Terms, Privacy, DPA & Security.

1. Agreement. By creating an account or using neuroBLDR (the “Service”), you agree to these Terms on behalf of yourself and any organization you represent. If you don't agree, don't use the Service.

2. The Service. neuroBLDR is construction project-management software with AI features. It helps you draft, organize, and assemble documents. It is a tool — not a licensed architect, engineer, attorney, accountant, or insurer — and does not provide professional advice.

3. Accounts & acceptable use. You're responsible for your account, your users, and your content, and for keeping credentials secure. Don't misuse the Service: no unlawful use, no reverse-engineering, no attempts to breach security or other tenants' data, no uploading content you don't have the right to upload.

4. AI outputs. AI features generate drafts. They can be wrong or incomplete. You are responsible for reviewing every AI output before you rely on it, send it, or submit it. We make no warranty that AI outputs are accurate, complete, or fit for any purpose.

5. Your content & IP. You own the data and documents you put into the Service. You grant us a limited license to host and process that content solely to provide the Service. We own the Service software, and feedback you give us may be used to improve it.

6. Billing. Pricing is in early access and quoted on request. Paid plans renew automatically until cancelled. Fees are non-refundable except where required by law. You can cancel anytime; access continues through the end of the paid period (see the Privacy Policy for what happens to your data after).

7. Disclaimers & limitation of liability. The Service is provided “as is,” without warranties of any kind to the fullest extent permitted by law. To the maximum extent permitted by law, PlazaTech LLC will not be liable for indirect, incidental, special, or consequential damages, and our total aggregate liability is limited to the amounts you paid for the Service in the 12 months before the claim.

8. Governing law & disputes. These Terms are governed by the laws of the State of Texas, without regard to its conflict-of-laws rules. Any dispute will be resolved by binding arbitration administered under the American Arbitration Association's Commercial Rules, seated in Montgomery County, Texas. You and PlazaTech LLC waive any right to a jury trial and to participate in a class action — disputes are brought only in an individual capacity. Either party may still bring an individual claim in small-claims court. You may opt out of arbitration by emailing us within 30 days of first accepting these Terms.

9. Changes. We may update these Terms; material changes will be posted here with a new “last updated” date. Continued use after changes means you accept them.

What we collect. Account details (name, work email, company, role), the content you upload to run your projects, and usage/diagnostic data needed to operate the Service.

How we use it. To provide and improve the Service, process payments, send transactional email, and provide support. We do not sell your personal information, and we do not use your project data to train AI models — agents run through the Vercel AI Gateway with zero data retention configured on the model providers.

Sub-processors. We rely on a short list of vendors to run the Service, including Vercel (hosting, compute, blob storage), Neon (database), Stripe (payments), and Resend (email). Each is bound to protect your data.

Data retention. When you cancel, your workspace stays read-only for 90 days so you can export everything, then it is permanently deleted unless you reactivate. You can request earlier deletion.

Your rights. You can access, export, correct, or delete your data at any time. We honor applicable privacy rights, including under the CCPA (California) and the GDPR (EU/UK) — including access, portability, and deletion requests. To exercise any right, email contact@plazatech.llc.

Cookies. We use only the cookies needed to run the site and keep you signed in, plus privacy-friendly, cookieless analytics. We don't run third-party advertising trackers.

This DPA applies where we process personal data on your behalf and supplements the Terms. A countersigned copy is available on request at contact@plazatech.llc.

Roles. For data you upload, you are the data controller and PlazaTech LLC is the data processor. We process personal data only on your documented instructions and to provide the Service.

Security & sub-processors. We maintain the technical and organizational measures described in the Security section and use the sub-processors listed in the Privacy Policy, each under written data-protection terms. We'll give notice of new sub-processors.

Data-subject requests & breach. We'll assist you in responding to data-subject requests, and we'll notify you without undue delay after becoming aware of a personal-data breach affecting your data.

Return & deletion. On termination, you can export your data during the 90-day read-only window; after that we delete it. International transfers rely on appropriate safeguards (e.g., Standard Contractual Clauses) where required.

How we protect your data today:

• Workspace isolation — row-level slices in Postgres, per-project AI namespaces, no cross-tenant path.
• Encryption — TLS 1.3 in transit; AES-256 at rest on the database, object store, and disk.
• Time-bounded magic links — scoped per project, expiring on a schedule, revocable anytime.
• Drafts never auto-send — financial and contractual AI outputs require a human to review and send.
• Audit log — every state change is logged by workspace, actor, action, and target.
• Zero training — your project data is never used to train any model.

SOC 2 Type II is on the roadmap; the platform runs on SOC 2 providers (Vercel, Neon, Stripe). For vendor due diligence, a DPA, or a BAA, email contact@plazatech.llc.