Privacy Policy

Last updated: Feb 11th 2025

Purpose Of Our Policy

  1. Buildkite Pty Ltd ABN 70 601 137 508 (Buildkite, we, us or our) has prepared this Privacy Policy to set out the standards we have in place to protect the personal information that we hold about individuals.

  2. Buildkite is based in Australia and is subject to the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act). This policy applies to Buildkite and its related bodies corporate.

  3. To the extent that Buildkite processes personal data of individuals located in the EU or the UK and the processing is related to:

    1. the offering of goods or services to such individuals located in the EU or UK; or
    2. the monitoring of the behaviour of such individuals in the EU or UK,

    then those processing activities will also be subject to the EU or UK General Data Protection Regulation (GDPR).

  4. Buildkite will also comply with the data privacy laws of any other country which are applicable to it.

  5. By publishing this Privacy Policy, we aim to make it easy for our customers and the public to understand what personal information we collect and store, why we do so, how we receive, obtain, store and/or use that personal information, and the rights an individual has with respect to the personal information we hold about them.

Application of this Policy

  1. Our Privacy Policy deals with how we handle “personal information” and “personal data”, as those terms are defined in the Privacy Act and the GDPR respectively (Personal Information).
  2. Buildkite holds Personal Information in our own right, and also for and on behalf of our customers and users. For example:
    1. we hold Personal Information of our customers, suppliers and business contacts for our own purposes (as a “controller” for the purposes of the GDPR);
    2. we may hold any Personal Information contained in code which a customer uploads to Buildkite on behalf of that customer (as a “processor” for the purposes of the GDPR).
  3. Our Privacy Policy does not apply to information we hold about businesses or companies, however it does apply to information we hold about the individuals in those businesses or companies with whom we deal.
  4. Our Privacy Policy applies to all forms of Personal Information, physical and digital, whether collected or stored electronically or in hard copy.
  5. If you provide us with Personal Information about another individual, you warrant that you have that individual’s consent to provide that Personal Information to us for the purpose specified.
  6. We consider the protection of privacy of children very important. Our services are not directed to children under the age of 16, and we do not knowingly collect Personal Information directly from children under the age of 16. If an individual is under 16 years of age, then they should not use or access our services unless it is in an educational environment and approved by a guardian. If we learn that Personal Information has been inadvertently collected on the service from persons under 16 years of age and without verifiable parental or guardian consent, then we will take the appropriate steps to delete that Personal Information.

When do we collect Personal Information?

  1. We collect Personal Information in a range of situations. The most common situations in which we collect Personal Information are:
    1. individual customers - when an individual registers or subscribes to use Buildkite or another service we provide;
    2. customer representatives/users – when an organisation registers or subscribes to use Buildkite or another service we provide, we may collect Personal Information about their representatives or users;
    3. individual suppliers - when an individual supplies us with goods or services;
    4. supplier representatives - when an organisation supplies us with goods or services, we may collect Personal Information about their representatives;
    5. contact - when an individual contacts us in any way, they may provide us with Personal Information in the course of that communication, including resumes of Buildkite job applicants;
    6. physical access - when an individual accesses our premises, we may require them to provide us with their details;
    7. electronic access - when a user accesses our website, we may collect Personal Information using cookies (if relevant – an individual can adjust their browser’s setting to accept or reject cookies) or analytical services;
    8. from our services providers or other third parties who have provided your details to us in connection with using Buildkite’s services; and/or
    9. pixel tags - pixel tags enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
  2. We will endeavour to ensure that an individual is always aware of when we are collecting their Personal Information.
  3. We may also receive Personal Information if a Buildkite user uploads code that contains Personal Information. However, Buildkite’s products and services are not intended or designed to process Personal Information and we do not recommend that users do not upload code containing Personal Information to Buildkite.

What types of Personal Information do we collect?

  1. The types of Personal Information we collect from you will depend on the situation in which that Personal Information is collected. The types of Personal Information we may collect include:
    1. identifying information - we may collect personal details such as an individual’s name, location, date of birth, nationality, family details, job title, and other information that allows us to identify who the individual is. This may be collected directly from you or from third party databases containing information to enrich, cleanse or augment information;
    2. contact information - we may collect information such as an individual’s email address, telephone number, usernames, residential, business and postal addresses and other information that allows us to contact the individual;
    3. financial information - we may collect financial information related to an individual such as bank or credit card details used to transact with us and other information that allows us to transact with the individual and/or provide them with our services;
    4. preference and activity information - we may collect information about an individual’s online and offline preferences both directly and from third parties (such as our vendors, resellers and partners, Reddit and LinkedIn), habits, movements, trends, decisions, associations, community and forum activity, memberships, finances, purchases and other information for statistical and prospecting purposes; and
    5. information an individual sends us - we may collect any correspondence that an individual sends us (including call or video conference recordings), or that is sent to us by others about the individual, including in relation to customer support.
  2. We may also collect usage information which is not Personal Information, such as information regarding a user’s computer, network and browser and IP address. The Australian Privacy Principles and the GDPR do not apply to these kinds of information.
  3. If a Buildkite user uploads code that contains Personal Information, the types of Personal Information uploaded are solely within the user’s control.

