Built.io joins Software AG! Read all about the news.

Built.io | Privacy Policy

Effective Date: May 25, 2018

Built.io LLC ("Built.io") operates a family of websites including, but not limited to Built.io and Built.io, as well as providing software as a service (SaaS) for businesses (collectively the Sites and Services). It is Built.io's policy to respect your privacy regarding any information we may collect while operating our Sites and using our Services in accordance with applicable laws. This privacy policy (the "Privacy Policy") is intended to inform you of how Built.io ("Built.io” or "us" or “we”) gathers and uses personal information and data submitted to the Sites and Services. In this Privacy Policy, "user" or "you" means any person viewing the Sites or subscribing to the SaaS. By using the Sites and Services, you are indicating your consent to this Privacy Policy. 

Please feel free to address any questions or concerns regarding data privacy to our Data Protection Officer (DPO) at privacy@built.io or at 

Privacy Questions:
49 Geary Street #238
San Francisco, CA 91408

Classification of users

There are three (3) types of users who may be connected to our services.  

“Visitors” are people who visit our Site without logging on or requesting information from us.  

“Customers” are persons who, on behalf of themselves or an entity request information from us regarding SaaS or related services or use of Services via log-on to our Site either for a limited time free trial or by purchasing the SaaS.  

For purposes of this Privacy Policy, we are the Data Controller only with respect to our sales and billing operations and any interactions with Visitors or Customers via our Services and Sites.

In the course of Customers using the SaaS, their customers, members, contractors or employees (“End Users”) may provide personally identifiable information to us using the SaaS via Customer websites or applications.

End user information

End User information, which may be considered personal data will be governed by our Master Agreement and Schedules providing the SaaS to our Customers who are the data controllers and who instruct us how to process the data or use the SaaS to process the data they collect. However, for entities or individuals that are Customers, and which are located in the European Economic Area (EEA) or Switzerland or serving subjects located in the European Economic Area (EEA) or Switzerland, we will govern our use of End User Data based on the execution of a Data Processing Addendum or other written agreement incorporating EU Standard Contractual Clauses for processors. 

End User Data may be shared where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Built.io or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and debugging purposes; or (iv) to protect the rights, property or safety of Built.io, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third party request to compel disclosure of your information.

Except as expressly set forth in this Privacy Policy, we will not sell or disclose or use End User personal data to any third parties without the authorization of the controller.  

Individuals who have provided information to Built.io’s Customers must send requests regarding the exercise of their data subject rights under the General Data Protection Regulation (GDPR) and state implementing laws to the particular Built.io Customer who is the Data Controller. 

Tracking information

Built.io may collect information automatically using web tracking technologies such as cookies, web beacons, pixel tags, clear GIFs and third party tracking services in order to ensure that the Sites and Services operate efficiently and to collect data related to usage of the Sites and Services such as, but not limited to, the browser type, language preference, referring site, and the date and time of each visitor request (“Tracking Information”). 


We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.

In order to collect Tracking Information, make your use of the Sites and Services more efficient and responsive to your needs, Built.io and its cookie service providers, detailed in the Cookie Policy, store cookies on your computer. Built.io also uses cookies and web beacons that are placed in web pages on the Sites and Services or in email communications to collect information and learn about actions users take when they interact with the Sites and Services, such email communications. 

Built.io does not link Tracking Information to individual user Personal Information; nor does it include the Personal Information with the Tracking Information that Built.io shares with the web tracking companies that use and process the Tracking Information, except as strictly necessary to provide and improve the Services (including customer support services). Some Tracking Information may include log or other data, such as IP address data, that is unique to you. You may be able to modify your browser settings to alter which web tracking technologies are permitted when you use the Sites and Services, but this may affect the performance of the Sites and Services.   

If you do not wish to receive cookies, you may deactivate storing cookies on your computer by changing your browser settings accordingly. Please note that the functionality of the Sites and Services may be impaired and the range of functionalities may be severely limited if you deactivate cookies.  

