Last updated: April 27, 2026
Buildable San Diego(“we”, “us”), the operator of this platform, takes privacy seriously. This policy explains what data we collect, how we use it, who we share it with, and what rights you have over it. We aim to describe actual practice — if something in the policy reads aspirational rather than factual, email us and we'll fix it.
Account information. When you create an account we collect your email address and a password hash (handled by Supabase Auth — we never see or store your plaintext password).
Analysis inputs. When you run a feasibility analysis we store the address or APN you entered, the zoning and overlay data we retrieved for that parcel, the development assumptions you set (stories, unit size, efficiency factor, lot coverage, parking type, preserved-unit count), and any tier or option selections you made on the results page.
Analysis results. We store the full output of each analysis — pathway unit counts, flags, audit narratives, and the PDF content when you generate a report — tied either to your account or, for analyses run without signing in, to a random analysis ID.
Sign-in events. Each time you sign in we record the timestamp, IP address, and browser user-agent string. We use this to detect sign-ins from devices we haven't seen in the past 90 days and alert you by email — a basic account-security measure. Repeated alerts for the same device within an hour are throttled to avoid noise.
Payment information. Checkout is handled by Stripe. Stripe collects and stores card data directly; we receive only the subscription or purchase confirmation, a Stripe customer ID, and whatever billing email you give them.
What we do not collect. We do not run third-party analytics, advertising pixels, or session-replay tools. There is no Google Analytics, PostHog, Segment, or Mixpanel integration on this site.
This is a notable detail that deserves its own section: when you generate a PDF report — either by printing or downloading a pathway card — a copy of that PDF, along with the parcel address, APN, zone, and analysis ID, is emailed to the San Diego Development Feasibility Analysis administrator's inbox. We use this during beta to audit report quality, catch calculation regressions, and spot edge cases we need to fix. The admin inbox is not shared with third parties, and duplicate notifications for the same report within two minutes are suppressed. If this concerns you, email us before running sensitive analyses and we'll disable the notification for your account.
We share data with the following service providers, only as necessary to operate the service:
We do not sell your personal data or share it for advertising purposes. We do not share analysis inputs or results with anyone outside the providers above.
When you run an analysis we query public GIS services to retrieve zoning, overlay designations, and site conditions for your parcel. These queries send the parcel address, APN, or geographic coordinates to the service. They do not include your account information.
Queried services include: SANDAG Regional Data Warehouse (parcel geometry), the City of San Diego Web GIS (zoning, overlays, historic resources, airport zones, FAA Part 77, water and sewer), CAL FIRE via San Diego Fire-Rescue (fire hazard severity), California Geological Survey (Alquist-Priolo fault zones), FEMA (flood zones), the California State Water Resources Control Board (water service areas), Metropolitan Transit System via SANDAG (trolley stops and lines), USGS 3DEP (ground elevation), and OpenStreetMap via the Overpass API (alleys, corner-lot detection, overhead utility lines). If the City geocoder cannot resolve an address, we fall back to OpenStreetMap's Nominatim service, which also receives the coordinates.
The map view in the calculator loads basemap tiles from OpenStreetMap / CARTO. Your browser contacts those tile servers directly when the map is displayed.
The platform includes an AI assistant — accessible from the help bubble in the lower-right, the dedicated /askpage, and an “Ask AI about this analysis” card on the results page. When you submit a question, the following data is sent to Anthropic's Claude API for processing:
We log a truncated copy of each question, a truncated copy of the answer, the model name, the knowledge-base version, token counts, latency, and your account ID to our ai_query_log table for cost monitoring and quality review. Logs are retained on our infrastructure (Supabase + Vercel) and are not shared with third parties beyond the providers listed above.
The conversation thread you see in the chat panel (history of your questions and the assistant's answers) is stored only in your browser's sessionStorage — it is cleared when you close the tab or window, and it is not synced to your account or any server-side database. If you want a permanent record of an AI conversation, copy the text out before closing the tab.
Analyses you run while signed in are private to your account. Only you, or an Buildable San Diego administrator, can view or download those results or their PDFs. The API routes that serve results and PDFs verify the requester is either the analysis owner or an admin before returning data.
Analyses run without signing in (“guest analyses”) are gated only by the random analysis ID in the URL — anyone with that URL can view the result. Do not share a guest-analysis URL with anyone you don't want to see the full analysis. Signing in before running an analysis is the more private option.
Supabase sets HTTP-only cookies on your browser to keep you signed in. Your browser's local storage holds recently-viewed addresses and APNs so the calculator can offer them as quick-access suggestions. We do not use third-party cookies, advertising identifiers, or tracking pixels.
We retain your account data and analyses for as long as your account is active. Sign-in event logs are kept indefinitely to support long-tail security review. Guest analyses (run without an account) are retained for the same reason — they carry no identifying information but contain the parcel inputs and results. If you'd like any of this removed, see the next section.
You can email us at any time and we will:
If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you these same rights by statute. We honor those requests without requiring you to assert a specific legal basis. We do not sell or share personal information as those terms are defined in the CCPA.
Data is transmitted over TLS. Passwords are salted and hashed by Supabase Auth — we never see plaintext passwords. Our service-provider API keys are held only in server-side environment variables and are never shipped to the browser. If we ever become aware of a breach affecting your personal data, we will notify you by email at the address on your account.
This platform is a professional tool intended for adults evaluating real estate. We do not knowingly collect data from anyone under 16. If you believe we have, contact us and we will delete it.
If we change this policy in a material way, we will update the date at the top of this page and — for registered users — send a notice to the email on file. For non-material edits (clarifications, typo fixes) we update the date silently.
Questions, concerns, or requests? Email hello@buildablesd.com. We respond to privacy requests within a reasonable time, generally under 30 days.