geolocation data (regional only) |
Other Data
If you are a borrower or a contractor that uses our Services to interact with a lender or financial institution, we may collect any data that the lender or financial institution provides about you. Additionally, lenders and financial institutions may provide personal data about borrowers and contractors that do not use our Services.
Applicant Data
If you apply for a job with us, we will collect any personal information you provide in connection with your application, such as your contact information and resume or CV.
Purposes of Data Collection
We use the data that we collect to do the following:
- Operate our business, Services, and the Website.
- Honor our terms of use and contracts.
- Process payments and other transactions.
- Improve our existing Services and develop new Services.
- Maintain our databases and back-ups, including records of our communications with you.
- Perform analytics.
- Ensure the privacy and security of our Website and Services.
- Detect fraud and prevent loss.
- Improve our customer service.
- Communicate with you and respond to your feedback, requests, questions, or inquiries.
- Promote our existing Services.
- Contact you about new and upcoming services.
- Improve our marketing efforts, including providing more tailored advertising.
- Analyze use of the Website and our Services and prepare aggregate traffic information.
- Determine and track user interests, trends, needs, and preferences.
- Process job applications that we receive.
- Facilitate corporate mergers, acquisitions, reorganizations, dissolutions, or other transfers.
- Accomplish another purpose described to you when you provide the information, for which you have consented, or for which we have a legal basis under law.
- Accomplish any other purpose related to and/or ancillary to any of the purposes and uses described in this Policy for which your information was provided to us.
- Comply with federal, state, or local laws.
- Comply with a civil, criminal, or regulatory inquiry, investigation, subpoena, order, or summons by federal, state, or local authorities.
- Cooperate with law enforcement agencies.
- Exercise or defend legal rights or claims.
- Create, use, retain, or disclose de-identified or aggregated data. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws.
How We Share Data
For the purposes of data collection listed above, we may share data with specific third parties which include:
- Built’s corporate affiliates and subsidiaries.
- Vendors, service providers, and subprocessors, who assist us in providing our Website and Services.
- Law enforcement agencies, courts, and other governmental and regulatory organizations (when required by law).
- Other third parties that may offer products and services specifically requested by you, or that you have granted data sharing consent for.
We may also disclose to third parties aggregated information or de-identified information about our users that does not identify any specific individual, such as groupings of demographic data or customer preferences.
Your Data Rights
As an individual, you may have specific privacy-related rights surrounding the personal data you submit to us and that we process during the course of providing our Services. These are described below.
Consent for Processing
By submitting data to us, whether manually or through your use of our Website and Services, you agree that Built may use the data in accordance with this privacy policy. If you are a lender or a financial institution that is a Built customer, you acknowledge and agree that: (i) Built does not provide you with any monetary or other valuable consideration in exchange for personal data that you provide or make available; and (ii) the disclosure of such personal data by you to Built is not a “sale” under applicable US privacy laws.
You may have the right to deny or withdraw consent for the collection and/or processing of your personal data in certain circumstances, using several methods.
- You may choose to customize or disable cookies while using our Website. See the Cookies and Other Web Processing section for more information.
- You may choose not to complete and submit certain web forms containing your personal data through our Website (e.g. marketing or product demo forms).
- You may use the unsubscribe link located at the bottom of marketing messages and other select emails you receive from Built, to stop receiving them. This does not include system messages that are generated as an integral part of our Services – you may choose to discontinue receiving these emails by canceling use of the applicable Services.
- You may contact us directly to request to withdraw your consent for certain types of personal data processing (see the Contact Us section for communication details). Submitted requests are reviewed by our compliance team against applicable regulatory or legal requirements.
Additional Rights
The additional rights below may apply in certain circumstances. If you wish to know more about our personal data processing practices or exercise any of these rights, please contact us (see the Contact Us section for communication details).
- You may have the right to know what personal data we process, why we process it and in what ways it is processed.
- You may have the right to request correction or deletion of your personal data.
- We will do our best to inform and assist you following your request.
Cookies and Other Web Processing
What is a Cookie?
A cookie is a small file created by a web server that can be stored on your device (if you allow it) for use either during a particular browsing session (a session cookie) or a future browsing session (a persistent cookie). Session cookies are temporarily stored on your device and only last until they expire at the end of your browsing session. Persistent cookies remain stored on your device until they expire or are deleted by you. Persistent cookies are typically used to collect and store information about your preferences and navigation to, from, and on a website.
First-party cookies are set by the website you’re visiting, and they can only be read by that site. Third-party cookies are set by a party other than that website.
Cookies Related to Fraud Detection & Prevention
Built utilizes a fraud detection solution as part of our operations (currently Sardine). Sardine uses cookies and device storage technologies including:
- _immortabledeviceToken
- secessionkey
These cookies are persistent and are used strictly for fraud prevention. They are not functional, performance, or targeting cookies.
