Security (BuildWise)

At BuildWise, we take security seriously and use reasonable safeguards designed to protect information.

Last updated: [Month Day, Year] Applies to: website + service workflows Contact: contact@buildwise.agency
Report security issue

Security Overview

At BuildWise, we take security seriously. We use reasonable administrative, technical, and organizational safeguards designed to protect the information we handle while operating our website and delivering services.

No system can be guaranteed 100% secure. This page describes the general security practices we follow and how to contact us about security concerns.

What This Page Covers

This Security page applies to:

  • Our public website and forms
  • Communications with prospects and clients (e.g., email)
  • Service delivery workflows where we may access client systems (e.g., analytics, ad platforms, reporting tools)

This page does not replace any signed agreement or statement of work that may include additional security or confidentiality terms.

Data We Handle

We only request and use information that is reasonably necessary to provide our services, such as:

  • Contact information and business details
  • Website and marketing performance data
  • Access to third-party platforms used for service delivery (e.g., analytics and advertising accounts), when granted by the client

We do not intentionally collect sensitive personal information unless it is specifically required for a defined purpose and agreed in writing.

Core Safeguards We Use

1) Access Controls

We apply access controls intended to limit information to authorized users only:

  • Role-based or need-to-know access where feasible
  • Account access is reviewed and removed when no longer needed
  • Access is limited to the minimum required to perform services

2) Authentication Practices

Where supported by our tools and vendors, we use strong authentication practices, such as:

  • Strong passwords and password managers
  • Multi-factor authentication (MFA) when available
  • Avoiding shared logins when feasible (preferring individual user accounts)

3) Encryption

We rely on modern encryption standards commonly used by reputable providers:

  • Encryption in transit (e.g., HTTPS/TLS) for website and supported vendor tools
  • Encryption at rest where supported by our service providers

Because our systems include third-party tools, the exact encryption methods may vary by vendor.

4) Secure Service Delivery

When working with client systems (e.g., Google Business Profile, Google Analytics, Google Ads, Meta Ads, reporting tools), we aim to:

  • Request only the permissions needed to perform the agreed scope
  • Use official access methods (invites, roles, delegated access) when possible
  • Avoid storing credentials in plain text
  • Limit downloads/exports of data unless necessary for deliverables

5) Third-Party Vendors

We may use third-party vendors for hosting, analytics, communications, CRM, reporting, and call tracking. We take reasonable steps to work with reputable vendors and configure security settings appropriately.

However, third-party services are governed by their own security practices and policies, and we are not responsible for third-party outages, breaches, or platform decisions outside our control.

6) Data Minimization & Retention

We aim to:

  • Collect the minimum information needed to provide services
  • Retain information only as long as reasonably necessary for business operations, service delivery, legal compliance, and dispute resolution
  • Delete or de-identify information when it’s no longer needed, where feasible

7) Monitoring & Incident Response

We take reasonable steps to detect and respond to security issues, which may include:

  • Reviewing account access and unusual activity when reported or detected
  • Coordinating with vendors when incidents involve third-party tools
  • Notifying affected clients when we believe their information was impacted due to an incident within our reasonable control, consistent with applicable law and contractual obligations

8) Vulnerability Reporting (Responsible Disclosure)

If you believe you’ve found a security vulnerability related to BuildWise, please report it responsibly by emailing:

contact@buildwise.agency
Subject line: Security Report

Please include:

  • A description of the issue and where you found it
  • Steps to reproduce (if applicable)
  • Screenshots or logs (if helpful)
  • Your contact information for follow-up

Do not attempt to access data that isn’t yours, disrupt our services, or perform destructive testing. We appreciate good-faith reports and will review them as quickly as reasonably possible.

Client Security Responsibilities

Security is a shared responsibility. Clients are responsible for:

  • Maintaining security of their own accounts, devices, and internal users
  • Using MFA and strong passwords for third-party platforms
  • Managing user access and permissions within their accounts
  • Promptly informing us if they suspect unauthorized access to any accounts involved in service delivery

Updates to This Security Page

We may update this page from time to time. When we do, we will revise the “Last updated” date at the top.

Contact

For security questions or concerns, email: contact@buildwise.agency

BuildWise does not publish a public physical mailing address at this time.