Buildry
  • App tour
  • Features
  • Pricing
  • Privacy
  • FAQ
DE / EN

Privacy Policy

Last updated: 11 June 2026

This privacy policy applies to the mobile app Buildry and to the website buildry.app. It explains which personal data is processed in both contexts, by whom, and what rights you have.

Buildry is a local-first app. Your project data — projects, rooms, materials, warranties, maintenances, contractors, tasks, costs, receipts, photos, and notes — stays on your device and in your own iCloud or Google Drive storage. I, the provider, do not operate any servers for your content and cannot see it.

This is a translation of the binding German original (privacy-de). In case of any conflict, the German version prevails.

1. Data Controller

The controller within the meaning of the EU General Data Protection Regulation (GDPR) is:

Alexander Löfflad Im Speicher 18 79353 Bahlingen am Kaiserstuhl Germany

Email: privacy@buildry.app

A data protection officer is not required by law.

2. What I Do Not Do

To keep things short and clear, let me start with the negatives. I:

  • do not operate my own server where your project data is stored
  • have no access to your projects, rooms, materials, warranties, maintenances, contractor details, tasks, costs, receipts, photos, or notes
  • do not track, profile, or perform behavioural analytics — the only exception is strictly anonymous, explicitly opt-in usage statistics (section 11), which are never active without your consent
  • do not use advertising networks and do not share data with advertising partners
  • do not use tracking cookies or analytics tools on the website
  • do not transmit your app content to any AI provider or cloud OCR service

Part A — Processing in the Buildry Mobile App

3. Data Processed Locally on Your Device

All content you create in Buildry — projects, rooms, materials, warranties, maintenances, contractors, tasks, costs, receipts, photos, and notes — is stored exclusively on your device, in a local SQLite database. This data only leaves your device if you actively enable synchronisation (see section 4) or deliberately share an export (see section 5).

The database is protected by your operating system’s security mechanisms (app sandboxing; iOS Data Protection; Android File-Based Encryption when enabled).

Ratings you give to contractors (star rating and rating notes) are treated as private: they are never shared without an explicit action by you (e.g. an export with the ratings option turned on).

Legal basis: Purely local storage on your own device does not, by itself, constitute processing by me as the controller within the meaning of the GDPR.

4. Synchronisation via Your Own Cloud (optional)

Synchronisation is disabled by default and must be deliberately enabled by you (“More → Sync” in the app).

When you enable cross-device sync, your Buildry data is stored in your personal iCloud (Apple devices) or in your Google Drive (Android devices). The data therefore lives in the cloud infrastructure that you already use with Apple or Google — not with me.

4.1 iCloud (iOS)

On iOS devices, Buildry uses the iCloud Drive container linked to your Apple ID. The content is stored in an app-private area that is invisible to other apps. The controller for this processing is Apple Inc. and Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland.

Details: https://www.apple.com/legal/privacy/en-ww/

4.2 Google Drive App Folder (Android)

On Android devices, Buildry uses the hidden “App Data Folder” of your Google account. This area is accessible only to Buildry and is not visible through the regular Drive interface — neither to other apps nor to yourself. The controller for this processing is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Access is granted through an OAuth sign-in (scope: drive.appdata). The resulting access token and refresh token are stored exclusively on your device; Buildry does not send these tokens to me or any third party and uses them only to read from and write to the Google Drive API. You can disconnect Drive at any time in the app’s settings; this deletes the tokens and stops synchronisation.

Details: https://policies.google.com/privacy

4.3 What is Synchronised

All your project content (see section 3), including photo binaries, is synchronised. Device-specific settings (language, theme, sync frequency) remain local and are never sent to the cloud.

Soft-deleted entries (tombstones) are propagated through the cloud so that a deletion on one device also reaches your other devices. They are hard-deleted locally after 30 days.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract) — synchronisation is part of the agreed-upon functionality once you enable it.

