Last updated: June 1, 2026 · Effective: June 1, 2026
Bula Pro ("we," "us," "our," or the "Platform"), operating under the consumer brand Bula Live, runs a mobile marketplace for the construction industry available on iOS and Android (the "App") that connects Homeowners, Companies, Subcontractors, and Workers. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our App and related services (collectively, the "Services").
By creating an account or using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this Privacy Policy, do not access or use the Services.
This Privacy Policy is the canonical privacy disclosure referenced in our App Store and Google Play listings.
The App requests the following device permissions only when a feature that depends on them is used. Each permission may be denied at install time and revoked later in your device settings. Denying a permission disables only the specific feature listed below — the rest of the App continues to work.
| Permission | Why we request it | Background? |
|---|---|---|
| Camera | Take your profile photo, capture first-daily clock-in selfie, upload milestone-evidence photos, and upload verification documents. | Foreground only |
| Photo Library | Choose existing photos for your profile, milestone evidence, project galleries, and verification documents. | Foreground only |
| Location (Precise) | Verify that a Worker is inside the configured geofence at clock-in and post low-frequency heartbeat pings while the Worker is actively clocked in. Used by the Worker role only. | Foreground only |
| Notifications | Deliver pings, milestone updates, chat messages, profile views, profile PINs, withdrawal-status changes, and time-sensitive hourly-check-in prompts. | Standard push |
| Internet / Network State | Communicate with our backend (Supabase), Stripe, Firebase, and Google/Apple Maps tile servers. | As needed |
| Vibration | Heavy vibration on hourly-check-in and high-priority notifications so an on-site Worker can feel a prompt over loud equipment. | Standard |
The App does not request: microphone, contacts, calendar, SMS, call log, accessibility services, all-files-access ("Allow always" or "MANAGE_EXTERNAL_STORAGE"), Bluetooth, NFC, body sensors, "Allow always" background location, or any advertising-related identifiers.
The App embeds and communicates with the following third-party SDKs and services. Each entry lists what data is sent, what the provider does with it, and a link to that provider's privacy policy.
| Provider | Role in the App | Data shared with the provider | Provider's policy |
|---|---|---|---|
| Supabase (Supabase, Inc.) | Primary backend — PostgreSQL database, Auth, Realtime, Storage, Edge Functions. | All Platform data described in Section 2 (account, profile, role-specific, financial-ledger, communications, verification documents). | supabase.com/privacy |
| Stripe (Stripe, Inc.) | Card and bank processing for escrow deposits, milestone payouts, and withdrawals. | Payment-card details, bank-account details, billing name and address, transaction metadata. | stripe.com/privacy |
| Firebase Cloud Messaging (Google LLC) | Push-notification delivery (HTTP v1 → APNs on iOS). | FCM registration token, push payload at delivery time. | firebase.google.com/support/privacy |
| Google Maps (Google LLC) | Map tiles and place search inside the App; hosts the optional Worker live-location link. | Approximate map-view coordinates and search queries you type into map fields. | policies.google.com/privacy |
| Apple Maps (Apple Inc., iOS only) | Alternative host for the optional Worker live-location link on iOS devices. | Map-view coordinates as needed to render shared links. | apple.com/legal/privacy |
| Hugging Face Inference API (Hugging Face, Inc.) | On-demand machine translation of chat messages between English and Spanish, invoked via a Bula-operated Edge Function. The translation token is server-side; the App never holds it. | Plain text of the message being translated for the duration of the request. No account identifiers are forwarded. | huggingface.co/privacy |
| geolocator / permission_handler (Flutter plugins) | System-level access to the device's GPS and to runtime permission prompts. These plugins are libraries that wrap OS APIs — they do not transmit data off-device themselves. | None — data stays on device until the App posts it to Supabase. | n/a |
| image_picker / cached_network_image (Flutter plugins) | System-level access to camera and photo library; caching of profile and project images. Libraries; no off-device data transmission of their own. | None. | n/a |
We do not embed any advertising-network SDK, attribution SDK, behavioral-analytics SDK, social-login SDK, A/B-testing SDK, or social-tracking pixel in the App.
We do not sell your personal information to third parties, and we do not share it for cross-context behavioral advertising. We share your information only in the following circumstances:
See Section 5 for the itemized list of third-party SDKs and processors.
We may disclose your information if required by law or in good faith to comply with a legal obligation, protect our rights, prevent wrongdoing, protect personal safety, or protect against legal liability.
If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. Successor entities are bound by the commitments in this Privacy Policy or will provide you a notice of any material change with an opportunity to delete your account.
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with similar requirements, we rely on the following legal bases:
Your data is stored on Supabase infrastructure (PostgreSQL database). Verification documents are stored in a private Supabase Storage bucket with no public URLs — access is granted only to administrators via signed URLs that expire shortly after issuance. Payment data is stored and processed by Stripe.
No security system is impenetrable. While we use commercially reasonable measures, we cannot guarantee absolute security. You are responsible for keeping your account password confidential.