Specifics of which cookies we use can be found on our Cookie Policy page

Potentially identifying data

We collect the IP Addresses of Visitors and Customers, which is, in certain situations linked with users either through cookies, or for those Customers who log on to our Site to use the SaaS.

Personal data

Customers who access Built.io's Sites or use the SaaS choose to interact with Built.io in ways that require Built.io to gather personally-identifying information such as name, address (email or physical), credit card billing information, username, passwords). The amount and type of information that Built.io gathers depends on the nature of the interaction. 

We ask Visitors who sign up for an account at Built.io or who have questions to provide a username and email address.

Those who engage in transactions with Built.io by purchasing access to the Built.io platform to use the SaaS or sign up for a trial period - are asked to provide name, address and additional billing information (credit card or bank information) for provision to Braintree (we do not store payment information) and user name and password. Once signed up and the SaaS is purchased, Customer employees or contractors will be asked to provide their name and email address and a password. 

We also collect Customer content and track Customer usage of the SaaS and other Services as part of the Services.

How we use your information


For Visitors, if you do not purchase the SaaS but want information, we use your contact information to follow up on your request. We may also ask your consent to communicate with you regarding the provision of services or notify you about new services, changes and improvements. 

For Customers

To Provide the Services

With respect to our Customers and their account users, Built.io does not disclose personal identifying information for marketing purposes other than as described below. We use such personal data, as well as Tracking Information connected with your personal data for purposes of account and services administration and providing the Services. We link IP Addresses with cookies and your email address in order to identify you and track your use of the Services.  

For Customer employees or contractors we link your email address to the Customer master account to coordinate provision of the SaaS and related Services as well as to track usage of the SaaS.

If you provide your payment information, we will use that information to charge you for the Services you purchase using Braintree, but we do not store your credit card or other payment information.

Fraud and SaaS stability and security

We use Personal Data, Content, Tracking Information, and your usage history to detect fraud, abuse, violation of our contract terms, violation of any laws, rules or regulations, to ensure the stability and security of our Services, to protect the rights, property or safety of Built.io or to protect public safety and threats to public health

Direct Marketing and Updating You Regarding the Use of the Services.

We will use Customer contact information to contact you via email or by phone, if necessary, to let Customers know about Services we and our affiliates provide, new Services or features or to update you regarding Customer use of the Services.

To Improve the Quality of Services

We use Tracking Information and usage history to improve the quality of our Services, including, but not limited to user experience.

Aggregated Statistics

To the extent permitted by law, Built.io will use Tracking Information to compile and/or create for analytical purposes, statistical, aggregated data relating to our users and the Sites and Services and display or share this information. Aggregated data is derived from Personal Information and Tracking Information but in its aggregated form it is de-identified in a manner so that it cannot be used to identify any individual or individuals. This data is used to understand our customer base, their needs, to develop, improve, and market our services.

Do Not Track Settings and Signals

Some web browsers may transmit “do not track” signals to the websites and other online services with which your web browser communicates. There is no standard that governs what, websites should do if they receive these signals. We currently do not respond to “Do Not Track” browser signals, settings or similar mechanisms. If and when a standard is established, we may revise our policy on responding to these signals. Third parties may collect personal information about your online activities over time and across sites when you visit the Sites or use the Sites or Services as set forth below.

How we share information

We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:

Law Enforcement and Internal Operations

Personal Data, Tracking Information, Content and End User Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Built.io or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and debugging purposes; or (iv) to protect the rights, property or safety of Built.io, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third party request to compel disclosure of your information.

Business Transfer  

Built.io may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Built.io will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.


Built.io provides Personal Data and Tracking Information to our affiliates that need to use such Information to provide the Services.

Third Parties

We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum, EU Model Clauses and/or ensuring they have EU-U.S. and Swiss-US Privacy Shield certification.

