Security & Privacy

Your data is yours. Here is how it is protected.

Build It Pros is built for multi-tenant use — your estimates, customers, and settings are isolated from every other operator on the platform at the database level. Below is a plain-language breakdown of the technical controls in place.

Platform Security Controls

Google Maps & Customer Addresses

Address geocoding and routing use the Google Maps API — but the integration is built to minimise what Google ever sees about your customers.

  • Geocoding is admin-triggered only. Addresses are only sent to Google when an admin opens the estimate builder and clicks Geocode — never automatically on customer form submission.
  • All calls are server-side. Your Google Maps API key is never sent to a browser. Geocoding and routing requests go from the server to Google — your customer’s IP address is never transmitted to Google.
  • Customer pages are map-free. The customer-facing estimate view and registration pages load no Google Maps resources whatsoever.
  • Street addresses are optional at the initial request stage, reducing the personal information collected before a business relationship exists.

AI Prompt Security

AI scoping uses your customer’s project description to generate a draft estimate. The platform takes precautions to prevent that content from being misused.

  • Admin-only. AI scoping is never accessible from a customer-facing page. It is an internal admin tool only, preventing public abuse of the AI feature.
  • Input isolation. Customer-supplied content is wrapped in delimiters in the AI prompt and explicitly flagged as untrusted data — the model is instructed to treat it as content to process, not as instructions to follow. This prevents prompt injection from influencing estimate generation.
  • No training use. API calls go directly to Anthropic’s API. Anthropic does not use API request content to train its models by default.

What Data Is Stored & Where

A plain summary of customer data, where it lives, and who it is ever transmitted to.

Data point Where stored Transmitted to Risk level
Customer name, email, phone Your database only Nobody Low
Customer city & state Your database only Google (admin geocoding only) Low
Customer street address Your database only Google (admin geocoding only) Low–Med
Job site lat/lng Your database only Google (map display, admin only) Low
Project description Your database only Anthropic API (AI scoping, admin-triggered) Low
Customer IP address Not stored by the platform Nobody Low

Questions about security or data handling?

If you have specific questions about how the platform handles your data, how encryption is configured, or how to request data deletion, reach out — we are happy to walk through the technical details.