Bula Live is operated from the United States. Our infrastructure providers (Supabase, Google/Firebase, Stripe, Apple, Hugging Face) may process data in the United States, the European Union, or other jurisdictions where they operate. When personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to the United States or another country without an equivalent level of data protection, we rely on appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission and the UK International Data Transfer Agreement. By using the Services, you acknowledge that your personal data may be transferred to and processed in these jurisdictions.
You can delete your account at any time using either of the following paths:
Your account is queued for deletion immediately. Identifying personal data is removed within 30 days. Data we are required to retain by law (financial-transaction records, verification documents within the statutory retention window, audit logs) is moved to a restricted-access archive and is no longer associated with active profile lookups.
If you cannot access the App, email contact@bulaapp.us from the email address registered with your account with the subject line "Account Deletion Request." Include your registered email so we can verify your identity. We will process the request within 30 days and confirm completion by email.
| Category | Action on deletion |
|---|---|
| Profile (name, photo, bio, role-specific fields) | Deleted within 30 days |
| Chat messages you sent | Removed from active conversations; copies retained by other participants remain visible to them. |
| Ratings/reviews you wrote | Reviewer name replaced with "Deleted user." |
| Pings and bids | Anonymized or removed from feeds. |
| Active contracts | Cannot be deleted while a contract is in progress — you must complete or cancel it first. |
| Financial transaction ledger | Retained per financial regulations; identifiers replaced with internal IDs. |
| Verification documents | Retained per statutory recordkeeping; archived with restricted access. |
| FCM push token | Cleared immediately |
| Optional Maps location link | Deleted immediately |
Account deletion is irreversible. If you re-register later with the same email, a new account is created with no link to your previous data.
You can update your profile information at any time through the Edit Profile screen. You can change your password from the Security section.
You can enable or disable push notifications from your profile settings and at the device level. Hourly-check-in pushes (Section 21) cannot be globally muted on an active shift, but you can end your shift at any time to stop them.
Workers may choose whether to share an optional Google Maps / Apple Maps location link — it is entirely voluntary. You can update or remove your location link at any time. We do not track your location in the background outside of the Time Clock flow described in Section 20.
You have the right to request access to the personal data we hold about you, a portable copy, correction of inaccurate data, and deletion (subject to legal-retention exceptions). To exercise any of these rights, email contact@bulaapp.us with the subject line "Privacy Request" and include your registered email so we can verify your identity. We respond within 30 days (or such shorter period as required by law).
If you believe we have not handled your personal data appropriately, you have the right to complain to your local data-protection authority.
Residents of certain U.S. states have specific privacy rights under state law. The rights below apply where state law confers them; we apply substantially similar treatment to all U.S. users where practical.
Email contact@bulaapp.us with the subject "Privacy Request" and include your registered email. We verify identity through email-based confirmation; for higher-risk requests we may ask for additional verification consistent with the relevant state law.
You may designate an authorized agent to submit a request on your behalf. We require written authorization signed by you (or proof of power of attorney) and may verify your identity directly before fulfilling the request.
If you are in the European Economic Area, the United Kingdom, Switzerland, Brazil (LGPD), Canada (PIPEDA), or another jurisdiction with similar privacy laws, you have the following rights:
To exercise these rights, email contact@bulaapp.us.
The Services are not intended for use by persons under 18 years of age. We do not knowingly collect personal information from children under 18. The App is not directed to children, contains no child-directed content, and is rated 17+ on the App Store and "Mature" / for-ages-18+ as applicable on Google Play. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact contact@bulaapp.us.
The App may contain links to third-party websites or services, including but not limited to Google Maps and Apple Maps (for optional location sharing), Stripe (for payment processing), Firebase / Google (push notifications), and the App Store and Google Play Store. We are not responsible for the privacy practices of these third-party services. We encourage you to review their respective privacy policies (linked in Section 5).
We use AI to translate chat messages between English and Spanish on demand. Translation requests are proxied through a Bula-operated Edge Function so that translation-provider credentials remain server-side. The AI provider processes messages solely to return the translation and does not retain message content beyond the processing request. You can disable per-conversation translation from the chat screen.
We use a combination of client-side regular expressions and server-side moderation to detect attempts to share personal contact information (phone numbers, email addresses, social-media handles, off-platform meeting requests) in chat. This protects the integrity of the Platform's escrow and payment systems; ensures work agreements and payments are processed through the Platform for both parties' protection; and prevents fraud and unauthorized off-platform deals. Messages flagged by the detection system are blocked at send time, and the sender is notified. Flagged attempts are logged for administrative review. The detection is applied equally to all parties and does not produce decisions with legal or similarly significant effects.
Bula Live uses a "PIN to Connect" model that controls who can initiate direct messages with whom. Workers and Subcontractors do not automatically have a messageable inbox open to every Company that finds their profile. Instead:
PIN bodies are visible to the recipient. By sending a PIN you acknowledge that the message text will be delivered to and stored for the recipient.
