Legal & Privacy
Baulit takes your data privacy and legal compliance seriously. This page explains the legal policies governing Baulit, how consent is managed, and how your data is handled — particularly with respect to AI features.
Legal Policies
Baulit maintains five legal documents, all managed through Termly Pro. Each policy is accessible from the Legal tab in Settings and opens in a new browser tab.
| Policy | What It Covers |
|---|---|
| Privacy Policy | How Baulit collects, uses, stores, and protects your personal data. Covers data retention, third-party sharing, and your rights regarding your information. |
| Terms of Service | The agreement governing your use of Baulit. Covers account responsibilities, acceptable use, intellectual property, liability limitations, and dispute resolution. |
| Cookie Policy | Details on the cookies and tracking technologies used by Baulit, including which cookies are essential, which are optional, and how to manage your preferences. |
| Disclaimer | Limitations of warranty and liability. Clarifies that Baulit is a project management tool and does not provide legal, financial, or construction advice. |
| Acceptable Use Policy | Rules governing acceptable behavior on the platform, including prohibited activities and content restrictions. |
Accessing Legal Documents
You can access all five policies at any time:
- In the app: Go to Settings > Legal tab. Each policy is listed with a link that opens the full document.
- On the marketing site: Links are available in the footer of baulit.com.
- During signup: The Terms of Service is linked from the signup form (see below).
Consent Management
Terms of Service Consent
When you create a Baulit account, the signup form includes a checkbox confirming that you have read and agree to the Terms of Service. You cannot create an account without checking this box. This ensures that every Baulit user has explicitly agreed to the terms governing the platform.
Cookie Consent Banner
Both the app (app.baulit.com) and the marketing site (baulit.com) display a cookie consent banner on first visit. The banner allows you to accept or decline non-essential cookies. Your preference is stored and the banner does not reappear unless you clear your browser data.
You can update your cookie preferences at any time by clicking the Cookie Preferences button in the Legal tab of Settings. This reopens the Termly consent manager where you can adjust which cookie categories are active.
Data Ownership and BYOK
Baulit uses a Bring Your Own Key (BYOK) model for AI features. This means:
- You own your API key. Baulit stores your Anthropic API key encrypted using AES-256-GCM. The key is used exclusively to process your AI requests and is never shared with other users or third parties.
- You control your AI costs. Because you provide your own key, AI usage is billed directly to your Anthropic account. Baulit does not add surcharges or markups to AI usage.
- You can revoke access at any time. Remove your API key from Settings > Account to immediately stop all AI processing. You can also revoke the key directly from your Anthropic dashboard.
For setup instructions, see BYOK Setup.
AI Disclaimers
Baulit's AI features are tools to help you work faster — they are not substitutes for professional judgment. Two core principles govern all AI functionality:
"The AI Drafts, the Builder Decides"
Every AI feature in Baulit is human-in-the-loop. The AI generates drafts, suggestions, and extracted data, but you always have the final say. No AI output is automatically saved, submitted, or acted upon without your explicit review and approval.
This applies to all seven AI features: natural language queries, template generation, daily log drafting, stakeholder emails, change order narratives, budget commentary, and invoice extraction.
No Financial or Legal Advice
Baulit's AI features do not provide financial projections, legal advice, or construction engineering recommendations. AI-generated content such as budget commentary or change order narratives is informational only and should be reviewed by qualified professionals before being used in legal, financial, or contractual contexts.
Data Security
Baulit stores all project data in Supabase (PostgreSQL) with row-level security (RLS) enabled on every table. This means:
- Users can only access projects they are members of.
- Database queries are filtered at the database level, not just the application level.
- File storage uses project-membership-based access controls for upload and delete operations.
For more on how roles and access work, see Roles & Permissions.