Privacy Policy

Last updated: February 2026

1. Information We Collect

We collect only the data necessary to provide and improve the Plinth service:

  • Builder accounts: Email address, company name, and profile information you provide at sign-up.
  • Project data: Project names, addresses, check-in photos, notes, documents, change orders, selections, and punch-list items uploaded by builders.
  • Journal access: We log journal page views (timestamp, anonymized identifiers) to show builders when homeowners last visited. No personal information about homeowners is collected unless voluntarily provided.
  • Billing: Payment processing is handled entirely by Stripe. We store your Stripe customer ID but never see or store credit card numbers.

2. How We Use Your Data

  • To provide and maintain the Plinth service.
  • To generate homeowner-facing progress journals from builder check-ins.
  • To send transactional emails (account verification, password resets, billing receipts) via Resend.
  • To improve the product using aggregated, anonymized usage analytics. We do not sell or share personal data with third parties for advertising purposes.

3. Data Storage and Security

All data is stored in Supabase (PostgreSQL with row-level security) hosted in the United States. Photos and documents are stored in Supabase Storage with access controlled by signed URLs and storage policies.

  • All traffic is encrypted in transit via HTTPS/TLS.
  • Database access is enforced with row-level security (RLS) policies.
  • Journal links use cryptographically random UUID v4 tokens (122 bits of entropy).
  • Optional PIN protection is verified server-side via secure RPC functions.
  • Admin access and service keys are never exposed to the client.

4. Homeowner Journal Access

Homeowner journals are read-only views. Homeowners access journals via a shared link generated by their builder. No account creation is required. The builder controls which data is visible to the homeowner via per-item visibility settings. Journals can be optionally protected with a PIN set by the builder.

5. Data Retention and Deletion

Your data is retained as long as your account is active. Builders can delete individual projects, check-ins, and uploaded files at any time. Upon account cancellation, your data remains accessible on the free tier. To request complete account and data deletion, contact us at hello@plinth.build. We will process deletion requests within 30 days.

6. Third-Party Services

Plinth uses the following third-party services to operate:

  • Supabase — Database, authentication, and file storage.
  • Stripe — Payment processing and subscription management.
  • Resend — Transactional email delivery.
  • Vercel — Application hosting and deployment.

Each service has its own privacy policy. We only share the minimum data necessary for each service to function.

7. Cookies

We use essential cookies for authentication session management. We do not use tracking cookies or third-party advertising cookies. No data is shared with ad networks.

8. Your Rights

You have the right to access, correct, or delete your personal data at any time. You can export your project data from the dashboard. For any privacy-related requests, contact us at hello@plinth.build.

9. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes, we will notify you by email or through the Service. Continued use of Plinth after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions or concerns, contact us at hello@plinth.build.