Legal
Effective date: May 13, 2026
This Privacy Policy explains how Foreman AI collects, uses, and protects information when you interact with the Blueprints application, dashboard, marketing site, and APIs (the "Services"). Capitalized terms not defined here have the meanings given in the Terms of Service. To the maximum extent permitted by law, this Privacy Policy is incorporated into and forms part of the Terms of Service; the Terms of Service govern in the event of any conflict, except where mandatory privacy law requires otherwise.
Business-to-business notice. The Services are offered to businesses and licensed construction professionals for commercial use. Where applicable, Foreman AI treats data you submit on behalf of your business as Customer Data of that business, not as your individual personal information. Under the California Consumer Privacy Act (CCPA/CPRA), business contact information and information collected in a business-to-business context is processed under the available B2B framework to the extent permitted.
Information we do not intentionally collect. Foreman AI does not request and does not intentionally collect Sensitive Personal Information as defined under CCPA/CPRA, Sensitive Data as defined under the Colorado Privacy Act, Virginia CDPA, Connecticut CTDPA, Utah UCPA, Texas TDPSA, Oregon OCPA, or other comparable state laws (including, without limitation, government identifiers, precise geolocation, biometric or genetic data, racial or ethnic origin, religious beliefs, sexual orientation, union membership, immigration status, mental or physical health diagnosis, or children's data). You agree not to upload such data to the Services. If you do, you do so at your own risk and you grant Foreman AI the same rights with respect to such data as for any other Customer Data, except where mandatory law forbids such grant.
Cookies and similar technologies. The Services use first-party cookies, local storage, session tokens, and similar technologies necessary to authenticate you, remember your preferences, secure the platform, and measure performance. We do not use third-party advertising or cross-site tracking cookies. You can control cookies through your browser settings; disabling essential cookies may break the Services. Foreman AI honors recognized opt-out preference signals (such as Global Privacy Control / "GPC") to the extent required by applicable law.
We do not sell, rent, or trade your identifiable personal information or Customer Data to third-party advertisers, data brokers, or marketing networks. We may publish, license, sell, distribute, and otherwise commercialize aggregated and de-identified data (data that does not identify you, your company, your customers, or any specific project) — including pricing benchmarks, cost indices, productivity metrics, market reports, and other data products — for any lawful purpose. We commit not to attempt to re-identify de-identified data, and we contractually require recipients of de-identified data to make the same commitment.
Automated decision-making and AI outputs. The Services use artificial intelligence, machine learning, large language models, and other automated systems to generate plan analyses, takeoffs, estimates, schedules, RFIs, and other outputs. AI outputs are decision-support tools, not decisions. They do not produce legal, financial, employment, credit, housing, insurance, education, or healthcare effects on individuals, and they are not intended to be used for any purpose that would constitute "profiling" or "solely automated decision-making" with legal or similarly significant effects under GDPR Article 22, the Colorado Privacy Act, the California Automated Decision-making Technology rules, or comparable laws. You are solely responsible for any human review, verification, and final decision based on AI outputs. See the Terms of Service for the full no-warranty and decision-support disclaimers.
Legal bases (GDPR). Where GDPR or UK GDPR applies, Foreman AI processes personal data on one or more of the following bases: (a) performance of a contract with you; (b) our legitimate interests in operating, securing, improving, and commercializing the Services; (c) compliance with legal obligations; and (d) your consent, where required.
For details on your contractual rights regarding training and aggregation — including enterprise opt-out from AI model training — see Section 3 of the Terms of Service.
Foreman AI offers optional email integrations so you can search, read, and send email directly from within the application. These integrations are entirely opt-in — no email data is accessed until you explicitly connect your account.
When you connect your Gmail account, Foreman AI requests the following permissions (scopes):
How we use your Gmail data:
What we do NOT do with your Gmail data:
Foreman AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
When you connect your Microsoft account, similar permissions are requested via Microsoft Graph to search, read, and send email. The same data-handling principles described above apply.