For more information, please review Sardine’s privacy documentation at https://docs.sardine.ai.
Other Web Processing
In addition to cookies, we utilize other web processing technologies to automatically gather information as you browse our Website and utilize our Services. These include the following:
- Web beacons. These are tiny graphics (sometimes called clear GIFs or web pixels) with unique identifiers that are used to understand browsing activity. In contrast to cookies, which are stored on your device, web beacons are rendered invisibly on the web pages you visit.
- Social Widgets. These are buttons or icons provided by third-party social media platforms that allow you to interact with social media services when you view a webpage or mobile app screen. These social widgets may collect browsing data, which may be received by the third party that provided the widget and are controlled by third parties.
- UTM Codes. These are strings that can appear in a URL (the Uniform Resource Locator, which is typically the address entered to go to a webpage) when you move from one web page or website to another. The string can represent information about browsing, such as which advertisement, page, or publisher sent you to the receiving website.
- Web Navigation Replay. Our platform monitoring solutions provide the ability for our engineers to replay a user’s navigation history while using our web-based Services, for the purposes of troubleshooting customer support requests and bug reports. Note that this only applies to logged-in users on our Services platforms, not our Website.
Third-Party Technologies
Third parties connected to our Website and Services may use automated data collection technologies to collect information about you when you browse the Internet. The information they collect about your online browsing activities over time and across different websites and other online services may be associated with your personal data and used to provide you with targeted content.
We do not control these third parties’ technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible party directly or consult their privacy policies.
Some examples of the third-party technologies we may include:
- Google Analytics. For more information about how Google uses your personal data, please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your data, please click here.
- Meta (Facebook) Pixel. For more information about Facebook’s use of your personal data, please visit Facebook’s Privacy Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.
How We Protect Data
Security Program
Built maintains a security program designed to protect the personal data we process from being accidentally lost, used, altered, disclosed, or accessed in an unauthorized manner.
Data submitted via the internet, including through a web page or email, is subject to interception or incorrect routing, and the internet is not a fully secure communications channel. Please consider this prior to submitting any personal data to us via the Website or Services. No method of transmission over the internet is 100 percent secure. Therefore, while we strive to use commercially reasonable means to protect your personal data, Built cannot guarantee its security.
Subprocessors
Built partners with third-party vendors (our subprocessors) who assist us in operating our business. We have a vendor management program in place designed to review subprocessor privacy and security programs and ensure they are meeting best practices and contractual obligations with us.
Our subprocessor page can be found here: Subprocessors
When we add or change any of the subprocessors we partner with, we update this page to reflect changes.
User Responsibility
You also play a role in the safety and security of your personal data. You are responsible for maintaining the confidentiality of your login credentials, as well as ensuring you only disclose your personal data through secure means.
How We Retain Data
We retain data for as long as necessary to fulfill the purpose(s) for which it was originally collected (e.g. to provide our Services to you) and to comply with applicable laws.
To determine the appropriate retention period for data, we may consider applicable legal requirements, the amount, nature, and sensitivity of the data, certain risk factors, the purposes for which we process the data, and whether we can achieve those purposes through other means.
Supplemental Notice for California Residents
This Supplemental Notice for California Residents supplements our Privacy Policy and only applies to our processing of personal data that is subject to the California Consumer Privacy Act of 2018 (as amended from time to time) (“CCPA”).
Notice at Collection
At or before the time of collection, California residents have a right to receive notice of our privacy practices. California residents can find this information below.
- Personal Information Collected. See the section of this Supplemental CCPA Privacy Notice titled “Overview of Personal Data Collected, Disclosed, Sold, and/or Shared” for a list of personal data that may be collected. If we have previously collected personal data in the past 12 months, we may collect that personal data from you.
- Uses of Personal Data. See the section of this Supplemental CCPA Privacy Notice titled “Uses of Personal Data” for an overview of the purposes for which we use personal data.
- Is Personal Data “Sold” or “Shared” for “Cross-Context Behavioral Advertising”? Yes. See the section of this Supplemental CCPA Privacy Notice titled “Overview of Personal Data Collected, Disclosed, Sold, and/or Shared” for more details. If we have previously “sold” personal data or “shared” personal data for “cross-context behavioral advertising” in the past 12 months, we may “sell” or “share” that personal data if collected from you. See the section of this Supplemental CCPA Privacy Notice titled “Right to Opt Out of ‘Sales’ of Personal Data and/or ‘Sharing’ for ‘Cross-Context Behavioral Advertising’” for instructions on how to opt out of these activities.