5. Data Export and Sharing

You can export your Buildry data at any time through the app — as a structured JSON file (all content with schema version, photo metadata without binaries), as a per-project PDF report, or as a full house documentation (“ownership-handover export”, Unlimited feature). The export file is generated locally on your device and shared via your system share dialog (e.g. email, AirDrop, Files app).

I do not receive any data from this process. You alone decide where the export goes.

The JSON export technically fulfils the requirements of Art. 20 GDPR (data portability) — it contains your data in a structured, commonly used, and machine-readable format.

6. On-Device Text Recognition for Receipts (OCR)

When you take a photo of a receipt, Buildry recognises the text on it to suggest the amount, date, and merchant automatically. This text recognition runs entirely on your device:

  • On iOS via Apple’s Vision framework (part of the operating system; no download, no Google components)
  • On Android via Google ML Kit Text Recognition v2 (@react-native-ml-kit/text-recognition) in on-device mode; the language model is downloaded once from Google Play Services onto your device

No receipt photo and no recognised text is transmitted to me or to a cloud OCR service. The recognised raw text is stored locally with the receipt (receipts.ocr_text column) so you can later search for receipt content — again, only locally.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract — convenience feature of the app).

7. Photos and EXIF Metadata

When you import a photo into Buildry, the image is resized to a reasonable size and re-encoded as JPEG. This re-encoding step completely removes EXIF metadata, including GPS coordinates, before the photo is stored in your local database or synchronised to your cloud. This protects you from inadvertently disclosing your location (e.g. when you later share a photo documentation of your home with third parties).

If a photo had an original capture date in its EXIF metadata, that date is read before stripping and stored as a timestamp in the photos.taken_at database column. GPS coordinates are never read.

8. Purchases via the App Store or Play Store

When you extend Buildry with a paid feature (Pay-per-Project at €14.99 or Unlimited at €49.99), payment is processed via the in-app purchase system of the Apple App Store or Google Play. The payment counterparties are:

  • Apple Distribution International Ltd., Hollyhill Industrial Estate, Hollyhill, Cork, Ireland
  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

These providers process payment data under their own responsibility. From Apple and Google I only receive anonymous transaction reports and an aggregated payout — no payment instrument data and no buyer identification by name.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract). More information:

  • https://www.apple.com/legal/privacy/en-ww/
  • https://policies.google.com/privacy

9. In-App Purchase Validation via RevenueCat

To check which in-app purchases you have made and which features are unlocked, Buildry uses RevenueCat (RevenueCat, Inc., 300 Euclid Avenue, San Francisco, CA 94118, USA) as a data processor within the meaning of Art. 28 GDPR.

The following data is transmitted to RevenueCat:

  • a pseudonymous app user ID — a UUID generated by the app that I cannot link to your name, email, or other directly identifying data; it does, however, remain permanently linked to your purchases on the same store account
  • technical device data (device type, OS version, app version)
  • transaction data (which purchases were made when, status, expiry, store country)

I do not transmit your email address, name, address, or any other directly identifying data to RevenueCat.

Transfer to the USA: RevenueCat processes the data on servers in the United States. A Data Processing Addendum (DPA) pursuant to Art. 28 GDPR is in place with RevenueCat. The transfer to the USA is based on the EU Standard Contractual Clauses (Art. 46 (2) (c) GDPR) and — where RevenueCat is certified — the EU-US Data Privacy Framework.

Legal basis: Art. 6 (1) (b) GDPR (performance of a contract — purchase validation is necessary to unlock the features you have bought).

More information: https://www.revenuecat.com/privacy

10. Crash and Error Reports via Sentry

To detect and fix program errors and crashes quickly, Buildry uses Sentry (Functional Software, Inc. d/b/a Sentry, 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA) as a data processor within the meaning of Art. 28 GDPR.

