Privacy and Security FAQ
Frequently asked questions about BuildBetter’s privacy and security practices
Privacy and Security FAQ
Data Protection
BuildBetter employs multiple layers of protection:
- End-to-end encryption for all data in transit
- AES-256 encryption for data at rest
- Regular security audits and penetration testing
- Secure cloud infrastructure with redundant backups
- Role-based access controls
- Continuous security monitoring
No. Your data is never used to train any models, including our own. Our founder Spencer emphasizes this point: “Your data is never being used to train on any models. Your data is never being used to train for our own models.”
Only authorized users within your organization have access to your data, based on permissions you configure. BuildBetter staff cannot access your content unless specifically granted permission for support purposes, and all access is logged and auditable.
BuildBetter uses secure cloud infrastructure with data centers located in the United States. For enterprise customers with specific data residency requirements, we offer regional data storage options in select locations.
Compliance
BuildBetter holds several compliance certifications:
- SOC 2 Type 2
- GDPR compliance
- HIPAA compliance (available for healthcare customers)
- ISO 27001 (in process)
We can provide documentation for these certifications upon request.
Yes. BuildBetter is fully GDPR compliant and can serve as either a data processor or data controller depending on your implementation. We provide tools for handling data subject requests, including access, portability, and erasure requirements.
Yes. BuildBetter can be configured for HIPAA compliance for healthcare customers. This requires signing a Business Associate Agreement (BAA) and implementing specific security controls. Contact our sales team for details on HIPAA-compliant implementations.
BuildBetter allows you to configure data retention policies according to your requirements. You can set automatic deletion timeframes ranging from 7 days to indefinite retention. When data is deleted, it is permanently removed from our systems following secure deletion protocols.
Privacy Controls
Yes. BuildBetter provides granular access controls for all content:
- Default permissions based on organizational roles
- Custom permissions for specific recordings
- Private folders with restricted access
- Sharing controls for external access
- Time-limited access options
BuildBetter offers several features to protect sensitive information:
- Automatic PII detection and redaction
- Custom redaction rules for industry-specific information
- Ability to edit transcripts to remove sensitive content
- Permission-based visibility for redacted content
Yes. You maintain complete control over your data. You can:
- Export data in standard formats
- Delete individual recordings or documents
- Delete all data associated with specific users
- Request complete account deletion with verification
BuildBetter provides multiple consent mechanisms:
- Pre-meeting notifications to participants
- Visible bot participant for transparency
- Automatic announcements at meeting start
- Consent messages in meeting chat
- Documentation features for recording policies
While we provide these tools, compliance with local recording laws remains your responsibility.
Security Features
BuildBetter supports multiple authentication methods:
- Email/password with strong password requirements
- Single Sign-On (SSO) via SAML 2.0
- Google Workspace integration
- Microsoft 365 integration
- Multi-factor authentication (MFA)
- IP-based access restrictions (Enterprise plan)
Yes. Enterprise customers have access to comprehensive audit logs that track:
- User access events
- Permission changes
- Content creation and modification
- Administrative actions
- Authentication events
- Data export activities
Logs can be retained according to your compliance requirements.
BuildBetter has a robust incident response plan that includes:
- 24/7 monitoring for suspicious activities
- Automated alerts for potential security issues
- Dedicated security response team
- Customer notification procedures
- Regular testing of incident response processes
- Post-incident analysis and remediation
Yes. We provide security documentation to customers under NDA, including:
- Security whitepaper
- Compliance certifications
- Penetration test summaries
- Data processing agreements
- Security policies and procedures
Contact your account representative to request this documentation.
Security Best Practices
We recommend the following security practices:
- Enable multi-factor authentication for all users
- Implement role-based access controls
- Regularly review user access permissions
- Set appropriate data retention policies
- Train users on security awareness
- Use strong, unique passwords
- Enable SSO when available
Security concerns can be reported through:
- Our dedicated security email: security@buildbetter.ai
- The security contact form on our website
- For critical issues, call our security hotline at 1-800-BUILD-SEC
We follow responsible disclosure practices and will acknowledge reports within 24 hours.
Have more questions about security?
Contact our security team for detailed information
Was this page helpful?