Privacy Policy

Last updated: February 2026

We respect your privacy and are committed to protecting your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

1. Who We Are

8root Labs provides AI-powered software for analyzing building information models (IFC) and construction documents to produce material quantity takeoffs and analytics.

Contact for privacy matters: privacy@8root.com

2. What Data We Process

We may process:

  • Account information — name, email address, organization
  • Uploaded project files — IFC models, PDF documents
  • Derived technical data — extracted elements, descriptions, embeddings
  • Usage and system logs — necessary for service operation and security

Construction documents typically do not contain personal data. If personal data is present (e.g., names in project documents), it is processed in accordance with this policy.

3. Purpose and Legal Basis

We process data to:

  • Provide and operate the service
  • Analyze and extract information from uploaded files
  • Improve accuracy, usability, and reliability
  • Communicate with users about service updates
  • Ensure security and prevent misuse

Processing is based on performance of the service requested by the user and our legitimate interest in operating, securing, and improving the platform.

4. AI Services

We use paid, enterprise-grade AI services to support document understanding and semantic search.

  • Customer data is not used to train AI models
  • AI processing is transient (not permanently stored by AI providers)
  • Results are stored in EU-based infrastructure
  • Data is not shared between customers

5. Data Storage and Security

  • Data is stored in EU-based cloud infrastructure
  • Encryption is applied at rest and in transit
  • Access is restricted and tenant-isolated
  • Industry-standard security practices are applied

6. International Data Transfers

Our primary data storage and processing takes place within the European Union. Where data is processed by service providers outside the EU, such transfers are safeguarded using appropriate legal mechanisms, including EU Standard Contractual Clauses (SCCs).

7. Data Retention

  • Data is retained only as long as necessary to provide the service
  • Customers may request deletion of their data at any time
  • Upon account termination, data is deleted within 30 days unless legally required to retain

8. Data Sharing

We do not sell personal data. We use trusted third-party service providers acting as data processors under contractual data protection obligations, including cloud infrastructure and AI processing services.

9. Cookies

Our website uses essential cookies necessary for authentication, security, and basic functionality. We do not use cookies for advertising or cross-site tracking.

10. Your Rights

Under the GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data
  • Restrict processing in certain circumstances
  • Object to processing based on legitimate interest
  • Data portability — receive your data in a structured format

To exercise your rights, contact us at privacy@8root.com. You also have the right to lodge a complaint with your local data protection supervisory authority.

11. Changes

We may update this policy as our service evolves. Material changes will be communicated to users. The latest version will always be available on our website.