Privacy Policy
Last Updated: October 29, 2025
Important Notice: This Privacy Policy explains how Building Lore ("we," "us," or "our") collects, uses, discloses, and safeguards your information when you use our mobile application. Please read this privacy policy carefully. By using the app, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email Address: Required for email/password authentication or provided by OAuth providers (Google, Apple)
- Display Name: Optional, can be provided during account setup or updated later
- Profile Photo URL: Optional, automatically provided when using Google or Apple Sign-In
- User ID (UID): Automatically generated unique identifier
- Authentication Provider: Information about how you signed up (email, Google, Apple)
- Email Verification Status: Whether your email has been verified
- Account Creation Date: Timestamp of when your account was created
- Last Sign-In Date: Timestamp of your most recent sign-in
1.2 Photos and Images
When you use our building analysis features, we collect:
- Building Photographs: Images you capture or upload for analysis (compressed to max 1024x1024px at 75% quality)
- EXIF Metadata: GPS coordinates embedded in photos (if available)
- Image Technical Data: Dimensions, file size, compression ratio, file extension, content type
- Building Selection Region: Normalized coordinates (0.0-1.0) of the specific area you select for analysis, including center point and radius
- Cropped Images: Server-generated cropped versions created for improved AI analysis accuracy
1.3 Location Information
With your permission, we collect:
- GPS Coordinates: Fine location data (latitude and longitude) captured when you take photos
- Location Context: Used to provide geographic context for building analysis
Note: Location data represents where you (the photographer) were standing, not necessarily the building's location. Location collection is optional and requires your explicit permission through device settings.
1.4 Device and Platform Information
- Platform Type: Whether you're using Android or iOS
- Device Capabilities: Camera availability
- App Version: Version of Building Lore you're using
1.5 Subscription and Usage Information
- Subscription Status: Whether you have a free or premium account
- Subscription Type: Monthly or yearly subscription (if applicable)
- Purchase History: Subscription purchase and renewal dates
- Scan Usage: Number of building scans remaining (free tier: 3 per day)
- Usage Timestamps: When scans are performed and when daily limits reset
1.6 Analysis Data
AI-generated information about buildings you analyze:
- Building type, name, and architectural style
- Historical information and construction dates
- Architect names and architectural features
- Historical significance and current status
- AI-generated narrative descriptions
- Confidence scores and research sources
- Processing metadata (tokens used, processing time, model version)
2. How We Use Your Information
We use the collected information for the following purposes:
2.1 Primary Service Functions
- Building Analysis: Processing your photos through Google Gemini AI to generate architectural and historical analyses
- Account Management: Creating and maintaining your user account, including authentication and session management
- Subscription Management: Processing subscriptions, managing usage limits, and enabling premium features
- Content Generation: Creating text-to-speech audio narrations of building histories using ElevenLabs
2.2 Service Improvement
- Understanding how users interact with our app
- Improving AI analysis accuracy
- Developing new features and functionality
- Troubleshooting technical issues
2.3 Communication
- Sending email verification messages
- Providing customer support
- Sending important service announcements
- Notifying you about subscription renewals or expiration
2.4 Legal Compliance
- Complying with legal obligations
- Protecting our rights and property
- Preventing fraud and abuse
3. Third-Party Services
Building Lore integrates with the following third-party services. Each service has its own privacy policy governing how they collect, use, and protect your data:
| Service |
Purpose |
Data Shared |
Privacy Policy |
| Firebase Authentication |
User account management |
Email, password (hashed), name, profile photo, authentication tokens |
Firebase Privacy |
| Firebase Firestore |
User profile storage |
User profiles, timestamps, account metadata |
Firebase Privacy |
| Google Gemini AI |
Building analysis |
Building photos (optimized to 768px, 2MB max), GPS coordinates, selection regions, text prompts |
Google AI Privacy |
| ElevenLabs |
Text-to-speech audio generation |
Building analysis narrative text |
ElevenLabs Privacy |
| RevenueCat |
Subscription management |
User ID, purchase receipts, subscription status, device information |
RevenueCat Privacy |
| Cloudflare R2 |
Image storage |
Building photos and cropped versions |
Cloudflare Privacy |
| Railway |
Server hosting |
Server logs, database backups |
Railway Privacy |
| Google Play Services |
Google Sign-In, location services (Android) |
Google authentication tokens, location data |
Google Privacy |
| Apple Sign-In |
Apple authentication (iOS) |
Email (may be relay email), name, Apple ID token |
Apple Privacy |
Important: When you use our app, your building photos are sent to Google's Gemini AI service for analysis. Google processes these images according to their privacy policy. We optimize and compress images before transmission, and Google does not use your data to train their models without separate consent.
4. Data Storage and Security
4.1 Where Your Data is Stored
On Your Device (Local Storage):
- Building analysis results stored in local SQLite database
- Compressed copies of your building photos
- Image thumbnails for upload history
- Subscription and usage preferences
- Cached data for offline viewing
On Our Servers:
- Database (PostgreSQL on Railway): User profiles, upload metadata, analysis results, subscription status
- Image Storage (Cloudflare R2): Original and cropped building photos, organized by date
- Audio Storage (Server Filesystem): Generated text-to-speech MP3 files
4.2 Data Retention
We retain your data as follows:
- Account Data: Retained until you delete your account
- Building Photos and Analyses: Stored indefinitely on our servers and your device unless you manually delete them
- Local Device Data: Remains on your device until you delete the app or clear app data
- Server Logs: Retained for operational purposes and automatically cycled
4.3 Security Measures
We implement industry-standard security measures to protect your data:
- Encryption in Transit: All data transmitted between your device and our servers uses HTTPS/TLS encryption
- Database Security: PostgreSQL connections secured with SSL/TLS
- Authentication Security: Firebase handles password hashing using industry-standard algorithms
- OAuth Security: Platform-managed authentication tokens for Google and Apple Sign-In
- Device Storage: Local SQLite databases protected by operating system sandboxing (Android) and data protection (iOS)
- Access Controls: Limited server access restricted to authorized personnel
- Secure APIs: API endpoints require authentication and use secure communication protocols
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
5. International Data Transfers
Building Lore is operated from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States and other countries where our third-party service providers operate.