Buildry uses the EU region of Sentry (data residency in the European Economic Area, *.ingest.de.sentry.io). A Data Processing Addendum (DPA) pursuant to Art. 28 GDPR is in place with Sentry.

In case of an error or crash, the following technical data is transmitted:

  • error stack trace (which function in which file failed)
  • device type, OS version, app version
  • timestamp of the error
  • error-related keys assigned within the app (e.g. “[sync] triggerSync failed” — no content of your data)

The Sentry integration in Buildry is specifically configured so that:

  • no IP address, no user ID, no device identifier is included (sendDefaultPii: false)
  • no performance or tracing data is collected (tracesSampleRate: 0)
  • no breadcrumbs are enabled for console output or network calls — Buildry content (room names, contractor notes, receipt text, etc.) is private and must not appear in crash reports

No content from your rooms, materials, warranties, tasks, receipts, photos, or notes is transmitted to Sentry. Sentry is used exclusively for technical error diagnosis.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the stability, functionality, and IT security of the app). A balancing test was carried out in favour of the processing, as only technical, non-personal data is transmitted and the app’s stability is in your interest as well.

More information: https://sentry.io/privacy/

11. Anonymous Usage Statistics (TelemetryDeck, Consent Only)

On first launch (or once after an update), Buildry asks whether you want to share anonymous usage signals so I can understand whether and how the app is used. The default is no — without your explicit consent, nothing is ever transmitted.

If you agree, the app sends a small set of content-free event signals to TelemetryDeck (TelemetryDeck GmbH, Augsburg, Germany; data processor, DPA in place): app opened, onboarding completed, project created, room created, content created (material/receipt/photo — without any detail), paywall seen; each accompanied by the app version. Never transmitted: names, photos, amounts, texts, or any other content of your projects.

The signals are anonymous: instead of a user or device identifier, the app uses a randomly generated installation ID that is cryptographically hashed before transmission; TelemetryDeck discards IP addresses and does not store them. I only ever see aggregated evaluations — never individual usage histories. If you switch the statistics off (Settings → “Anonymous usage data”), the installation ID is deleted on your device; consenting again later starts as a new, unlinkable anonymous installation. Processing takes place on servers in the EU.

Legal basis: Art. 6 (1) (a) GDPR (your consent). You can withdraw it at any time with effect for the future in the settings.

12. Push Notifications

Buildry reminds you about expiring warranties, due maintenances, and overdue tasks via local push notifications. These notifications are scheduled and triggered entirely on your device (via expo-notifications). No reminder content is transmitted to me, to a push server, or to any third party — these are not push notifications in the classic sense (FCM, APNs for remote push) but local reminders scheduled by your operating system.

You grant permission to send notifications the first time you set up a reminder, via your operating system’s permission dialog. You can revoke it at any time in your device settings.

Legal basis: Art. 6 (1) (a) GDPR (consent via the system permission dialog).


Part B — Processing on the buildry.app Website

13. Hosting and Server Log Files (Cloudflare)

The buildry.app website is hosted with Cloudflare (Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA; EU representative: Cloudflare Germany GmbH, Rosental 7, 80331 Munich, Germany) on the Cloudflare Workers platform. Delivery is preferentially served from Cloudflare locations within the European Economic Area.

On every request to the website, Cloudflare automatically processes the following data for technical delivery and abuse prevention:

  • IP address
  • date and time of access
  • requested URL
  • referrer URL (previously visited page)
  • browser and operating system used
  • transferred data volume, HTTP status code

A Data Processing Addendum pursuant to Art. 28 GDPR is in place with Cloudflare. To the extent data is transferred to the US parent company Cloudflare, Inc., this is based on the EU-US Data Privacy Framework (Cloudflare is certified) and additionally on EU Standard Contractual Clauses.

Cloudflare deletes or anonymises IP addresses in the standard log files within 24 hours. Aggregated security and performance data without personal reference may be stored for longer.

Legal basis: Art. 6 (1) (f) GDPR (legitimate interest in the secure, stable, and abuse-free delivery of the website).

