Skip to content
Blueprint Ledger
Sign inGet started

Legal

Privacy Policy

Last updated: April 24, 2026

This Privacy Policy explains what information Blueprint Ledger (the “Service”) collects, why, how we use it, and the choices you have. We try to collect the minimum we need to run the Service, and we don't sell your data.

1. Information we collect

We collect information in three ways:

  • Information you give us.When you create an account we collect your email address and, depending on the sign‑in method, your name and avatar from your identity provider (Google, for example). When you fill in your profile or company details we store the information you enter (first/last name, company name, address, phone, website, license number, and optional logo).
  • Information you upload or create.Jobs, buckets, line items, transactions, proposals, change orders, client payments, schedule events, file imports, and related metadata. This is “Your Content” as described in our Terms of Service.
  • Information collected automatically.Basic server and request logs (IP address, user‑agent, URL, and timestamp), authentication session identifiers, and minimal preferences stored in your browser's local storage (for example, view toggles and theme). We don't use third‑party advertising cookies.

2. How we use information

We use the information we collect to:

  • provide, operate, maintain, and improve the Service;
  • authenticate you, keep your session active, and protect accounts;
  • send transactional email (magic‑link sign‑in, team invites, security notices). We don't send marketing email without your consent;
  • respond to support requests;
  • detect, prevent, and address fraud, abuse, and technical issues;
  • comply with legal obligations.

3. How we share information

We share information only as described here. We do not sell personal information.

  • With your team.Other members of a team you're part of can see the team's data according to their role (owner, admin, member). Your name and email are visible to them.
  • With service providers.We use trusted sub‑processors to run the Service. They handle data only on our behalf, under contract. Current providers include:
    • Vercel - application hosting and edge network.
    • Neon - managed PostgreSQL database.
    • Resend- transactional email (sign‑in links, team invites).
    • Google- optional OAuth sign‑in. If you use it, Google shares your profile basics (name, email, avatar) with us.
  • For legal reasons. If required by law, legal process, or to protect our rights, property, or the safety of our users or others.
  • In a business transfer.If Blueprint Ledger is acquired, merged, or reorganized, your information may be transferred as part of that transaction. We'll notify you and the acquirer will be bound by this Policy or an equivalent one.

4. Data retention

We keep your information as long as your account is active and for a reasonable period afterward to comply with legal obligations, resolve disputes, and enforce agreements. When you delete your account we delete or anonymize personal information within a reasonable timeframe, except where we're required to retain it. Backup copies are purged on a rolling schedule.

5. Security

We use reasonable administrative, technical, and physical safeguards to protect the information we hold: encryption in transit, encryption at rest for the database, access controls, and least‑privilege operational practices. No system is perfectly secure. Please use a strong, unique sign‑in method (Google or a protected email inbox) and tell us at privacy@blueprintledger.work if you suspect a compromise.

6. Your choices and rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal information, or to object to or restrict certain processing. You can exercise most of these directly in the Service (edit your profile, leave teams, delete data). For anything else, email privacy@blueprintledger.work and we'll respond within a reasonable timeframe.

You can stop receiving transactional email by deleting your account (these messages are required for the Service to work: sign‑in links, for example, so we can't suppress them while keeping the account live).

7. Cookies and local storage

We set a small number of cookies that are strictly necessary to run the Service, primarily to keep you signed in. We use browser local storage to remember UI preferences (theme, view toggles) on your device. We don't use advertising or cross‑site tracking cookies.

8. International transfers

Blueprint Ledger is operated from the United States. If you use the Service from outside the US, you understand that your information will be transferred to and processed in the US and in the locations our sub‑processors operate. Data‑protection laws in those locations may differ from yours.

9. Changes

We may update this Policy from time to time. If we make material changes we'll give you reasonable notice - by email or an in‑app banner - before they take effect. The “Last updated” date at the top always reflects the current version.

10. Contact

Questions, concerns, or requests? Email privacy@blueprintledger.work.