Third Party Service Providers

Here is a list of the third party tools and applications we use which may collect Personal Data or Tracking Information from you directly on our behalf and share it with us

Braintree. Braintree processes payments on our behalf using credit card and other payment transactions. Braintree collects payment information and contact information to validate and process payments since we do not store credit card information. Braintree, which is owned by PayPal, is self-certified under the US-EU Privacy shield and we have entered into a Data Processing Addendum with them to familiarize yourself with Braintree's privacy practices and that of its parent company PayPal, go to https://www.paypal.com/us/webapps/mpp/ua/privacy-full

Google Analytics. Our Sites and Services utilize Google Analytics to collect information about the use of the Sites and Services. Google Analytics collects information such as how often users visit this site, what pages they visit, when they do so, and what other sites they used prior to coming to this site. We use the information we get from Google Analytics only to improve this site, but in anonymous form. Google Analytics collects only the IP address assigned to you on the date you visit this site and assigns a user ID code, rather than your name or other identifying information. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google uses this information to analyze your use of the website, to generate reports about website activities for website operators and to provide further services related to website and internet use. Google may also share such information with third parties to the extent it is legally required to do so and/or to the extent third parties process data on behalf of Google. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser. You may block Google Analytics on some browsers with the help of a browser add-on if you do not want us to use this website analysis. This add-on can be downloaded at: 'http://tools.google.com/dlpage/gaoptout?hl=en. For more information on Google Analytics and Google’s privacy practices, please review their privacy policy at https://www.google.com/policies/privacy/.

We also use Google Forms to collect inquiries from our Site. Processing takes place in the United States.

We use Intercom in connection with our Sites and Services to store and track usage statistics, support conversations and contact information such as name and email in connection with those support live chat conversations. Intercom is used for customer support purposes. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Intercom, Inc. (“Intercom”) and utilize Intercom to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Intercom analyzes your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Intercom's use of cookies, please visit https://www.intercom.com/terms-and-policies#cookie-policy. We may also use Intercom as a medium for communications, either through email, or through messages within our product(s). As part of our service agreements, Intercom collects publicly available contact and social information related to you, such as your email address, gender, company, job title, photos, website URLs, social network handles and physical addresses, to enhance your user experience. Processing takes place in the United States. Intercom is self-certified under the US-EU Privacy Shield and we have entered into a Data Processing Addendum with them. For more information on the privacy practices of Intercom, please visit their privacy policy. Intercom’s services are governed by Intercom’s terms of use which can be found at https://www.intercom.com/terms-and-policies#terms.

We may use use MixPanel to onboard customers and track your interaction with our Services and third party services through our Services. It collects name, contact information and [Need more info]. Data is processed in the United States.  Mixpanel is self-certified under the US-EU Privacy Shield and the Swiss-U.S. Privacy Shield framework to process data in the United States and data is only shared subject to a Data Protection Addendum. For more information please check out Mixpanel’s privacy policy.

We use the tool Freshdesk supports us in the processing of customer requests using cookies. The recorded information is processed by Freshdesk on different servers some of which are located in the United States. Freshdesk information about your browser, your hardware and software, your Internet service provider as well as your IP address, which can also be sent to the United States. Freshdesk uses this information to provide the services described above. Freshdesk is self certified under the US-EU Privacy Shield and we have a Data Processing Addendum in place with them. For more information on data protection visit Freshdesk visit: http://www.freshdesk.com/privacy/  If you do not want to go to Freshdesk, you can refuse to set a cookie in your browser settings. 

We use Salesforce.com to collect personal information related to sales (name, contact information, employer) in order to follow up on inquiries and sales to our customers or potential customers who have contacted us. Salesforce is self-certified under the US-EU Privacy Shield and the Swiss-U.S. Privacy Shield framework to process data in the United States and its data is only shared subject to a Data Protection Addendum as well as Binding Corporate Rules. For more information about SalesForce’s privacy practices follow this link to https://www.salesforce.com/company/privacy/full_privacy.jsp 

We also may use Marketo to track, follow up and market products to existing customers based on the name, email address and other contact information provided and tracking information collected through cookies. If you would like to be removed from such marketing, follow the removal instructions at the bottom of the emails sent to you. Processing takes place in the United States. Marketo is self-certified under U.S.-E.U. Privacy shield. Data processed in the United States under a Data Privacy Addendum and Standard Contractual Clauses. Please refer to Marketo’s Privacy Notice for more information.