These countries may have data protection laws that differ from your country. By using our app, you consent to the transfer of your information to the United States and other countries.
For European Economic Area (EEA) users: We rely on appropriate safeguards for international data transfers, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for certain countries
- Service providers certified under relevant data protection frameworks
6. Your Privacy Rights
Depending on your location, you may have certain rights regarding your personal information:
6.1 General Rights (All Users)
- Access: Request information about the personal data we hold about you
- Deletion: Request deletion of your account and associated data
- Correction: Update or correct inaccurate information
- Data Portability: Request a copy of your data in a structured, machine-readable format
6.2 In-App Data Controls
- Delete Saved Buildings: Remove individual building analyses from your local storage
- Clear Local Data: Remove all locally stored data through app settings
- Sign Out: End your session (does not delete your account)
- Manage Permissions: Control camera and location access through device settings
6.3 Account Deletion
To delete your account and all associated data:
- Contact us at [email protected] with your account email
- We will verify your identity
- We will delete your account, user profile, and all associated data within 30 days
- Some data may be retained in backups for up to 90 days before permanent deletion
7. Children's Privacy
Age Requirement: Building Lore is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.
7.1 COPPA Compliance
In accordance with the Children's Online Privacy Protection Act (COPPA):
- We do not knowingly collect, use, or disclose personal information from children under 13
- We do not allow children under 13 to create accounts
- We do not require children to disclose more information than reasonably necessary to use the app
7.2 Parental Rights
If you are a parent or guardian and believe your child under 13 has provided us with personal information:
- Contact us immediately at [email protected]
- We will promptly delete the child's account and all associated information
- We will take steps to prevent the child from re-registering
7.3 Users Aged 13-17
If you are between 13 and 17 years old:
- You may use Building Lore with parental or guardian permission
- We recommend you review this privacy policy with your parent or guardian
- Parents can request deletion of their teen's data by contacting us
8. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
8.1 Right to Know
You have the right to request that we disclose:
- Categories of personal information we collected about you
- Categories of sources from which the personal information was collected
- Business or commercial purpose for collecting personal information
- Categories of third parties with whom we share personal information
- Specific pieces of personal information we collected about you
8.2 Right to Delete
You have the right to request deletion of personal information we collected from you, subject to certain exceptions.
8.3 Right to Opt-Out
You have the right to opt-out of the "sale" or "sharing" of your personal information. We do not sell or share your personal information for advertising purposes.
8.4 Right to Correct
You have the right to request correction of inaccurate personal information.
8.5 Right to Limit Use of Sensitive Personal Information
We do not use or disclose sensitive personal information beyond what is necessary to provide our services.
8.6 Right to Non-Discrimination
We will not discriminate against you for exercising your CCPA/CPRA rights.
8.7 How to Exercise Your Rights
To exercise your California privacy rights:
- Email us at [email protected]
- Include "California Privacy Rights Request" in the subject line
- Provide your name, email address, and description of your request
- We will respond within 45 days (may be extended by an additional 45 days if necessary)
8.8 Verification Process
To protect your privacy, we will verify your identity before processing requests. We may ask for:
- Email address associated with your account
- Additional information to match our records
- Confirmation through your registered email
8.9 Authorized Agents
You may designate an authorized agent to make requests on your behalf. The agent must provide:
- Written authorization signed by you
- Proof of their identity
- We may still require you to verify your identity directly
9. European Privacy Rights (GDPR)
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under the General Data Protection Regulation (GDPR):
9.1 Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent: When you provide explicit consent (e.g., location access)
- Contract Performance: To provide the services you requested (building analysis)
- Legitimate Interests: To improve our services and prevent fraud
- Legal Obligation: To comply with applicable laws
9.2 Your GDPR Rights
- Right of Access: Obtain confirmation and a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data
- Right to Restriction of Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
- Right to Lodge a Complaint: File a complaint with your local data protection authority
9.3 Data Protection Authority
If you are in the EEA, you have the right to lodge a complaint with your supervisory authority:
9.4 How to Exercise Your Rights
To exercise your GDPR rights, contact us at [email protected] with "GDPR Request" in the subject line. We will respond within one month.
10. Cookies and Tracking
Building Lore uses minimal tracking technology:
10.1 What We Use
- Authentication Tokens: To maintain your logged-in session (stored locally on your device)
- Local Storage: To cache building analyses and preferences
- RevenueCat SDK: To manage subscription status
10.2 What We Don't Use
- No advertising cookies or tracking pixels
- No third-party analytics beyond what's required for service operation
- No cross-site tracking
- No behavioral advertising
10.3 Do Not Track
Our app does not respond to "Do Not Track" signals because we do not track users across third-party websites or apps.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
11.1 How We Notify You
- We will update the "Last Updated" date at the top of this policy
- For material changes, we will notify you via email or in-app notification
- Continued use of the app after changes constitutes acceptance
11.2 Review Regularly
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For GDPR-related requests: Please include "GDPR Request" in your email subject line
For CCPA-related requests: Please include "California Privacy Rights Request" in your email subject line
For account deletion: Please include "Account Deletion Request" in your email subject line
© 2025 Always Caffeinated LLC. All rights reserved.
This privacy policy was last updated on October 29, 2025.