Privacy Policy

BOQ Generator is an AI-powered tool that generates Bills of Quantities from Scope of Work documents for construction professionals, primarily in Zambia and Southern Africa. For data protection enquiries, contact us at the address listed on the Contact page.

• Account information: Your name and email address, provided via Google Sign-In (OAuth).
• Payment information: Payment is processed by Stripe. We do not store your card details. We store your Stripe session ID and payment status to fulfil your order.
• Document content: The text extracted from your uploaded Scope of Work document is used solely to generate your BOQ. The raw file is never stored on our servers — only the extracted text and the resulting BOQ JSON are retained.
• Generated BOQs: Your BOQ data is saved to your account so you can access and edit it later.
• Usage data: Standard server logs (IP address, timestamps, request paths) for security and debugging. These are not sold or shared.

• To provide and deliver the BOQ generation service you paid for.
• To save your generated BOQs to your account for future access.
• To process and verify your payment via Stripe.
• To respond to support requests you submit.
• To maintain the security and performance of our service.

We do not use your data for advertising, and we do not sell your data to any third party.

• Contract performance: Processing your document and payment to deliver the BOQ you purchased.
• Legitimate interests: Server logging for security and fraud prevention.
• Consent: By creating an account and uploading a document, you consent to the processing described in this policy.

• Supabase: Database and authentication hosting. Your account and BOQ data are stored in Supabase infrastructure.
• Stripe: Payment processing. Stripe's privacy policy applies to payment data.
• Google (OAuth): Used for sign-in only. We receive your name and email from Google with your consent.
• Google Gemini AI: The text of your uploaded document is sent to the Gemini API to generate the BOQ. This data is subject to Google's API data handling terms and is not used to train AI models under the standard API agreement.
• Vercel: Hosting provider for this application.

Your account and BOQ data are retained for as long as your account is active. If you request deletion of your account, we will delete your personal data and BOQ records within 30 days, except where we are required to retain it for legal or accounting purposes (e.g., payment records, which are retained for 7 years in line with standard financial recordkeeping requirements).

Under GDPR and POPIA, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data (“right to be forgotten”).
• Restrict processing of your data.
• Data portability: Receive your BOQ data in a machine-readable format (JSON/Excel).
• Withdraw consent at any time.

To exercise any of these rights, contact us via the Contact page.

We use only essential session cookies required for authentication (provided by Supabase). We do not use tracking, analytics, or advertising cookies.

All data is transmitted over HTTPS. Your BOQ data is stored in a secured Supabase database with row-level security — only you can access your own BOQs. Payments are handled entirely by Stripe; we never handle raw card data.

This service is not directed at individuals under 18. We do not knowingly collect personal information from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on this site. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, please contact us via the Contact page.