How do we use and disclose Personal Information?

  1. The purposes for which we will use your Personal Information and the third parties to whom we disclose your Personal Information will depend on the situation in which that Personal Information is collected. We will inform you of the purposes for which we intend to use your Personal Information and the types of third parties to which we may disclose your Personal Information at or before the time we collect your Personal Information.

  2. As a general principle, we will only use and disclose Personal Information as necessary for:

    1. the primary purpose for which it was collected;
    2. purposes which are related to the primary purpose for which it was collected and within the reasonable expectations of the individual;
    3. any other purposes to which the individual has consented; and
    4. any other purposes which are permitted or required by law.

  3. The purposes for which we use Personal Information include to:

    1. provide Buildkite or other services to a customer;
    2. contact customer representatives or users about our services or a related issue;
    3. contacting representatives of a prospective customer about becoming a Buildkite customer;
    4. obtain services from a supplier;
    5. contact supplier representatives about their services or a related issue;
    6. verify an individual’s identity;
    7. send direct marketing communications to customers and prospects (subject to paragraph 5.5 below);
    8. carry out surveys and questionnaires;
    9. respond to questions, comments or complaints made by an individual;8. The individual shall have the right to object at any time to the processing of their Personal Information for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. If we receive such a request, we will stop the processing of Personal Information for direct marketing purposes immediately without charge or penalty.
    10. investigate any complaints about or made by an individual;
    11. investigate a suspected breach of any of our terms and conditions or unlawful use of our services; and
    12. monitor and improve Buildkite, our website and our other services, including the Buildklite Solution.

  4. We may disclose Personal Information for the above purposes to third parties including to:

    1. service providers and contractors that help us operate our business (including providers of IT and data storage services, data processing services, marketing and mailout services, and professional and administrative services);
    2. our related companies;
    3. law enforcement, where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity; and
    4. a purchaser, prospective purchaser or joint venture partner, in the course of a sale of part or all of our business.

  5. You may object to the use or disclosure of your Personal Information for direct marketing purposes at any time by contacting our Data Privacy Officer using the contact details below. If we receive such a request, we will stop processing your Personal Information for direct marketing purposes as soon as possible.

  6. When our processing of Personal Information is subject to the GDPR, we will only process Personal Information when we can identify a lawful basis to do so. It is always our responsibility to ensure that we can demonstrate which lawful basis applies to the particular processing purpose. The most common lawful bases relied upon are:

    1. consent - we will only rely upon express, clear and informed consent. Any consent provided may specify and/or restrict the purpose, and can be withdrawn at any time without penalty;
    2. legitimate interests - we will only rely upon an identifiable legitimate interest where we can demonstrate that the processing of Personal Information is necessary to achieve it by balancing it against the individual’s interests, rights and freedoms.

    We will keep a record of our lawful bases for processing Personal Information.

  7. Buildkite is a software developer which operates a software development and delivery platform and provides related services to its customers. As such, for the purposes of paragraph 5.6 above, Buildkite has “legitimate interests” in:

    1. providing the Buildkite platform and related services to its clients, ensuring those services are of high quality, and complying with all regulations which apply to the provision of those services; and
    2. developing and growing its business and its relationships and understanding the needs of its customers and prospective customers.

  8. We will take reasonable steps to ensure any Personal Information we use or disclose is accurate, up-to-date, complete and relevant, having regard to the purposes for which it is used.

  9. We will only retain Personal Information for as long as we have a legitimate purpose to do so. Buildkite needs to retain Personal Information for commercial and legal purposes. How long it will need to retain Personal Information for these purposes will depend on the specific Personal Information. Once Buildkite has no legal or commercial reasons to retain Personal Information, it will be securely deleted or destroyed.

  10. We do not process Personal Information for the purposes of automated decision-making or profiling.

  11. If a Buildkite user uploads code that contains Personal Information, we do not use or disclose that Personal Information for any purpose. We simply store that Personal Information on the Buildkite platform as instructed by the user. The user has sole control over how long that code is retained on the Buildkite platform and to whom the code is disclosed, and Buildkite simply processes the Personal Information in accordance with the user’s instructions.

Disclosure of Personal Information overseas

  1. Servers for Buildkite’s service are located in the United States of America. If you purchase a Buildkite Hosted Agents, servers may be located in the United States of America or Europe. As such, all Personal Information you provide to the Buildkite service held by Buildkite will be stored in the United States of America. Our personnel in Australia and other countries may access or download Personal Information stored on our servers.
  2. Some of the third parties to whom we disclose Personal Information under paragraph 5.4 above may also be located in other countries, including New Zealand, Canada, the United Kingdom, Singapore, the Philippines, and countries located in Europe. These countries may not necessarily have data protection laws as comprehensive or protective as those in your country of residence.
  3. We will not disclose any Personal Information to any entity outside of Australia unless:
    1. the entity is subject to a law, or binding scheme, that has the effect of protecting the Personal Information in a way that, overall, is at least substantially similar to the way in which the Australian Privacy Principles protect the Personal Information;
    2. the entity has agreed in writing with us to treat that Personal Information in accordance with the Australian Privacy Principles; or
    3. the disclosure is otherwise permitted under Australian Privacy Principle 8.
  4. If the GDPR applies to Personal Information, we will also comply with the requirements of the GDPR in relation to any transfer of that Personal Information outside the EU or the UK.

