Privacy
Legal entity. Gable Digital Solutions, Inc., a Delaware corporation, is the legal entity that operates the Backbuild platform and is responsible for the privacy program described on this page. Gable Digital Solutions, Inc. acts as the data controller for its own business records (customer account, billing, support, audit logs) and as the data processor for personal data that customers process through the platform on behalf of their own end users. Backbuild is a product and division of Gable Digital Solutions, Inc.
Gable Digital Solutions, Inc. is committed to protecting the personal data of Backbuild customers and their end users. Privacy controls are built into the platform by design and are evaluated against the major data protection frameworks that apply to our customer base.
Frameworks addressed
- EU General Data Protection Regulation (GDPR): Gable Digital Solutions, Inc. acts as a data processor for customer-uploaded data and as a data controller for its own business records, and provides a Data Processing Agreement that includes the EU Standard Contractual Clauses for international transfers.
- UK GDPR and Data Protection Act 2018: the DPA includes the UK International Data Transfer Addendum (UK IDTA) for customers subject to UK data protection law.
- California Consumer Privacy Act (CCPA / CPRA): Gable Digital Solutions, Inc. supports the consumer rights granted by California law and treats personal information consistent with a "service provider" relationship for customer-uploaded data and a "business" relationship for its own business records.
- Swiss Federal Act on Data Protection (FADP): the DPA covers transfers of personal data relating to Swiss data subjects.
- HIPAA: HIPAA-aligned controls are implemented across the platform. Gable Digital Solutions, Inc. acts as a business associate under a BAA available to customers processing Protected Health Information. See the BAA page.
Key privacy principles
- Data minimization: only the personal data needed to deliver the service is collected and processed.
- Purpose limitation: personal data is used only for the purposes disclosed at collection and consistent with the customer's instructions.
- Transparency: customers and their end users are informed about what data is collected, why, and how it is handled, through the privacy policy and this trust center.
- User control: data subjects have the ability to access, correct, export, and delete their personal data through documented processes.
- Security: technical and organizational measures are applied to protect personal data, as documented under Security.
- Accountability: privacy decisions are documented, roles are defined, and the program is reviewed on a recurring basis.
Explore the privacy program
- Data processing roles and lawful bases
- Data residency and international transfers
- Retention and deletion
- Data subject rights
- Sub-processors
- Data Processing Agreement
- HIPAA Business Associate Agreement
Contact
Privacy and data protection: privacy@backbuild.ai