Security Policy

BuildNest Security Policy

Effective Date: June 11, 2026. Last Updated: June 11, 2026.

BuildNest uses administrative, technical, and organizational safeguards to protect customer accounts, construction project data, documents, platform access, and operational systems.

This policy should be read together with the BuildNest Privacy Policy, Data Retention Policy, Cookie Policy, Terms and Conditions, and Refund Policy.

1. Purpose of This Policy

This Security Policy explains the administrative, technical, and organizational safeguards used by BuildNest to protect customer data, user accounts, project information, documents, communications, and platform infrastructure.

BuildNest is committed to maintaining a secure, reliable, and privacy-conscious construction management platform for customers, users, administrators, and stakeholders.

2. Scope

This policy applies to security practices for:

The BuildNest website, web application, mobile applications, APIs, and customer portals.
Customer workspace data, project data, documents, reports, billing records, and operational records.
User accounts, roles, permissions, authentication, and access controls.
Infrastructure, databases, backups, logs, integrations, and third-party service providers.
BuildNest employees, contractors, service providers, and authorized personnel who support the platform.

3. Security Principles

BuildNest follows these core security principles:

Protect customer data against unauthorized access, misuse, alteration, disclosure, loss, and destruction.
Limit access to data based on role, responsibility, and legitimate business need.
Maintain account, workspace, and tenant separation where applicable.
Use layered security controls across application, infrastructure, process, and people operations.
Monitor, review, and improve security practices as the platform evolves.

4. Account and Access Security

BuildNest uses account-level access controls to help ensure that users access only the information and features authorized for their role.

Customers are responsible for assigning appropriate users, roles, permissions, and administrator rights within their workspace.

Role-based access controls for platform users.
Administrative controls for workspace owners and authorized managers.
Session and authentication controls.
Account activity and access logging where applicable.
Prompt removal or deactivation of users who no longer require access.

5. Customer Data Protection

BuildNest applies reasonable safeguards to protect customer data, including project records, workforce information, procurement data, billing records, documents, photos, reports, and operational information.

Customer data remains owned by the customer, subject to the BuildNest Privacy Policy, Data Retention Policy, Terms and Conditions, and applicable agreements.

Tenant-aware data handling where applicable.
Restricted access to production systems.
Data backup and recovery practices.
Security review of sensitive operational workflows.
Secure handling of support and troubleshooting requests.

6. Infrastructure and Application Security

Application Controls

BuildNest is designed with application-level controls to protect user sessions, permissions, business workflows, and platform data.

Authentication checks
Authorization controls
Input validation
Error handling
Operational logging

Infrastructure Controls

BuildNest may use cloud, hosting, database, storage, monitoring, and infrastructure providers to operate the platform securely and reliably.

Access-restricted infrastructure
Environment separation where practical
Backup and recovery controls
Monitoring and diagnostic tools

Data Transmission

BuildNest uses secure communication practices for platform access and data exchange where technically supported by the relevant service or integration.

Payment Security

Where payments are processed through third-party payment gateways, BuildNest does not store complete card numbers, CVV numbers, UPI PINs, internet banking passwords, or sensitive banking credentials.

7. Monitoring, Logging, and Incident Detection

BuildNest may collect and review system logs, authentication events, access records, diagnostic data, audit trails, and security events to maintain platform reliability and detect suspicious activity.

Logs may be used for troubleshooting, abuse prevention, fraud detection, service improvement, legal compliance, and incident investigation.

8. Security Incident Response

If BuildNest identifies a security incident, BuildNest may take appropriate steps to investigate, contain, mitigate, recover, and communicate based on the nature and severity of the incident.

Assess the affected systems, accounts, data, and users.
Restrict unauthorized access or suspicious activity.
Preserve relevant logs and evidence.
Restore service reliability where needed.
Notify affected customers or users where required by applicable law or contractual obligation.

9. Customer Responsibilities

Customers and users play an important role in protecting their BuildNest accounts and data. Customers are responsible for:

Using strong, unique credentials and secure login practices.
Keeping account, email, phone, and administrator details accurate.
Granting access only to authorized users.
Removing users who leave the organization or no longer need access.
Reviewing roles, permissions, and project access regularly.
Protecting exported reports, downloaded files, shared links, and offline records.
Promptly reporting suspected unauthorized access or security concerns.

10. Third-Party Providers and Integrations

BuildNest may rely on trusted third-party providers for hosting, infrastructure, analytics, authentication, payment processing, communication, customer support, monitoring, and related operations.

Third-party providers are responsible for their own security practices. BuildNest selects providers based on operational need, reliability, and reasonable security considerations.

Customer use of optional integrations may be subject to the terms, security practices, and privacy policies of those third-party services.

11. Vulnerability Reporting

If you believe you have discovered a vulnerability or security weakness in BuildNest, please report it responsibly to BuildNest support.

Do not access, modify, delete, copy, disrupt, disclose, or misuse data that does not belong to you. Do not perform testing that may degrade, interrupt, or harm BuildNest systems or customer accounts.

Include a clear description of the issue.
Include affected URLs, endpoints, screenshots, logs, or reproduction steps where safe to share.
Do not publicly disclose the issue before BuildNest has had a reasonable opportunity to investigate and respond.

12. No Absolute Security Guarantee

BuildNest uses reasonable safeguards to protect the platform and customer data, but no online system, network, software, or storage method can be guaranteed to be completely secure.

Customers should use BuildNest together with appropriate internal policies, access reviews, employee training, device security, and data handling practices.

13. Updates to This Policy

BuildNest may update this Security Policy from time to time. Updated versions will be published on https://buildnestonline.in.

Continued use of BuildNest after updates are published constitutes acceptance of the revised Security Policy.

14. Contact Information

For security questions, suspected unauthorized access, or responsible vulnerability reports, contact BuildNest operated by FIXLAB.

BuildNest (Operated by FIXLAB)

FIXLAB

2nd Floor, Federal Bank Building

Vallikavu, Kollam

Kerala - 690525

India

Phone: 0476 2081156

Email: support@buildnestonline.in, hello@buildnestonline.in, sales@buildnestonline.in

Website: https://buildnestonline.in

Related Policies

support@buildnestonline.in 0476 2081156