Privacy
Backbuild is committed to protecting the personal data of our customers and their end users. Privacy controls are built into the platform by design and are evaluated against the major data protection frameworks that apply to our customer base.
Frameworks addressed
- EU General Data Protection Regulation (GDPR): Backbuild acts as a data processor for customer data and provides a Data Processing Agreement that includes the EU Standard Contractual Clauses for international transfers.
- UK GDPR and Data Protection Act 2018: the DPA includes the UK International Data Transfer Addendum (UK IDTA) for customers subject to UK data protection law.
- California Consumer Privacy Act (CCPA / CPRA): Backbuild supports the consumer rights granted by California law and treats personal information consistent with a "service provider" relationship.
- Swiss Federal Act on Data Protection (FADP): the DPA covers transfers of personal data relating to Swiss data subjects.
- HIPAA: HIPAA-aligned controls are implemented across the platform. A Business Associate Agreement is available to customers processing Protected Health Information. See the BAA page.
Key privacy principles
- Data minimization: only the personal data needed to deliver the service is collected and processed.
- Purpose limitation: personal data is used only for the purposes disclosed at collection and consistent with the customer's instructions.
- Transparency: customers and their end users are informed about what data is collected, why, and how it is handled, through the privacy policy and this trust center.
- User control: data subjects have the ability to access, correct, export, and delete their personal data through documented processes.
- Security: technical and organizational measures are applied to protect personal data, as documented under Security.
- Accountability: privacy decisions are documented, roles are defined, and the program is reviewed on a recurring basis.
Explore the privacy program
- Data processing roles and lawful bases
- Data residency and international transfers
- Retention and deletion
- Data subject rights
- Sub-processors
- Data Processing Agreement
- HIPAA Business Associate Agreement
Contact
Privacy and data protection: privacy@backbuild.ai