1. Introduction
Builder ("Company," "we," "our," or "us") is a platform by Nimbusa committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and otherwise process personal information in connection with our website, mobile applications, and related services (collectively, the "Services").
This Privacy Policy applies to all users, including contractors, clients, and administrators.
Your privacy is important to us. If you have questions about this Privacy Policy or our privacy practices, please contact us at nimbusadev@gmail.com.
2. Information We Collect
2.1 Information You Provide Directly
Registration and Profile Information
- Name (first and last name)
- Email address (verified)
- Phone number (optional)
- Location (address, city, state, ZIP code)
- Profile information (bio, professional details, specialties)
- Account preferences (notification settings, language)
- Profile photo/avatar
- Payment information (via Stripe — we never see credit card data)
Communications
- Messages sent between users
- Proposal content (job descriptions, bids, negotiations)
- Comments on jobs and posts
- Support tickets and customer service communications
Financial Information
- Payment history (amounts, dates, status)
- Bank account details for contractors (via Stripe Connect)
- Payout preferences
- Invoice information
Authentication
- Password (hashed and encrypted)
- Login history (IP address, device, timestamp)
- Two-factor authentication (2FA setup and backup codes)
2.2 Information Collected Automatically
Device and browser information (device type, OS, browser, IP address, device identifiers); usage information (pages visited, links clicked, search queries, features used, actions performed, date/time); cookies and tracking (session, preference, analytics, Firebase, advertising); and location information (approximate from IP, precise if you enable it for contractor searches).
2.3 Information from Third Parties
Payment processing and fraud detection via Stripe (including bank information for payouts); social media profile data if you connect an account (name, email, picture); and, where verification is required, identity verification documents, professional license information, and background check results.
3. How We Use Your Information
3.1 Essential Operations
- Creating and maintaining your account
- Processing transactions and payments
- Delivering services (job posting, proposals, messaging)
- Authenticating your identity
- Detecting and preventing fraud
3.2 Communication
- Sending transactional emails (confirmation, receipts, alerts)
- Sending service notifications (new proposals, messages, payments)
- Responding to your inquiries and support requests
- Sending important updates about our services
3.3 Improvement and Analytics
- Understanding how you use our Services
- Improving platform features and user experience
- Conducting analytics and research
- Developing new features and troubleshooting
3.4 Safety and Compliance
- Enforcing our Terms of Service
- Complying with legal obligations
- Detecting, investigating, and preventing fraud
- Protecting the security of our systems and users
- Responding to legal requests from authorities
3.5 Marketing (With Your Consent)
Sending newsletters and promotional content, suggesting relevant job matches, and notifying you about features. Note: You can opt out of marketing emails anytime via Settings → Notifications.
4. Data Security
Encryption: data at rest is encrypted with AES-256; all communications use HTTPS/TLS; passwords are stored hashed (never plaintext); sensitive fields (email, phone, address) are encrypted before storage; messages are encrypted in the database.
Security measures: Firebase security rules (row-level access control), optional two-factor authentication, rate limiting, audit logging, immediate security patches, and continuous monitoring. Third-party security: Stripe (PCI-DSS Level 1), Firebase (Google Cloud), and encrypted backups.
No system is 100% secure. We use industry-standard practices but cannot guarantee absolute security. If you believe your account has been compromised, contact nimbusadev@gmail.com immediately.
5. Data Sharing and Disclosure
5.1 Who Has Access to Your Data
Other users (contractors see job postings + client profile info; clients see contractor profiles + credentials; private messages only visible to sender and recipient); service providers (Stripe for payments, Firebase for email/hosting/database, Google Analytics for anonymized usage, identity verification services if needed); legal requirements (court orders, government/law-enforcement requests, fraud prevention); and business transfers (your information may transfer if we merge, acquire, or sell assets — we'll notify you).