More information: https://www.cloudflare.com/en-gb/privacypolicy/

14. Cookies and Similar Technologies

The website sets no tracking, analytics, or marketing cookies and uses no client-side tracking (no Local Storage, no Session Storage for analytical purposes). A cookie banner is therefore not required.

No web analytics (e.g. Google Analytics, Plausible, Fathom), no external CDN fonts (e.g. Google Fonts), and no external embeds (e.g. YouTube, Vimeo, Maps) are used.

15. Contact Form

The website includes a contact form (/en/contact). When you use it, the following data is processed:

  • email address (required)
  • name (optional)
  • content of your message
  • timestamp of submission
  • IP address at the time of submission (transmitted in the email body for abuse prevention and spam detection)

Before submitting, you confirm via a required checkbox that you have taken note of this privacy policy. For spam prevention I use a honeypot mechanism (hidden form fields filled only by automated bots) and IP-based rate limiting. Both collect no additional personal data.

To deliver the enquiry as an email to my inbox, I use the service Resend (Resend, Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA). Resend processes the transmitted data in the EU region (eu-west-1, Ireland). A Data Processing Addendum pursuant to Art. 28 GDPR is in place with Resend. To the extent personal data is transferred to the US parent company, this is based on the EU-US Data Privacy Framework (Resend is certified) and additionally on EU Standard Contractual Clauses.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual or contractual communication) and Art. 6 (1) (a) GDPR (your consent via checkbox).

More information: https://resend.com/legal/privacy-policy


Part C — Cross-Cutting Sections

16. When You Contact Me Directly by Email

When you send me an email directly — e.g. for a support request or to exercise your rights — the data you transmit (your email address, the content of your message, and any attachments) is processed in order to respond to your enquiry. This data is not shared with third parties and is deleted after your enquiry has been resolved, unless statutory retention obligations (e.g. under commercial or tax law) require longer retention.

My email mailbox is hosted by mailbox.org (Heinlein Hosting GmbH, Schwedter Straße 8/9 A, 10119 Berlin, Germany) — a provider headquartered and operating its servers in Germany.

Legal basis: Art. 6 (1) (b) GDPR (pre-contractual or contractual communication) or Art. 6 (1) (f) GDPR (legitimate interest in responding).

17. Retention Periods

  • Project content (projects, rooms, materials, etc.) — Where: Locally + (if enabled) your iCloud / Google Drive. How long: Until you delete it or uninstall the app. Soft-deleted entries are retained as tombstones for 30 days to propagate via sync, then automatically hard-deleted.
  • Device settings — Where: Locally. How long: Until you uninstall the app.
  • Transaction and entitlement data — Where: RevenueCat. How long: According to RevenueCat’s privacy policy; typically for the contract duration plus statutory retention periods. Early deletion can be requested via my contact address.
  • Crash / error reports — Where: Sentry (EU region). How long: Sentry’s standard retention of 90 days, after which the data is automatically deleted.
  • Website server log files — Where: Cloudflare (EU edge). How long: IP addresses deleted/anonymised within 24 hours; aggregated data longer.
  • Contact-form submissions — Where: mailbox.org / my email mailbox. How long: Until the request is resolved, at most until any statutory retention period ends.
  • Direct email correspondence — Where: mailbox.org / my email mailbox. How long: Until the request is resolved, at most until any statutory retention period ends.