Storage and security of Personal Information

  1. We will take all reasonable precautions to protect the Personal Information we hold from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
  2. We are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose an individual’s Personal Information to in accordance with this policy or any applicable laws), unless otherwise required by the Privacy Act and the GDPR. The collection and use of an individual’s Personal Information by such third parties may be subject to separate privacy and security policies.
  3. If an individual suspects any misuse or loss of, or unauthorised access to, Personal Information held by us, they should let us know immediately.
  4. We are not liable for any loss, damage or claim arising out of another entity’s use of Personal Information where we were authorised to provide that entity with the Personal Information.
  5. Where there is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Information, then:
    1. we will promptly start work to assess the likelihood and severity of the resulting risk to the individuals; and
    2. if we determine there is a likely risk of serious harm to any individual, we will notify the relevant authority and affected individuals in accordance with the Privacy Act and/or GDPR, as applicable.

Accessing and correcting Personal Information

  1. Buildkite users can access and update their Personal Information from within Buildkite at any time.

  2. You have the right to request access to Personal Information Buildkite holds about you. You may request access to your Personal Information by sending a request to:

    The Data Protection Officer
    Buildkite Pty Ltd
    Level 17, 31 Queen St
    Melbourne VIC 3000
    privacy@buildkite.com

  3. Buildkite will require you to provide proof of identity before providing access. Buildkite will endeavour to respond to your request for access within 30 days. There are certain situations under the Privacy Act in which we may decline to provide access. In some cases, we may charge an administrative fee which reflects our costs of providing access.

  4. If you consider that the Personal Information we hold about you is incorrect, incomplete or out of date, you may request correction by sending a request to the Data Protection Officer at the address specified above. If we agree the Personal Information needs correction, we will take reasonable steps to correct it. If instead we do not agree the Personal Information needs correction, you may ask us to include a statement on the relevant record explaining why you consider it needs correction.

  5. If you are located in the EU or UK and the GDPR applies to our processing of your Personal Information, you also have additional rights under the GDPR to:

    1. request that we erase Personal Information we hold about you;
    2. request that we restrict the processing of Personal Information we hold about you;
    3. request that we provide a copy of the Personal Information we hold about you in a structured, commonly used and machine-readable format; and
    4. object to certain types of processing of Personal Information we hold about you.

    You may exercise these rights by sending a request to the Data Protection Officer at the address specified above.

  6. It is an individual’s responsibility to provide us with accurate and truthful Personal Information. We cannot be liable for any Personal Information that is provided to us that is incorrect.

Contacting us

  1. We have appointed a Data Protection Officer to oversee the management of this Privacy Policy and compliance with applicable privacy laws. This officer may have other duties within our business and also be assisted by internal and external professionals and advisors.

  2. If you have a comment, question or complaint about our handling of your Personal Information, please address your complaint in writing to:

    The Data Protection Officer
    Buildkite Pty Ltd
    Level 17, 31 Queen St
    Melbourne VIC 3000
    privacy@buildkite.com

  3. All complaints will be acknowledged within five business days of receipt. The contact details of the person dealing with the complaint will be advised to the individual making the complaint at this time. We will consider and respond to a complaint within 30 days.

  4. If you are not satisfied with our response to your complaint, you may submit your complaint to:

    Office of the Australian Information Commissioner
    GPO Box 5218
    Sydney NSW 2001
    1300 363 992
    enquiries@oaic.gov.au

  5. If you are located in the EU or UK and the GDPR applies to our processing of your Personal Information, you may also complain to your local supervisory authority.

Changes to this Policy

  1. If we decide to change this Privacy Policy, we will post the changes on our webpage at www.buildkite.com/about/privacy-policy. Please refer back to this Privacy Policy to review any amendments.

Platform

  1. Pipelines
  2. Pipeline templates
  3. Public pipelines
  4. Test Engine
  5. Package Registries
  6. Mobile Delivery Cloud
  7. Pricing

Hosting options

  1. Self-hosted agents
  2. Mac hosted agents
  3. Linux hosted agents

Resources

  1. Docs
  2. Blog
  3. Changelog
  4. Webinars
  5. Plugins
  6. Case studies
  7. Events

Company

  1. About
  2. Careers
  3. Press
  4. Brand assets
  5. Contact

Solutions

  1. Replace Jenkins
  2. Workflows for AI/ML
  3. Testing at scale
  4. Monorepo mojo

Support

  1. System status
  2. Forum
Privacy policy Terms of service