You may disconnect your Gmail or Outlook account at any time from the Integrations panel in your Foreman AI session. Upon disconnection, all stored OAuth tokens are immediately deleted from our systems and no further access to your email occurs.
Depending on where you live, you may have specific rights under privacy laws including the CCPA/CPRA (California), CPA (Colorado), CDPA (Virginia), CTDPA (Connecticut), UCPA (Utah), TDPSA (Texas), OCPA (Oregon), as well as GDPR / UK GDPR. These may include the right to know, access, correct, delete, port, restrict, or object to certain processing, and to opt out of "sales," "sharing," or targeted advertising. Foreman AI does not engage in cross-context behavioral advertising and does not "sell" or "share" personal information for advertising purposes within the meaning of those statutes.
Identity verification. Before fulfilling a rights request, Foreman AI will take commercially reasonable steps to verify your identity. This may include matching information you provide against information we already maintain, requesting government-issued identification (which we will destroy after verification), or requiring you to authenticate through your account. We will not fulfill a request we cannot verify. Requests submitted through authorized agents must include written, signed authorization and proof of identity.
Limits. Foreman AI may deny or limit a request to the extent (a) verification fails, (b) the request is manifestly unfounded, repetitive, or excessive, (c) compliance would conflict with a legal obligation, contract, security or fraud-prevention need, defense of legal claims, free expression, or another permitted exception, or (d) the data has been aggregated or de-identified in a manner that cannot reasonably be linked back to you.
No discrimination. Foreman AI will not deny services, charge different prices, or provide a different level of service because you exercised a privacy right, except as permitted by law.
The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a minor has provided data, contact us to remove it.
We may update this Privacy Policy to reflect operational, legal, or regulatory changes. We will post the revised version with a new effective date and notify you when material updates occur. Your continued use of the Services after the effective date of an updated Privacy Policy constitutes acceptance of the updated terms.
California (CCPA/CPRA). In the preceding twelve (12) months, Foreman AI has collected the categories of personal information described in Section 1 for the business and commercial purposes described in Section 2 and disclosed them to the categories of recipients described in Section 3. Foreman AI does not sell or share personal information for cross-context behavioral advertising and does not knowingly sell or share the personal information of consumers under sixteen (16) years of age. To exercise California rights, email privacy@foremanai.co.
Colorado (CPA), Connecticut (CTDPA), Virginia (CDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), and other state laws. Residents of these states have rights described in Section 5 and may submit requests to privacy@foremanai.co. Foreman AI does not engage in targeted advertising, sale of personal data, or profiling in furtherance of decisions producing legal or similarly significant effects, as those terms are defined under applicable state laws.
EU / UK / EEA / Switzerland. Where required, Foreman AI relies on Standard Contractual Clauses and other approved transfer mechanisms for cross-border transfers. The controller for personal data processed under this Privacy Policy is Foreman AI (United States). EU/UK data subjects may contact a supervisory authority. A Data Processing Addendum (DPA) is available to enterprise customers on request.
To the maximum extent permitted by applicable law, any dispute, claim, or controversy arising out of or relating to this Privacy Policy, the collection, use, retention, disclosure, or commercialization of information described herein, or any alleged privacy harm is subject to the arbitration agreement, class-action waiver, jury-trial waiver, limitation of liability, prevailing-party fees, one-year limitations period, El Paso County (Colorado) venue, Colorado governing law, and all other defensive and procedural provisions of the Terms of Service, which are incorporated herein by reference.
Except where a statute expressly grants a non-waivable private right of action, this Privacy Policy does not create, and shall not be construed to create, any private right of action, third-party-beneficiary right, or independent cause of action. Statutory rights expressly conferred by applicable privacy laws are preserved only to the extent and in the manner required by such laws.
If any portion of this Privacy Policy is held unenforceable, the remainder shall remain in full force and effect, and the unenforceable portion shall be reformed to the minimum extent necessary to make it enforceable while preserving the parties' original intent (blue-pencil reform).
Questions? Email hello@foremanai.co. Privacy rights requests: privacy@foremanai.co.
