Privacy Policy

1. Who We Are

BuiltByBas (“Company,” “we,” “us,” or “our”) is a California-based software development and web design business. We operate the website builtbybas.com (the “Site”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Site or engage our services.

By accessing or using the Site, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Site.

2. Information We Collect

2.1 Information You Provide Directly

When you submit our project intake form or otherwise communicate with us, we may collect:

• Contact information: name, email address, phone number, preferred contact method
• Business information: company name, industry, business size, years in business, existing website URL
• Project details: selected services, service-specific requirements, timeline, budget range, design preferences, brand assets, competitor/inspiration references, additional notes
• Referral source: how you heard about us

2.2 Information Collected Automatically

We use Umami Analytics, a privacy-focused, cookieless analytics platform self-hosted on our infrastructure. Umami does not use cookies, does not track users across websites, and does not collect personally identifiable information. The aggregated, anonymous data collected includes:

• Page views and referral sources
• Browser type and operating system
• Device type and screen resolution
• Country-level geographic location (no IP addresses stored)

2.3 Information We Do Not Collect

• We do not use third-party tracking cookies, advertising pixels, or cross-site trackers
• We do not sell, rent, or trade your personal information to any third party for advertising or marketing purposes
• We do not collect financial information such as credit card numbers through the Site (payments are processed through secure third-party processors)

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: to evaluate your project needs, generate proposals, communicate with you, and deliver contracted services
• Business operations: to manage our client pipeline, track project status, and improve our internal processes
• Communication: to respond to your inquiries, send project updates, proposals, and follow-up communications related to your project
• Site improvement: to analyze aggregated, anonymous usage data to improve the Site's performance and user experience
• Legal compliance: to comply with applicable laws, regulations, and legal processes

4. AI-Assisted Processing

We use artificial intelligence tools (specifically, Anthropic's Claude) to assist in generating project proposals, estimates, and scope documents based on the information you provide through our intake form. Your intake data is processed through these AI tools solely for the purpose of generating your proposal.

All AI-generated content is reviewed by a human team member before delivery. We do not use your data to train AI models. Our AI provider (Anthropic) processes data in accordance with their published privacy and data handling policies and does not retain input data for model training.

5. How We Share Your Information

We do not sell your personal information. We may share your information only in the following limited circumstances:

• Service providers: We use Resend for transactional email delivery (proposals, follow-ups). These providers process data solely on our behalf and are contractually obligated to protect your information.
• AI processing: As described in Section 4, intake data is processed through Anthropic's API for proposal generation.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or other governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this policy:

• Active client data: Retained for the duration of our business relationship and for a period of three (3) years following project completion for warranty, support, and reference purposes
• Intake submissions (non-clients): Retained for up to one (1) year following submission to allow for follow-up, then permanently deleted unless you engage our services
• Proposals: Retained for two (2) years from the date of generation
• Analytics data: Umami retains aggregated, anonymous analytics data indefinitely. No personally identifiable information is stored in analytics.
• Session data: Authentication sessions expire automatically and are purged from our database upon expiration

You may request earlier deletion of your data at any time by contacting us (see Section 10).

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Passwords hashed using bcrypt with industry-standard salt rounds
• HTTP-only, secure cookies for authentication sessions
• Role-based access controls limiting data access to authorized personnel
• Database hosted on secured infrastructure with restricted network access
• Rate limiting on authentication endpoints to prevent brute force attacks

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but will notify affected users promptly in the event of a data breach as required by applicable law.

8. Your Rights Under California Law (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request that we delete the personal information we have collected from you, subject to certain legal exceptions.
• Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. There is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.
• Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under the CPRA (e.g., Social Security numbers, financial account details, precise geolocation, biometric data).

To exercise any of these rights, contact us using the information in Section 10. We will verify your identity before processing your request and respond within forty-five (45) days as required by law.

9. Children's Privacy

The Site is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected such information, we will delete it promptly. If you believe a child under 16 has provided us with personal information, please contact us immediately.

10. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, contact us at:

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, provide additional notice (such as a banner on the Site or direct communication). Your continued use of the Site after any changes constitutes your acceptance of the updated policy.

We encourage you to review this policy periodically.