D
DORA AI Assessment

Privacy Policy

Last Updated: March 16, 2026

1. Introduction

BuildSomething.io ("Company," "we," "us," or "our") operates the DORA AI Readiness Assessment platform (the "Platform"). This Privacy Policy describes how we collect, use, disclose, retain, and protect your personal information when you access or use our Platform, website, and related services (collectively, the "Services").

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with our practices, please do not use our Services.

2. Data Controller

BuildSomething.io is the data controller responsible for your personal data. For questions or concerns about this Privacy Policy or our data practices, you may contact us at:

BuildSomething.io
Email: inquire@buildsomething.io

3. Information We Collect

We collect the following categories of information:

3.1 Information You Provide Directly

  • Account Information: Name, email address, company name, job title, and password (if applicable).
  • Assessment Responses: Survey answers, self-evaluations, and free-text responses you provide during DORA assessments.
  • Demographic Information: Department, seniority level, years in role, years in organization, location, team name, business unit, and supervisor information when voluntarily provided.
  • Contact Form Submissions: Name, email, company, phone number, subject, and message content submitted through our contact form.
  • Enterprise Campaign Data: Information provided by organizational administrators about their teams and participants.

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, assessment progress, timestamps, and interaction patterns.
  • Device and Technical Data: IP address, browser type, operating system, device identifiers, and referring URLs.
  • Cookies and Similar Technologies: Session identifiers, preference data, and analytics information (see Section 8).

4. How We Use Your Information

We use the information we collect for the following purposes:

  • Assessment Scoring and Analysis: To calculate dimension scores, determine team performance archetypes, and generate AI-powered insights and recommendations.
  • Aggregate Analytics: To produce aggregate, de-identified benchmarks and research insights about engineering team performance across industries.
  • Improvement Recommendations: To provide personalized, AI-generated recommendations based on your assessment results.
  • Service Operation: To provide, maintain, and improve the Platform, including user authentication, campaign management, and report generation.
  • Communication: To respond to your inquiries, send assessment results, and provide service-related notifications.
  • Security and Compliance: To detect, prevent, and address fraud, security incidents, and compliance with legal obligations.
  • Legal Obligations: To comply with applicable laws, regulations, and legal processes.

5. Data Retention

  • Assessment Data: Assessment responses, scores, and analysis results are retained for a period of two (2) years from the date of assessment completion, after which they are automatically purged or anonymized.
  • Account Data: Account information is retained for as long as your account remains active, or until you request deletion.
  • Contact Submissions: Contact form submissions are retained for twelve (12) months unless a longer retention period is required for ongoing business correspondence.
  • Audit Logs: Security and audit logs are retained for three (3) years to comply with regulatory requirements and ensure platform integrity.
  • Aggregate Data: De-identified, aggregate statistical data may be retained indefinitely as it cannot be used to identify any individual.

6. Data Sharing and Disclosure

We are committed to protecting your privacy. We share your information only as described below:

  • Aggregate Data Only: We may share aggregate, de-identified data for research, benchmarking, and industry analysis purposes. Individual assessment responses are never shared with third parties.
  • Enterprise Administrators: If you participate in an enterprise campaign, your organizational administrator may view aggregated team results. Individual responses are presented only in aggregate form unless explicitly consented to by the participant.
  • Service Providers: We may share information with trusted third-party service providers who assist us in operating the Platform (e.g., cloud hosting, AI analysis providers), subject to contractual obligations to protect your data.
  • Legal Requirements: We may disclose information when required by law, regulation, subpoena, court order, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy protections.
  • With Your Consent: We may share your information for any other purpose with your explicit consent.

We do not sell your personal information. We do not share individual assessment responses with third parties for their marketing or commercial purposes.

7. International Data Transfers

Your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. Where required by applicable law, we implement appropriate safeguards for cross-border transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission or other legally recognized transfer mechanisms.

8. Cookies and Tracking Technologies

We use the following categories of cookies:

  • Essential Cookies: Required for the Platform to function properly, including session management, authentication, and security. These cookies cannot be disabled.
  • Preference Cookies: Used to remember your settings and preferences, such as consent choices and display options.
  • Analytics Cookies: Used to understand how visitors interact with our Platform, including page views, feature usage, and assessment completion rates. These cookies are optional and can be declined via our cookie consent banner.

You can manage your cookie preferences at any time by clearing your browser cookies and revisiting the Platform, at which point the consent banner will reappear. Most web browsers allow you to control cookies through their settings.

9. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Correction: You may request correction of inaccurate or incomplete personal data.
  • Right to Deletion: You may request deletion of your personal data, subject to legal retention obligations.
  • Right to Data Portability: You may request an export of your personal data in a structured, machine-readable format.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Restrict Processing: You may request that we restrict the processing of your personal data under certain circumstances.
  • Right to Object: You may object to the processing of your personal data for direct marketing or where processing is based on our legitimate interests.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, please contact us at inquire@buildsomething.io. We will respond to verified requests within thirty (30) days, or as otherwise required by applicable law.

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data, including but not limited to:

  • Encryption at Rest: All personal data stored in our databases is encrypted at rest using industry-standard AES-256 encryption.
  • Encryption in Transit: All data transmitted between your browser and our servers is protected using TLS 1.2 or higher.
  • Access Controls: We implement role-based access controls (RBAC) to ensure that only authorized personnel can access personal data on a need-to-know basis.
  • Audit Logging: All access to and modifications of personal data are logged with tamper-evident audit trails.
  • Regular Security Assessments: We conduct regular security reviews, vulnerability assessments, and penetration testing.
  • Incident Response: We maintain a documented incident response plan and will notify affected individuals and relevant authorities of data breaches as required by applicable law.

11. Compliance with Privacy Regulations

11.1 General Data Protection Regulation (GDPR)

For individuals located in the European Economic Area (EEA), United Kingdom, or Switzerland: We process your personal data on the following legal bases: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, and (d) our legitimate interests, provided such interests are not overridden by your fundamental rights. You have the right to lodge a complaint with your local supervisory authority if you believe your data protection rights have been violated.

11.2 California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)

For California residents: You have the right to know what personal information we collect, the right to delete your personal information, the right to opt-out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell or share your personal information as defined under the CCPA/CPRA. To submit a verifiable consumer request, contact us at inquire@buildsomething.io.

11.3 SOC 2 Alignment

Our data handling practices are designed to align with SOC 2 Type II trust service criteria for security, availability, processing integrity, confidentiality, and privacy. We maintain appropriate controls and documentation to demonstrate compliance with these standards.

12. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will post the updated policy on this page with a revised "Last Updated" date. Your continued use of the Services after any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BuildSomething.io
Email: inquire@buildsomething.io
Web: Contact Form