Buildstate
Get started free
Toggle navigation menu
Home

Products

SiteSignSiteITPSiteDocsBuildstate Invoice
Free toolsPricingContact
Log in

Privacy Policy

Effective date: 24 May 2026

This Privacy Policy explains how Buildstate (we, our, us) collects, uses, discloses, and protects personal information when you use our web platform at buildstate.com.au and the Buildstate Invoice mobile application (together, our Services). We are committed to handling personal information in accordance with applicable Australian privacy law, including the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

1. Information we collect

1.1 Web platform (buildstate.com.au)

When you use the Buildstate web platform, we may collect:

  • account registration details: name, email address, and password;
  • organisation, team, and settings information you configure;
  • project and site data you create or upload, including records processed through SiteSign, SiteITP, and SiteDocs;
  • documents and images uploaded to the platform for processing or storage;
  • dashboard usage data and feature interaction logs; and
  • technical information such as IP address, browser type and version, device identifiers, referring URLs, and session timestamps.

1.2 Buildstate Invoice mobile app

When you use the Buildstate Invoice app, we may collect:

  • account and profile information: name, email address, and business details;
  • client records: names, contact details, and addresses;
  • project and invoice data: line items, amounts, payment terms, and invoice status;
  • timesheet and timer records, including start/stop times and project associations;
  • worksite location data collected when you use the location-stamping feature — location access is requested at the time of use and is not tracked continuously;
  • expense records, including amounts, categories, and receipt images you capture or upload;
  • payment records you enter to mark invoices as paid;
  • device tokens used to deliver push notifications about invoice activity and reminders; and
  • diagnostic and crash-reporting data (such as error logs and device/OS version) collected automatically to help us identify and fix issues.

1.3 Communications

We collect the contents of any support requests, feedback, or other communications you send to us.

2. How we use information

We use personal information to:

  • create and manage your account and provide access to our Services;
  • generate and deliver invoice PDFs and send invoice emails to your clients on your behalf;
  • process receipt images using optical character recognition (OCR) and, where applicable, AI-assisted extraction to populate expense fields — see section 5 for more detail;
  • record and display worksite location stamps at your direction;
  • send push notifications about invoice and payment activity that you have enabled;
  • authenticate users and maintain account security;
  • respond to support requests and communicate service updates;
  • monitor performance, investigate incidents, and prevent misuse; and
  • comply with our legal obligations and enforce our terms.

We do not sell your personal information to third parties, and we do not use it for behavioural advertising.

3. AI and OCR processing

When you use receipt capture or document processing features, images and extracted text may be sent to third-party OCR or AI services for processing. These services act as our data processors and are contractually required to handle your data only for the purpose of providing the processing service. We do not authorise them to use your data to train their own models or for any purpose beyond processing your request.

Processed data may be stored outside Australia — see section 6 (Overseas disclosure) for further information.

4. Cookies and analytics

Our web platform may use cookies or similar technologies to keep you signed in, remember preferences, and understand how the platform is used. You can control cookies through your browser settings; however, disabling certain cookies may affect functionality. The Buildstate Invoice mobile app does not use cookies but may use equivalent local storage mechanisms for session management.

5. Disclosure of personal information

We may disclose personal information to trusted service providers that help us operate our Services, including:

  • cloud hosting, database, and infrastructure providers;
  • authentication, email delivery, and push notification providers;
  • OCR and AI processing services used for receipt and document extraction;
  • payment and subscription providers — if and when in-app purchase or subscription functionality is introduced, we will update this policy to identify those providers; and
  • professional advisers (legal, accounting) where reasonably necessary.

We may also disclose information where required by law or court order, to protect the rights or safety of any person, or in connection with a merger, acquisition, or sale of assets (in which case we would take reasonable steps to ensure your information continues to be protected).

We do not disclose your client or invoice data to any party except as described above.

6. Overseas storage and processing

Some of our service providers store or process personal information in countries outside Australia, including the United States and other jurisdictions where cloud infrastructure commonly operates. Where this occurs, we take reasonable steps — such as contractual protections — to ensure your information is handled in a manner consistent with this policy and the Australian Privacy Principles.

By using our Services, you acknowledge that your personal information may be transferred to and processed in countries that may not provide the same level of data protection as Australia.

7. Data retention and security

We retain personal information for as long as reasonably necessary to provide our Services and to meet legal, accounting, and compliance obligations. When information is no longer required, we take reasonable steps to destroy or de-identify it.

We use administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, modification, or disclosure. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Access, correction, and deletion

You have the right to:

  • Access — request a copy of the personal information we hold about you;
  • Correction — ask us to correct inaccurate or incomplete personal information; and
  • Deletion — request deletion of your personal information, subject to our legal obligations and any overriding legitimate interest in retaining it.

To exercise any of these rights, email us at admin@buildstate.com.au. We will acknowledge your request promptly and respond within a reasonable time. We may need to verify your identity before processing your request.

9. Complaints

If you believe we have mishandled your personal information, please contact us first so we can try to resolve your concern:

admin@buildstate.com.au

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

10. Updates to this policy

We may update this Privacy Policy from time to time. When we do, we will publish the updated version on this page and revise the effective date at the top. We encourage you to review this policy periodically.

11. Contact us

For any privacy questions or requests, contact Buildstate at admin@buildstate.com.au.