Privacy Policy

What this policy covers

Building Timelapse is an AI tool that turns a photo of a current real-estate site and a future architectural rendering (which you upload, or which the Service can auto-generate) into a short cinematic AI "construction timelapse" video. To do that we handle some personal data about you and the images you upload. This policy describes that handling.

Defined terms used here — "Service", "you", "we", "Content" (the images and other inputs you provide), "Outputs" (the generated videos and renderings), and "Sub-processors" (the third parties that help us run the Service) — have the same meaning as in our Terms of Service. If anything in this policy conflicts with applicable law, the law controls.

What we collect

We collect the following categories of data:

Account data

When you sign up with email and password, we collect your name, your email address, and a hashed (not plaintext) version of your password. We never store your password in readable form.

Content you upload

The images you upload — current-site photos and future renderings — and any renderings the Service generates on your behalf. These are stored so we can process them and so you can return to your work.

Outputs

The generated timelapse videos (and any auto-generated renderings) the Service produces from your Content.

Usage and log data

Standard technical and usage information generated when you use the Service, including your IP address, request and activity logs, and basic device/browser information. We use IP address in particular to rate-limit signups and otherwise detect and prevent abuse.

Payment metadata

When you buy a one-time credit pack, payment is processed by Stripe. We receive and store payment metadata — a Stripe customer identifier and records of your purchases (such as which pack and amount). We never see or store full card numbers; card details are handled entirely by Stripe.

How and why we use your data

We use the data above to:

• Provide and operate the Service — create and authenticate your account and workspace, store your Content and Outputs, and run generations (including transmitting your images and derived prompts to the AI Sub-processors that produce Outputs).
• Process payments and manage Credits — complete one-time credit-pack purchases through Stripe, grant and track Credits (including your 6 free signup Credits), apply or remove the free-grant watermark, and automatically refund Credits reserved for any generation that fails.
• Prevent abuse and keep the Service secure — including using IP address to rate-limit signups and detect fraudulent, automated, or abusive activity.
• Provide support — respond to your requests, including refund, deletion, and other account requests sent to support.
• Comply with law — meet legal, tax, and regulatory obligations and enforce our Terms.

We do not sell your personal data. We do not use third-party advertising or cross-site tracking. We do not use your Content to train our own or third parties' general-purpose AI models beyond what is necessary to produce your Outputs through the Sub-processors below.

Sub-processors and sharing

We share data only with the service providers ("Sub-processors") that help us run the Service, and only as needed for the purposes above. Importantly, to generate Outputs we transmit your uploaded images and the prompts derived from them to third-party AI providers. This list matches the third-party services described in our Terms of Service. Our Sub-processors are:

• Cloudflare — hosting and infrastructure, the D1 database (account, project, and usage data), and R2 object storage (your uploaded images and generated videos).
• Stripe — payment processing; receives the information needed to charge you and returns the payment metadata we store (we do not receive full card numbers).
• Replicate — AI video generation and image rendering; we send your images and derived prompts so it can produce your timelapse videos and any auto-generated renderings.
• OpenRouter — AI vision analysis; we send your images so it can analyze them and help build the generation prompt.

Each Sub-processor handles your data under its own terms and privacy practices, and the underlying AI models may have their own terms as well. We may also disclose data if required by law, to protect our rights, users, or the public, or in connection with a merger, acquisition, or sale of assets (in which case we will require the recipient to honor this policy).

Legal bases for processing

Where laws such as the EU/UK GDPR apply, we rely on the following legal bases (in plain language):

• Performance of a contract — to create your account, store your Content and Outputs, run generations, and process your credit-pack purchases so we can provide the Service you asked for.
• Legitimate interests — to keep the Service secure, prevent abuse (including IP-based signup rate-limiting), provide support, and improve and maintain the Service, balanced against your rights.
• Legal obligation — to keep records (for example, payment and tax records) and respond to lawful requests.
• Consent — where we ask for it; you can withdraw consent at any time without affecting processing already carried out.

Cookies

We use only first-party cookies that are necessary to keep you signed in and maintain your session (authentication). We do not use third-party advertising cookies or cross-site tracking technologies. Disabling these essential cookies may prevent you from signing in or using the Service.

Data retention

We keep your account data, Content, and Outputs while your account is active so you can continue to use the Service. We retain payment and transaction records for as long as needed for legal, tax, and accounting purposes.

You can request deletion of your account and associated data by emailing support@buildingtimelapse.com. Self-serve account deletion is planned but not yet available. When you request deletion, we remove your account data, Content, and Outputs from our systems within a reasonable period, except where we must retain certain records to meet legal obligations or resolve disputes. Note that some data already transmitted to Sub-processors is also subject to their own retention practices.

Your rights

You can exercise the following rights by emailing support@buildingtimelapse.com; we may need to verify your identity before acting on a request:

• Access — get a copy of the personal data we hold about you.
• Correct — fix inaccurate or incomplete data.
• Delete — request deletion of your account and associated data (see Data retention above).
• Export — receive your data in a portable format.

Depending on where you live, you may have additional rights. Under the EU/UK GDPR, these can include the rights to restrict or object to processing, to data portability, to withdraw consent, and to lodge a complaint with your local data protection authority. Under the California CCPA/CPRA, you have the right to know what personal information we collect and how we use and disclose it, to access and delete it, to correct it, and to not be discriminated against for exercising your rights. Because we do not sell or share personal information for advertising and do not use cross-context behavioral advertising, there is no "sale" or targeted-advertising opt-out to exercise. We honor these rights regardless of where you live to the extent applicable law allows.

Security

We protect your data using encryption in transit and reputable infrastructure providers (Cloudflare for hosting, database, and storage; Stripe for payments). Passwords are stored only as salted hashes, never in plaintext. No method of transmission or storage is completely secure, so we cannot guarantee absolute security; please use a strong, unique password and keep your account credentials confidential.

International processing

We operate the Service from, and process data in, the United States, and we use the Sub-processors listed above, which may also process data in the United States or other countries. If you access the Service from outside the United States, you understand that your data — including your Content — will be transferred to and processed in the United States and by those Sub-processors, where data protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for these transfers.

Children

The Service is intended for real-estate developers and architects and is not directed to children. You must be at least 18 years old to use the Service (and at least 16 in the EU and UK). We do not knowingly collect personal data from anyone under these ages. If you believe a child has provided us personal data, contact support@buildingtimelapse.com and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will revise the date at the top and, for material changes, take reasonable steps to notify you (for example, by email or an in-app notice). Your continued use of the Service after an update takes effect means you accept the revised policy.

Contact us

If you have questions about this Privacy Policy or your data, or to exercise any of your rights, contact us at support@buildingtimelapse.com. The Service is operated by Jupiter Labs Consulting.