When another user views your profile, we may record the visit and send you a notification of the form "X viewed your profile." To limit noise, the same viewer-viewee pair triggers at most one notification per 24-hour window — repeat views inside that window do not produce additional notifications.
Profile-view records contain only the viewer's user ID and the timestamp of the view. They do not contain page-scroll, dwell-time, or behavioral analytics. If you delete your account, view records referencing you are removed.
Bula Live does not request "Allow always" location permission. We do not perform background GPS tracking outside of an active Time Clock shift.
When a Worker clocks in to a shift on a contract that has a geofenced job site, the App captures a single foreground GPS position to verify the Worker is inside the geofence radius. A selfie is captured on the first daily clock-in (used only to verify identity at the start of the day).
While a Worker is actively clocked in, the App posts a low-frequency GPS heartbeat (approximately every 5 minutes) so the recruiter or contractor can verify continued presence at the job site. Heartbeats stop the moment the Worker clocks out, ends the shift, or revokes location permission. We do not collect heartbeat pings when the Worker is not on shift.
Workers may optionally paste a Google Maps or Apple Maps live-location link on their profile. This link is hosted by Google or Apple. We store only the URL string; we do not store the underlying coordinates.
Workers may end a shift at any time, which immediately stops heartbeat collection. The voluntary location link can be removed at any time from the profile screen.
We use Firebase Cloud Messaging (FCM HTTP v1 → APNs for iOS) to deliver push notifications. Notification categories include: pings received, milestone updates, chat messages, profile views, profile PINs, withdrawal-status changes, and hourly check-in prompts.
Workers on an active shift receive a server-driven check-in prompt approximately once per hour. The push uses a high-priority delivery channel with heavy vibration (and, on iOS, the time-sensitive interruption level — Bula Live does not use Apple's Critical Alerts entitlement). If a Worker does not re-confirm within a 5-minute grace window, the server clips the shift clock-out to the time of the missed check-in and the entry is recorded as "missed."
You can stop hourly check-in pushes at any time by ending your shift. Disabling system-level notifications for the App will also suppress them, but doing so will result in missed-check-in clips because the server cannot tell the difference between a silenced device and an unanswered prompt.
Bula Live does not "track" you across apps or websites owned by other companies, as that term is defined under Apple's App Tracking Transparency framework. We do not request the Apple IDFA (Identifier for Advertisers), the Google AAID (Advertising ID), or any equivalent identifier. We do not display advertising, embed advertising SDKs, or share data with advertising networks or attribution providers.
Because we do not track you for advertising purposes, the App does not show the App Tracking Transparency prompt on iOS, and our Google Play "Data safety" form declares no advertising data collection.
We do not embed third-party product-analytics SDKs (Google Analytics, Firebase Analytics, Mixpanel, Amplitude, Segment, etc.). Server-side request logs at our infrastructure providers (Supabase, Firebase Cloud Messaging) record standard operational metadata such as timestamps, endpoint paths, response status codes, and IP addresses for security and abuse prevention. These logs are retained only as long as necessary for operational and security purposes.
Uncaught application errors caught by the Flutter framework's standard error handler may be written to the device's console for debugging. We do not currently transmit crash reports to a third-party crash-reporting service. If we add a crash-reporting SDK in the future, we will update this Privacy Policy and Section 5 before the SDK is integrated.
For clarity, the App does not collect, request, or transmit any of the following:
The App sends transactional emails (email verification, password reset, withdrawal-status updates, and similar account-critical notices) using a transactional-email provider on our behalf. These emails are necessary to operate the Services and are not marketing.
We do not currently send marketing or promotional emails. If we begin doing so in the future, we will provide a clear opt-out (unsubscribe link) in every marketing email, and you can also email contact@bulaapp.us with the subject line "Unsubscribe" at any time.
The mobile App does not use HTTP cookies. The App uses standard mobile platform mechanisms — keychain (iOS), encrypted shared preferences (Android), and secure local databases — to persist your authentication session, language preference, and similar local settings. These mechanisms are essential to the operation of the App. There is no advertising or cross-site tracking technology in the App.
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated Privacy Policy within the App, updating the "Last Updated" date at the top of this document, and sending a push notification for significant changes (if notifications are enabled). For material changes that adversely affect your rights, we will provide at least 30 days' advance notice where required by law. Your continued use of the Services after any changes constitutes acceptance of the updated Privacy Policy.
If you have questions, concerns, or requests about this Privacy Policy or our data practices, contact us at:
Bula Pro (operator of Bula Live)
Email: contact@bulaapp.us
For data access, deletion, or portability requests, please email us with the subject line "Privacy Request" and include your registered email address so we can verify your identity.
For account deletion specifically, see Section 11 — you can also delete your account from within the App.
This Privacy Policy is governed by and interpreted in accordance with the laws of the United States. Any disputes arising from this Privacy Policy will be resolved in accordance with the dispute-resolution section of our Terms of Service.