Privacy Policy
How we collect, use, and protect your information.
1. Who we are
Buildhaus (referred to below as "we", "us", "our") is a remote-first digital agency operating across Trinidad & Tobago and the United Kingdom. Contact: [email protected].
2. What information we collect
We only collect information you actively provide or that our site needs to function properly.
- Contact form submissions: name, email, company name, budget range (optional), project brief.
- Email correspondence: anything you send us via email.
- Basic analytics: anonymised page views, referrer sources, device type (via privacy-respecting analytics tools). No fingerprinting.
- Cookies: we use a small number of essential cookies for site functionality. See our Cookie Notice for the full list.
3. How we use your information
Strictly for the purposes you'd expect:
- Responding to your enquiry and talking to you about a possible project.
- Delivering work we've agreed to deliver.
- Understanding how the site is being used so we can improve it.
We do not sell your data. We do not share it with third parties for marketing purposes. We do not add you to email lists without your explicit consent.
4. How long we keep your information
Contact form submissions that don't lead to a project are held for up to 12 months, then deleted. Client records (emails, project files) are retained for the duration of the client relationship plus 7 years to comply with tax and professional record-keeping requirements.
5. Your rights
If you're in the UK or the EU, under UK GDPR / GDPR you have the right to: access your data, correct inaccurate data, delete your data, object to processing, and request portability of your data. If you're in Trinidad & Tobago, the Data Protection Act 2011 gives you a parallel set of rights, including access to your data, correction of inaccuracies, and the ability to lodge a complaint with the Office of the Information Commissioner. Note that the T&T DPA is administered separately from GDPR and the procedures and remedies differ. If in doubt, contact us first; we will tell you which framework applies to your request.
To exercise any of these rights, email [email protected]. We'll respond within 30 days.
6. Where we store your data
We use reputable third-party providers for email hosting, cloud storage, and form processing. Data may be stored in the UK, the EU, or the US depending on the provider. All providers we use are contractually bound to GDPR-compatible data protection standards.
7. Security
We use industry-standard security measures including encryption in transit (HTTPS), two-factor authentication on all accounts that hold client data, and access controls. No system is perfectly secure, but we take the threat seriously and respond to any incident within 72 hours.
8. Children's data
Our services aren't directed at children under 16. We don't knowingly collect data from minors. If you believe we've collected data from a minor, contact us immediately and we'll delete it.
9. Changes to this policy
If we materially change how we handle data, we'll update this page and revise the "Last updated" date at the top. For significant changes, we'll also notify active clients directly.
10. Contact & complaints
Questions or concerns: [email protected].
If you're in the UK and feel we haven't resolved your concern, you can complain to the Information Commissioner's Office at ico.org.uk. In Trinidad & Tobago, the Office of the Information Commissioner is the relevant authority.