Privacy Policy (US)
Effective: April 14, 2026
Company: Buildtheyear, Inc. ("Buildtheyear," "we," "us," "our")
Contact: privacy@buildtheyear.com
This Privacy Policy explains how we collect, use, disclose, and protect personal information of U.S. residents who use Buildtheyear's Event Capacity Planner SaaS (the "Service").
We do not sell personal information and we do not share personal information for cross-context behavioral advertising. We do not run cross-site targeted advertising.
1) What We Collect & Why
We collect the categories below for the purposes listed.
Identifiers
What: name, email, organization, role, IP/device info
Why: account creation and authentication, security, user management, and service communications.
Account & Usage Data
What: app events, settings, feature interactions, access timestamps, crash and performance logs
Why: operating, securing, and improving the Service; debugging; preventing abuse.
Commercial & Billing Data
What: plan, invoices, tax info; card data stays with Stripe
Why: billing, payments, and fraud prevention.
Support Content
What: messages, attachments, error screenshots
Why: troubleshooting and customer success.
AI Conversation Data (ei)
What: messages and prompts you submit to ei (our in-app AI assistant), model responses, and related metadata (timestamps, tool invocations, confidence indicators)
Why: providing AI-assisted analysis of your event portfolio data; improving response quality; enforcing usage limits; and debugging.
Sources: directly from you and your organization; automatically from your use of the Service (e.g., logs, AI conversation history); and from our processors listed below (payments, email delivery, hosting, auth, AI model providers, analytics).
Note: We do not intentionally collect "sensitive personal information" (such as precise geolocation, government IDs, or health information). Do not submit sensitive data to the Service.
2) How We Use Personal Information
- Provide, operate, and secure the Service
- Authenticate users and manage organizations/roles
- Bill for services; detect and prevent fraud/abuse
- Provide support and communicate about updates or outages
- Power AI-assisted features (ei) by sending org-scoped data to our AI model provider for analysis and response generation
- Improve features and performance (aggregated/limited analytics and product usage metrics)
- Comply with law and enforce terms
We do not use personal information for cross-site targeted advertising and do not sell personal information.
3) Disclosures to Processors (Service Providers)
We use processors under contracts that restrict their use to our instructions and require safeguards. Typical processors are listed below; we may update this list as our Service evolves.
| Processor | What they do | Typical data they process | Notes |
|---|---|---|---|
| Clerk | Authentication & user/organization management (sign-in, sessions, roles) | Identifiers (name, email), org membership/role, auth/session data, IP/device | Used to gate access to Buildtheyear and manage multi-tenant orgs |
| Stripe | Payments, billing, invoicing, refunds, tax | Customer identifiers, plan/price, invoice/payment metadata, last4/brand (card data handled by Stripe) | We do not store full card numbers; Stripe is PCI DSS compliant |
| Postmark | Transactional email (password reset, invites, receipts) | Recipient email, message metadata, templates/variables | We keep minimal delivery logs for troubleshooting (see Retention) |
| Vercel | Hosting for front-end/API; CDN; build logs | IP, HTTP request/response metadata, error/performance logs | Used to route traffic and serve the app quickly and reliably |
| Neon | Managed Postgres database + backups | App data you enter (projects, users' org affiliation, configs), timestamps | Primary data store; backups retained per policy below |
| Anthropic | AI model provider powering ei (in-app AI assistant for event portfolio analysis) | Org-scoped event portfolio context (event names, costs, KPIs, capacity data), user prompts, and conversation messages | Data is sent per-request to generate AI responses; Anthropic processes data under its commercial API terms and does not use customer inputs to train models. If your organization provides its own API key (BYOK), your direct agreement with Anthropic governs that processing |
| PostHog | Product analytics, feature-flag evaluation, and usage metrics | Anonymized/pseudonymized usage events, feature interactions, page views, session metadata | Used to measure feature adoption and improve the Service; we minimize personally identifiable data sent to PostHog |
We may disclose information if required by law, to protect rights and safety, or as part of a merger/acquisition. We do not disclose personal information to data brokers.
4) Your Privacy Rights (US)
Depending on your state, you may have the right to access, correct, delete, or obtain a portable copy of your personal information; and to opt out of sale/sharing/targeted advertising. We already do not sell or share data and do not perform targeted advertising.
How to Exercise Your Rights:
- Submit a request: email privacy@buildtheyear.com
- Verification: we may ask for information to verify your identity/authority
- Timing: we aim to respond within 45 days (extensions as allowed by law)
- Appeals: email privacy@buildtheyear.com with subject "Privacy Appeal" if we deny your request
You may use an authorized agent (we may request proof of authorization and identity). We honor supported universal opt-out signals for sale/sharing where applicable, although we do not sell/share data. We will not discriminate against you for exercising your privacy rights.
5) Retention
We keep personal information only as long as needed for the purposes above, to comply with law, or to resolve disputes. Then we delete or de-identify it. Current targets:
| Data Category | Examples | Typical Retention |
|---|---|---|
| Account profile & org membership (Clerk) | name, email, org/role, session info | While account is active; delete within [30 days] after closure; security backups up to [90 days] |
| Billing & tax (Stripe) | invoices, payment status, refunds, tax records | 7 years (or longer if required by tax/accounting law) |
| Application data (Neon) | events, templates, settings, assignments, audit timestamps | While account is active; delete within [30–60 days] after closure; database backups retained up to [30 days] |
| Operational & security logs (Vercel/API) | request logs, IPs, error traces, audit events | [30–90 days] (shorter where feasible for privacy) |
| Email delivery logs (Postmark) | recipient, timestamp, delivery status, message ID | [90 days]; we do not persist email bodies after delivery beyond what's required for deliverability/troubleshooting |
| Support records | tickets, attachments, chat/email threads | [12–24 months] after resolution, unless needed to enforce rights or meet legal obligations |
| AI conversation data (ei) | user prompts, AI-generated responses, tool invocations, metadata | Auto-deleted after 90 days; conversations are private within your organization and not visible to other organizations |
| Product analytics (PostHog) | pseudonymized usage events, feature interactions, session metadata | [90 days]; we minimize personally identifiable data in analytics events |
6) Security
We use reasonable administrative, technical, and physical safeguards appropriate to the data and our business (principle of least privilege, encrypted transport, scoped API keys/secrets, and regular access reviews). No system is 100% secure.
7) Children's Privacy
Our Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will delete it.
8) Changes to This Policy
If we make material changes, we'll update the "Effective" date above and provide additional notice where required.
9) State-Specific Information
We apply this policy uniformly across U.S. states. Where state law grants additional rights (e.g., California, Colorado, Virginia, Connecticut, Utah, Texas, Oregon), you may exercise them via the process above. We provide an appeals process where required.
Contact Information
For privacy-related questions, requests, or concerns, please contact us at:
Email: privacy@buildtheyear.com
For privacy appeals, use subject line: "Privacy Appeal"
