Builder PathBuilder PathLog in →
Draft — pending attorney review. This document describes Builder Path's intended practices and will be replaced with finalized legal text before commercial launch.

Privacy Policy

Last updated: May 7, 2026

1. Who we are

Builder Path is operated by Visionairy LLC ("Visionairy", "we", "us"), a Washington-based company. Builder Path is a software platform that helps spec construction lenders identify and reach small residential builders in their territory.

Contact: [email protected]

2. What we collect

Account information (about you, the user)

  • Name, email address, role, NMLS number (if provided)
  • Password hash (we never store your password in plaintext)
  • Account creation and last-login timestamps
  • Email signature block content for compliance (NMLS, footer disclosures)
  • Outreach configuration: target counties, ZIP codes, cities, price ranges, lot-size minimums
  • Lender organization affiliation (org_id) and assigned territory

Email integration tokens (when you connect Microsoft 365 or Gmail)

  • OAuth refresh tokens used to send outreach emails on your behalf from your inbox
  • We never read your inbox, contacts, or unrelated email threads
  • Tokens are encrypted at rest and revocable at any time from your settings

Builder records (about third-party business entities)

  • Public records: county recorder land transactions, contractor licenses, business registrations
  • Builder entity data: company name, principals, registered agent, license status, formation history
  • Permits issued: address, jurisdiction, valuation, type, date
  • Web-enriched contact information: corporate email, phone, website (sourced via search and enrichment APIs)
  • Activity you log: calls, emails, meetings, stage changes, notes

Builder data is sourced from public records and used to support legitimate B2B outreach. We do not collect builder consumer information and we do not target individuals outside of their professional capacity as construction company representatives.

Cookies and session

  • A session cookie issued by NextAuth on sign-in (used to keep you logged in)
  • No third-party advertising or analytics tracking cookies
  • No cross-site tracking

3. How we use the data

  • Operate the platform (auth, dashboards, outreach drafts, scoring, weekly refresh)
  • Send outreach emails on your behalf when you approve them — outreach is never sent without your explicit approval
  • Draft email copy using AI models (powered by OpenRouter / Anthropic) — drafts are reviewed and edited by you before any send
  • Generate analytics and reporting for you and your lender organization administrators
  • Notify you of account, billing, or service changes
  • Enforce our Terms and prevent abuse

We do not sell your data. We do not share builder records with other lenders without the structural separation described in our shared-builder-pool architecture (which is not yet active).

4. Third-party services we use

We rely on the following processors to operate Builder Path. Each processes data only as necessary for their service.

  • Render — hosting, database, scheduled jobs
  • Cloudflare — content delivery and DNS
  • Microsoft (Azure) — Microsoft 365 email integration via OAuth
  • Google — Gmail email integration via OAuth
  • Tavily — public-web enrichment search
  • Apollo — contact enrichment fallback
  • ATTOM — property and permit data feed
  • OpenRouter / Anthropic — AI model serving for outreach drafting
  • Stripe — payment and invoice processing

5. How long we keep data

  • User accounts: retained while active. On deactivation we retain a record for compliance and audit purposes; you can request deletion (see Section 6).
  • Builder records: retained indefinitely. Builder records are public-records-derived business entities and are part of the platform's historical intelligence layer; they are never deleted.
  • OAuth tokens: retained while the connection is active. Removed when you disconnect or revoke at the provider.
  • Outreach history: retained for compliance with anti-spam and lender record-keeping rules.
  • Logs: operational logs retained up to 90 days, then rotated.

6. Your rights

Depending on where you live, you may have rights under laws including the California Consumer Privacy Act (CCPA) or the EU General Data Protection Regulation (GDPR). You can:

  • Access and export the data we hold about your account
  • Correct inaccurate information
  • Delete your account data (subject to compliance retention requirements)
  • Disconnect any connected email provider at any time
  • Opt out of marketing communications from us (operational and billing emails are unavoidable while your account is active)

To exercise any right, email [email protected].

7. Outreach and CAN-SPAM

Outreach emails sent through Builder Path are sent from your own connected inbox under your name and signature. You are the sender for legal purposes; we provide the tooling. Every outreach email includes your business contact information and an unsubscribe option. We do not send anonymous, unattributed, or spoofed email on your behalf.

8. Security

  • All connections use HTTPS / TLS
  • Passwords stored as bcrypt hashes
  • OAuth tokens encrypted at rest
  • Database access limited to the application service account; no direct access to operators
  • Backups encrypted at rest with the database provider

No system is perfectly secure. If you discover a security issue, please email [email protected].

9. Children

Builder Path is a B2B tool for licensed lending professionals. The service is not directed to anyone under 18, and we do not knowingly collect data from minors.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will post the new version here, update the "Last updated" date above, and notify active users by email if the changes affect how their data is used.

11. Contact

Questions about this policy or your data: [email protected]