Privacy Policy

3E Software Ltd ("we", "us", "our") operates SmartBuild, a cloud-based business management platform for trade and construction businesses. This Privacy Policy explains how we collect, use, share, and protect personal information when you use SmartBuild at smartbuild.3e-software.com.

We are committed to protecting your privacy and complying with the New Zealand Privacy Act 2020, the Australian Privacy Act 1988 (as applicable), and the General Data Protection Regulation (GDPR) where it applies.

1. Who This Policy Applies To

This policy applies to:

• Staff users — business owners and employees who log in to manage their SmartBuild account.
• Clients — individuals whose personal information is stored in SmartBuild by a staff user (e.g. customers of a kitchen renovation business).
• Visitors — anyone who visits our website or public-facing pages (e.g. quote review pages, lead capture forms).

2. Information We Collect

Information you provide directly:

• Account registration details: name, business name, email address, password.
• Business profile information: address, phone number, logo, trade description, special offers.
• Client records: client names, email addresses, phone numbers, postal/property addresses.
• Photos and documents: job site photos, measurement photos, AI render images, signed contracts, invoices.
• Payment information: processed securely via Stripe — we do not store raw card numbers.

Information collected automatically:

• Log data: IP address, browser type, pages visited, timestamps.
• Usage data: features accessed, actions taken within the app.
• Cookies: session cookies for authentication and preference cookies. See Section 9 for details.

Information from social media integrations:

• When you connect a social media account (TikTok, Facebook, Instagram, etc.), we receive basic profile information (display name, avatar) and OAuth tokens required to post on your behalf. We only request the minimum permissions necessary.

Information from lead capture forms:

• When a client submits a lead via a SmartBuild marketing link, we collect their name, email, phone number, address, and any photos they upload. This data is associated with your tenant account.

3. How We Use Your Information

• To provide the Service: creating quotes, contracts, invoices, managing client records, sending emails on your behalf.
• To improve the Service: analysing usage patterns to fix bugs and develop new features.
• To communicate with you: account notifications, product updates, support responses, billing notices.
• AI processing: job photos may be processed by AI services (OpenAI, Replicate) to generate renders, measurement estimates, and marketing content. This processing is done under your instruction and only for the purpose of delivering the requested feature.
• Security and fraud prevention: monitoring for suspicious activity, enforcing our Terms of Service.
• Legal compliance: retaining records as required by applicable law.

4. Legal Basis for Processing (GDPR)

Where the GDPR applies, we process personal data under the following legal bases:

• Contract performance: processing necessary to provide the Service you have subscribed to.
• Legitimate interests: improving the Service, security monitoring, fraud prevention.
• Legal obligation: retaining records required by law.
• Consent: where you have explicitly consented (e.g. optional marketing communications).

5. How We Share Your Information

We do not sell your personal information. We may share it with:

• Sub-processors who help us deliver the Service, including:
  • Microsoft Azure — cloud hosting and database (New Zealand region where available)
  • SendGrid — transactional email delivery
  • Stripe — payment processing
  • OpenAI — AI content generation (text and marketing copy)
  • Replicate — AI image rendering
  • Xero — accounting integration (when enabled)
• Social media platforms — content is posted to TikTok, Facebook, Instagram, and similar platforms on your explicit instruction.
• Law enforcement or regulators — where we are legally required to disclose information.
• Business transfers — in the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity, subject to equivalent privacy protections.

6. Data Retention

• Your account data is retained for the duration of your subscription and for 30 days after cancellation, after which it is deleted.
• Backup copies may be retained for up to 90 days as part of our disaster recovery procedures.
• Certain records (e.g. invoices, contracts) may be retained longer where required by applicable accounting or tax law.
• Email logs are retained for 12 months for troubleshooting purposes.

7. Data Security

We implement industry-standard technical and organisational measures to protect your data, including:

• TLS encryption for all data in transit.
• Encryption at rest for database and blob storage (Azure-managed keys).
• Access controls limiting which staff can access production data.
• Regular security reviews and dependency updates.

No system is completely secure. In the event of a data breach that is likely to cause harm, we will notify affected parties and relevant authorities as required by law.

8. International Data Transfers

Your data may be processed in countries outside New Zealand or Australia, including the United States (OpenAI, SendGrid, Stripe). Where personal data is transferred outside these jurisdictions, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections recognised under applicable law.

9. Cookies

We use the following types of cookies:

• Essential cookies: Required for authentication and session management. Cannot be disabled without breaking the Service.
• Preference cookies: Remember your settings within the app (e.g. last-selected filters).

We do not use advertising or tracking cookies. Third-party services (Stripe, social media platforms) may set their own cookies when you interact with their embedded components — please refer to those providers' cookie policies.

10. Your Rights

Depending on where you are located, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Deletion: request deletion of your data (subject to legal retention obligations).
• Restriction: request that we restrict processing of your data in certain circumstances.
• Portability: request your data in a machine-readable format (GDPR only).
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at contact-us@3e-software.com. We will respond within 20 working days (or 30 days under GDPR).

11. Client Data — Tenants as Controllers

When you store your customers' personal information in SmartBuild, you are the data controller for that information, and we act as your data processor. We process that data only on your instructions (i.e. to deliver the features you use). You are responsible for ensuring your clients are informed about how their data is used.

12. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

13. Links to Third-Party Sites

The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to read their privacy policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notification at least 14 days before taking effect. The "last updated" date at the top of this page reflects the most recent revision.

15. Contact and Complaints

For questions, requests, or complaints about this Privacy Policy or our handling of personal information, please contact our Privacy Officer at:

• Email: contact-us@3e-software.com
• Company: 3E Software Ltd, New Zealand

If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner (New Zealand) at www.privacy.org.nz, or (for GDPR matters) your local Data Protection Authority.