To sign documents we used the API (data interface) and services of HelloSign. It collects your name and other information necessary to execute contracts for digital signature. Hellosign is self certified under the US-EU Privacy Shield and we have a Data Processing Addendum in place with themFor more information on Hello Sign privacy, please visit Hello Sign: https://www.hellosign.com/info/privacyPolicy

We also utilise the DocuSign application (‘DocuSign’) and other applications to enable contracts and notices to be signed, provided to and shared with third party suppliers, customers and business partners electronically, collecting name, address and other information required to execute and validate contracts and protect against fraud. Docusign is self certified under the US-EU Privacy Shield and we have a Data Processing Addendum in place with them. For more information go to DocuSign’s privacy policy.

We also may use Outreach to send you emails after you sign up for the Services or if you indicate an interest in receiving information and track your interaction with those emails based on the email address Customers provide to us. Outreach is also self-certified under the US-EU Privacy Shield program and we have a Data Processing Addendum with EU Standard Contractual Clauses in place with them. As with Outreach, if you wish for us to remove yourself, just follow the instructions at the bottom of the email communications. For more information on Outreach, follow the link to https://www.outreach.io/legal/privacy-policy/

Third Party Sources

We collect Customer Personal Data for potential customers to reach out to regarding the services.

Your Information Choices

Right to Review and Rectify Your Personal Data.   

Customers can update most of their Personal Data by logging on to their account (except their contact email, which can not be edited because it is tied to the account). However, if additional assistance is required to change or delete inaccuracies within your Personal Data or you would like to know what information about you was collected, please contact us at privacy@Built.io.com. 

Right to Remove or Withdraw Consent.

You have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. You can delete your Personal Data by logging into your account and deleting your account.  

However, since your Personal Data is required for us to provide the Services to you, deleting it, especially your email address, will also terminate your access to the services. Deleting your Personal Data does not mean that all of it will be removed. We may be required by law, to retain Customer Persona Data to exercise or defend legal claims, fulfill contractual obligations with our customers; retain some information in connection with our obligation to provide the Services. We may de-identify and anonymize some data for purposes of retaining it.

Data Portability

If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.

Data Retention

We take steps to delete data after we no longer have a legitimate purpose for retaining it. After master accounts are terminated, we delete Customer Content data and End User data within 180 days after termination. We retain Customer information as long as necessary to achieve legitimate business purposes (such as to defend against legal claims or archive with anonymization techniques) or as required by law.

Protection of Personal Data

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:

However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.

Third Party Links and Services

The Sites and Services may contain links to other websites and services or use services not provided by Built.io. Built.io cannot be, and is not responsible for the use of data, privacy practices or the content of those websites or services. You should be aware of this when you leave our site and be sure to review the privacy statements of each website you visit that collects information. This Privacy Policy applies solely to personal information collected by Built.io.

Users Under 16 Years of Age

The Sites and Services do not knowingly collect personal information from users under the age of 16 nor are they intended to be used by anyone under 16. If you are under the age of 16, you are not permitted to use the Sites and Services or to disclose Personal Information using the Sites and Services. If we learn we have collected or received Personal Information from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at privacy@contenstack.com.

Privacy Policy Changes

Although most changes are likely to be minor, Built.io may change its Privacy Policy from time to time, and in Built.io's sole discretion. Built.io encourages visitors to frequently check this page for any changes to its Privacy Policy. In the event we make material changes to our Privacy Policy, we will notify you in advance by email or by notice when you log in to the Sites and Services or both. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.