Back to Home

    Privacy Policy

    Last updated: 9 February 2026

    1. Who We Are

    BuildPay is a trading name of BuildPay Ltd, a company registered in England and Wales. We are the data controller responsible for your personal data. If you have any questions about this policy or how we handle your data, please contact us at privacy@buildpay.app.

    2. What Personal Data We Collect

    We may collect the following categories of personal data:

    • Identity data: full name, job title, company role
    • Contact data: email address, telephone number, postal address
    • Company data: company name, Companies House registration number, VAT number, trading name
    • Financial data: bank account details, payment amounts, retention values
    • Technical data: IP address, browser type, device information, login timestamps
    • Usage data: how you interact with our platform, pages visited, features used

    3. Lawful Bases for Processing

    Under Article 6 of the UK GDPR, we process your personal data on the following lawful bases:

    • Performance of a contract: processing necessary to provide you with our payment management services, manage your account, and fulfil our contractual obligations.
    • Legal obligation: processing required to comply with UK construction payment legislation (including the Housing Grants, Construction and Regeneration Act 1996), tax obligations, and anti-money laundering regulations.
    • Legitimate interests: processing necessary for our legitimate business interests, such as improving our services, fraud prevention, and ensuring platform security, provided these interests are not overridden by your rights.
    • Consent: where we rely on your consent (e.g., marketing communications), you may withdraw it at any time by contacting us.

    4. How We Use Your Data

    • Creating and managing your BuildPay account
    • Processing payment applications, payment notices, and valuations
    • Verifying company registration details via the Companies House API
    • Generating and distributing payment notices and PDF documents
    • Synchronising data with your ERP or accounting systems
    • Communicating with you about your account and our services
    • Complying with legal and regulatory requirements
    • Improving and optimising our platform

    5. Data Sharing and Third Parties

    We may share your personal data with the following categories of recipients:

    • Cloud infrastructure providers: our platform is hosted on secure cloud infrastructure within the EEA/UK with appropriate data processing agreements in place.
    • Companies House: we verify company registration numbers using the Companies House public API.
    • Email service providers: to send transactional emails such as payment notices and invitations.
    • Your ERP/accounting system: where you have configured an integration, data will be synchronised as directed by you.
    • Other users within your organisation: colleagues with appropriate access levels can view relevant contract and payment data.
    • Regulatory bodies: where required by law, such as HMRC or the ICO.

    We do not sell your personal data to any third party.

    6. International Transfers

    Where your data is transferred outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the ICO, or transfers to countries with an adequacy decision under UK data protection law.

    7. Data Retention

    We retain your personal data only for as long as necessary:

    • Account data: for the duration of your account, plus 6 years after closure
    • Payment records: 6 years from the date of the transaction, in line with HMRC requirements
    • Contract documentation: 6 years after the final account or completion of the contract
    • Technical logs: up to 12 months

    8. Your Rights

    Under the UK GDPR, you have the right to:

    • Access — request a copy of the personal data we hold about you
    • Rectification — request correction of inaccurate or incomplete data
    • Erasure — request deletion of your data where there is no compelling reason for continued processing
    • Restriction — request that we limit processing of your data in certain circumstances
    • Portability — receive your data in a structured, commonly used, machine-readable format
    • Objection — object to processing based on legitimate interests or direct marketing
    • Withdraw consent — where processing is based on consent, withdraw it at any time

    To exercise any of these rights, please contact us at privacy@buildpay.app. We will respond within one month of receiving your request.

    9. Cookies

    We use essential cookies to enable core platform functionality such as authentication and session management. We do not use advertising or non-essential tracking cookies. For more information, you may contact us directly.

    10. Right to Complain

    If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

    11. Changes to This Policy

    We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically. Continued use of our platform after changes constitutes acceptance of the updated policy.