- How Long Is Personal Data Retained? To determine the appropriate retention period for personal data, we may consider applicable legal requirements; the amount, nature, and sensitivity of the personal data; certain risk factors; the purposes for which we process your personal data; and whether we can achieve those purposes through other means.
- Additional Information. For more information on our privacy practices, please review this Supplemental CCPA Privacy Notice and our Privacy Policy. Importantly, the section of our Privacy Policy titled “Your Data Rights” includes important details about how you can exercise some of the rights that you have under the CCPA.
Categories of Sources from Which Personal Data is Collected
We collect personal data that you provide to us, personal data we collect automatically when you use the Services, and personal data from third-party sources.
Overview of Personal Data Collected, Disclosed, Sold, and/or Shared
The CCPA provides California residents with the right to know what categories of personal information Built has collected about them, whether Built disclosed that personal information to a service provider or a contractor for a business purpose, whether Built “sold” that personal information, and whether Built “shared” that personal information for “cross-context behavioral advertising” in the preceding 12 months. California residents can find this information below:
| Category of Personal Data Collected by Built | Did Built Disclose the Personal Data to a Service Provider or a Contractor for a Business Purpose? | Category of Third Parties To Whom Personal Data Is Sold and/or Shared |
|---|---|---|
| Identifiers | Yes | Advertising partners |
| Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Yes | Not applicable |
| Commercial information | Yes | Not applicable |
| Internet or other electronic network activity | Yes | Advertising partners |
| Sensory data | Yes | Not applicable |
| Professional or employment-related information | Yes | Not applicable |
| Inferences drawn from other personal information to create a profile about a consumer | Yes | Advertising partners |
| Personal information that reveals a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account | Yes | Not applicable |
| Personal information that reveals the contents of a consumer’s mail, email, and text messages unless Built is the intended recipient of the communication | Yes | Not applicable |
Uses of Personal Data
We may use and disclose the personal data that we collect for the business and commercial purposes described in the sections of our Privacy Policy titled “Purposes of Data Collection” and “How We Share Data.”
Opting Out of “Sales” of Personal Data and/or “Sharing” for Cross-Context Behavioral Advertising under the CCPA
We “sell” your personal information or “share” your personal information for “cross-contextual behavioral advertising” to provide you with “cross-context behavioral advertising” about Built’s products and services.
California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise these rights by clicking the opt-out link and following the instructions provided.
Disclosure Regarding Individuals Under the Age of 16
Built does not have actual knowledge of any “sale” of personal data of minors under 16 years of age. Built does not have actual knowledge of any “sharing” of personal data of minors under 16 years of age for “cross-context behavioral advertising.”
Disclosure Regarding Opt-Out Preference Signals
California residents may opt out of “sales” of personal data and “sharing” of personal data for “cross-context behavioral advertising” that are carried out on https://getbuilt.com/ by broadcasting the opt-out preference signal known as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). To download and use a browser supporting the GPC browser signal, visit the Global Privacy Control website. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use to visit https://getbuilt.com/.
Disclosure Regarding Sensitive Personal Data
Built uses and discloses sensitive personal data only for the purposes set forth in Section 7027(m) of the CCPA regulations.
No Retaliation for the Exercise of Rights under the CCPA
California residents have the right not to be retaliated against by us for the exercise of their rights conferred by the CCPA.
Verification
To protect your privacy, we will take steps to verify your identity before fulfilling certain requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify that you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you.
Authorized Agent
Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contacting Us” above and ask us for additional instructions.
Data Belonging to Children
The Services provided by Built are not directed to or intended for use by individuals under 18 years of age. Built does not knowingly collect any information from children under 18. If you become aware that your child is accessing the Website or Services, and is providing any personal data to Built, please contact us (see the Contact Us section for communication details). We will take steps to remove any personal data provided by any child under 18 from our systems and terminate any accounts associated with the personal data.
Third-Party Websites
Our Website and Services may contain links to websites operated by non-affiliated or independent third parties. Please be aware that these websites may collect and process your personal data when you visit and utilize them. These sites have not necessarily been reviewed by us and are not within our control. Built is not responsible for the privacy and data processing practices provided by or advertised on these third-party websites.
Any information provided by you or automatically collected from you by a third party will be governed by that party’s privacy policy and terms of use. If you are unsure whether a website is controlled, affiliated, or managed by us, you should review the privacy policy and practices applicable to each linked website.
International Users
This Website and Services are intended solely for Built customers residing in the United States and Canada. If you reside in another country and choose to use our Website and Services, be aware that we may transfer your personal data to our subsidiaries and affiliated entities, or to other third parties, across borders and from your country or jurisdiction to other countries or jurisdictions around the world. These countries and jurisdictions may not offer the same data protection laws as yours.
This policy was last modified on June 1, 2026.

