How we handle your information

When you start an intake we collect your name, email, optional phone, the state you plan to build in, and the answers you provide about your home. If you pay for a plan, we also receive a payment confirmation from our payment processor.

We do not collect government IDs, financial account numbers, or credit card numbers.

Payments are processed by Stripe. Card details are entered on Stripe's hosted checkout and never touch our servers. We only store the transaction reference and the amount paid.

Your intake and generated plan are stored in our managed Postgres database with row-level security enabled. Only your own account and our admin team can read your records. Background jobs that send email or generate documents run on isolated server functions using least-privilege credentials.

Sign-in uses email + password or Google. Admin access is gated by a server-side role assignment — admin status is never trusted from the browser.

Transactional emails (receipts, report-ready notifications, account alerts) are sent from notify.builderconcierge.ai. Every email includes an unsubscribe link for non-essential messages. We honor unsubscribe and bounce suppression automatically.

• Supabase — database, auth, and storage
• Stripe — payments
• Lovable Cloud — application hosting and AI inference
• Resend — transactional email delivery

You can request a copy of your data, ask us to correct it, or ask us to delete it at any time. Email concierge@builderconcierge.ai.

If you believe you've found a vulnerability, please email concierge@builderconcierge.ai with details and steps to reproduce. We'll acknowledge within 2 business days.