18. Recipients and Third-Country Transfers

Personal data is only transferred to the recipients listed in this policy:

  • Apple Distribution International Ltd. (Ireland) — distribution of the app, payment processing, iCloud sync
  • Google Ireland Limited (Ireland) — distribution of the app, payment processing, Drive sync (Android)
  • RevenueCat, Inc. (USA) — in-app purchase validation (data processor, DPA in place; USA: Standard Contractual Clauses and, where applicable, the Data Privacy Framework)
  • Functional Software, Inc. (Sentry) (USA, with EU data residency) — crash reporting (data processor, DPA in place, EU region)
  • TelemetryDeck GmbH (Germany) — anonymous usage statistics, consent-only (data processor, DPA in place, EU)
  • Cloudflare, Inc. (USA, with EU edge) — website hosting + DDoS/bot protection (data processor, DPA in place, DPF + SCC)
  • Resend, Inc. (USA, with EU data residency) — sending of contact-form emails (data processor, DPA in place, DPF + SCC)
  • Heinlein Hosting GmbH (mailbox.org) (Germany) — my email mailbox

Any transfer to third countries outside the EEA (USA) is limited to the recipients listed above and is based on appropriate safeguards under Chapter V GDPR (Standard Contractual Clauses; where certified: EU-US Data Privacy Framework).

19. Technical and Organisational Measures (Art. 32 GDPR)

The following safeguards are implemented in Buildry and on the website:

  • Transport encryption: All connections (iCloud, Google Drive, RevenueCat, Sentry, Cloudflare, Resend, website delivery) use TLS (HTTPS) exclusively.
  • Local storage in the app sandbox: The local SQLite database and all photo binaries live in the sandboxed app container, protected by the operating system from access by other apps.
  • Device-level encryption: On iOS, the database is protected by Apple’s Data Protection at “Available after first unlock”; on Android, it is protected by the device’s File-Based Encryption, provided you have a screen lock enabled.
  • EXIF/GPS stripping on photo import (see section 7).
  • Data minimisation with third-party services: RevenueCat receives only pseudonymous IDs and transaction data; Sentry receives no PII and no user content; Resend receives only the respective form content.
  • Spam protection: Honeypot fields and IP-based rate limiting for all forms; Cloudflare bot protection at the edge.
  • Strict Content Security Policy (CSP) on the website without unsafe-inline for stylesheets; reduces XSS risk.
  • Code signing of the app by Apple and Google as part of store distribution; modified app binaries are refused by the operating system.
  • Security updates are delivered through the regular store update mechanisms.

20. Your Rights

As a data subject you have the following rights under the GDPR:

  • Right of access to the data processed about you (Art. 15 GDPR)
  • Right to rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR) — for Buildry, practically achievable by deleting content within the app, uninstalling the app, and deleting your iCloud/Drive data. For data held by the processors (RevenueCat, Sentry, Cloudflare, Resend), an informal request to my contact address is sufficient.
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR) — see section 5 (JSON data export)
  • Right to object to processing based on legitimate interests (Art. 21 GDPR)
  • Right to withdraw consent with effect for the future (Art. 7 (3) GDPR) — e.g. push notifications via your system settings
  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

To exercise your rights, an informal email is enough: privacy@buildry.app

The supervisory authority responsible for me is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI) Lautenschlagerstraße 20 70173 Stuttgart, Germany Phone: +49 711 615541-0 Email: poststelle@lfdi.bwl.de https://www.baden-wuerttemberg.datenschutz.de/

You may alternatively contact the supervisory authority of your usual residence.

21. Automated Decision-Making

No automated decision-making within the meaning of Art. 22 GDPR (including profiling) takes place — neither in the app nor on the website.

22. Children

Buildry is intended for adult homeowners. I do not knowingly collect data from children under the age of 16. If data of minors has been transmitted to me without the consent of the parents or legal guardians, it will be deleted upon notice.

23. Changes to this Privacy Policy

This privacy policy will be updated when legal requirements or the functionality of the app or website change. The current version is always available in the app under “More → Privacy” and on the website at https://buildry.app/en/privacy; the date of this policy indicates the current version.

Buildry

Multi-project tracker for private building projects. Local, mobile, for a lifetime.

iOS · available nowAndroid · coming soonMade in Germany
  • Imprint
  • Privacy
  • Terms
  • Contact
© 2026 Alexander Löfflad
DE / EN