5.2 Data We Do NOT Share
- Credit card information (handled by Stripe only)
- Social Security numbers
- Passwords
- Personal medical information (if provided)
- Your data with marketers or advertisers (without consent)
6. Your Privacy Rights
You have the right to access your data (Settings → Privacy → Download My Data, or email us; within 30 days), correct it (Settings → Profile), delete it (Settings → Privacy → Delete My Account — permanent; payment records kept 7 years and audit logs 3 years for legal/security reasons; 30-day grace period), port it in machine-readable JSON, withdraw consent for marketing, object to certain processing, and lodge a complaint with your local data protection authority (EU DPA, US FTC, UK ICO).
7. Third-Party Services
Google Analytics tracks anonymous usage statistics (no personal information; opt out in Settings → Privacy). Stripe processes payments and payouts and stores encrypted bank info (Stripe Privacy Policy). Firebase hosts the platform, manages authentication, and stores the database/files (Google Privacy Policy). Our Services may link to third-party sites whose privacy practices we don't control.
8. Cookies and Tracking
Cookies are small files stored on your device to remember preferences and track activity.
| Cookie | Purpose | Duration |
|---|---|---|
| session_id | User authentication | Session (until logout) |
| theme_preference | Light/dark mode | 1 year |
| language | Language preference | 1 year |
| analytics_id | Google Analytics | 2 years |
| notification_prefs | Notification settings | 30 days |
You can disable cookies via your browser settings or opt out of analytics in Settings → Privacy. Disabling cookies may limit platform functionality.
9. Data Retention
| Data Type | Retention Period | Reason |
|---|---|---|
| User profile (deleted) | 90 days | Recovery window |
| Messages | 1 year | User access |
| Audit logs | 3 years | Security/compliance |
| Payment records | 7 years | Legal/tax |
| Error logs | 90 days | Debugging |
| Login attempts | 30 days | Security |
After the retention period, data is automatically deleted according to our data retention policy.
10. Children's Privacy
Builder is NOT intended for users under 18 years old. We do not knowingly collect information from children. If we learn we have collected information from a child under 18, we will delete it immediately. If you believe your child has provided information, contact nimbusadev@gmail.com.
11. International Data Transfers
Our servers are located in the United States (Google Cloud). If you access the Services from outside the US, your data may be transferred to the US, US privacy laws apply, and GDPR safeguards (Standard Contractual Clauses) ensure appropriate protection. By using our Services, you consent to this transfer.
12. California Privacy Rights (CCPA)
California residents have the right to know what personal information we collect/use/share, to request deletion (with some exceptions), to opt out of the "sale" of personal information (we don't sell data), and to non-discrimination for exercising these rights. Request at Settings → Privacy → California Privacy Rights.
13. Updates to This Policy
We may update this Privacy Policy to reflect changes in our Services, new legal requirements, or improved privacy practices. We will post updates on this page, update the "Last Updated" date, email you of material changes, and require consent for significant changes.
14. Contact Us
Privacy questions / data requests / security incidents: nimbusadev@gmail.com. For data requests, include your full name, email, request type, and details. Complaints may be directed to your local data protection authority (EU DPA, UK ico.org.uk, US ftc.gov).
15. EU/GDPR Specific Information
We process your data based on consent (marketing), contract (to provide Services), legal obligation, legitimate interest (improvement and security), and public interest (fraud prevention). Where required, our Data Protection Officer can be reached at nimbusadev@gmail.com. Transfers outside the EU use Standard Contractual Clauses and adequacy decisions where applicable.
16. Your Data Rights Summary
| Right | How to Request | Timeline |
|---|---|---|
| Access your data | Settings → Download My Data | 30 days |
| Correct your data | Settings → Edit Profile | Immediate |
| Delete your data | Settings → Delete My Account | 30 days (+30-day grace) |
| Export your data | Settings → Export My Data | 30 days |
| Withdraw consent | Settings → Notifications | Immediate |
| Object to processing | Settings → Privacy Preferences | Immediate |
| Lodge a complaint | Contact data protection authority | Varies |
17. Final Notes
By using Builder, you acknowledge that you have read and understand this Privacy Policy, consent to our data practices as described, are at least 18 years old, and understand the risks of online transactions. If you do not agree with our privacy practices, please do not use our Services.
Thank you for choosing Builder by Nimbusa. Questions? Contact us at nimbusadev@gmail.com.