BB
BidBildr← Back to home

Privacy Policy

How we handle your data

Plain-English version: BidBildr exists to help contractors get paid. We collect the minimum data needed to do that, store it in well-known services, never sell it, and give you tools to delete it.

Last updated: May 20, 2026

Who this covers

This policy describes how BidBildr("we," "us") collects and uses information when:

  • You sign up for an account as a contractor.
  • You receive an estimate, invoice, or change order as a customer.
  • You browse this marketing website without signing in.

We are a US-based product. If you use BidBildr from outside the United States, your data is processed in the United States.

What we collect

From contractors (account holders)

  • Identity: name, email, phone number, business name, business address, optional logo.
  • Business defaults: trade type, default tax rate, deposit percentage, terms text.
  • Authentication: hashed password (via Supabase Auth) or single sign-on identifiers.

From customers (people you send estimates to)

  • Contact details the contractor enters: name, email, phone, service address.
  • Estimate / invoice / change-order data the contractor creates for that customer.
  • Electronic signatures when customers accept estimates or change orders (typed name + IP + user-agent + timestamp + document hash, per ESIGN/UETA).
  • Payment metadata for deposits paid via Square: amount, Square payment ID, status. Card details themselves never touch our servers — they go directly to Square.

Automatically

  • Activity eventswithin the app (estimate created, sent, viewed, accepted, payment recorded) for the contractor's own job timeline.
  • Photos contractors capture and attach to jobs (EXIF metadata is stripped on upload).
  • Logs generated by our hosting + database providers (IP address, user agent, timestamps) for security and debugging.

We do not use third-party analytics, advertising trackers, or cross-site identifiers. We do not collect precise location, contacts, or microphone data.

How we use it

  • To operate the service contractors signed up for.
  • To deliver estimates, invoices, and change orders to the customers contractors choose to send to (via email or SMS).
  • To process deposit payments through Square.
  • To send you transactional emails (receipts, account notifications).
  • To improve product quality and fix bugs.
  • To meet legal and tax obligations.

We do not sell personal information. We do not share information with advertisers. We do not train external AI models on customer data.

Service providers we share with

BidBildr is built on top of well-known infrastructure providers. Each only sees the data it needs to do its job.

  • Supabase — database, authentication, file storage (logos and job photos). US data centers.
  • Vercel — web hosting for this site and the API.
  • Resend — email delivery (sending estimate/invoice/change-order messages to the customers contractors choose).
  • Twilio — SMS delivery (same purpose).
  • Square — payment processing for deposits. Square is the merchant of record for card transactions; their privacy policy applies to card data.
  • Expo / Apple / Google — mobile app distribution and push notifications.
  • Anthropic— when contractors use the AI scope assist feature (Pro and Crew plans), the scope description is sent to Anthropic's API for completion. Anthropic does not retain data sent through the API.

Storage and security

  • All traffic between your device and our servers uses TLS (HTTPS).
  • Data is stored encrypted at rest by Supabase and Vercel using the underlying cloud provider's standard encryption.
  • Database access is gated by row-level security: a contractor can only read or write their own company's data.
  • Customer-facing share links use 43-character random tokens (256 bits of entropy).
  • We store audit hashes of signed documents so any modification after acceptance is detectable.

Retention

We retain account data while your BidBildr account is active. When you delete your account or a specific record (customer, job, estimate, invoice), the corresponding rows are removed within 30 days, except where we are legally required to retain them (e.g. financial records associated with completed payments).

Logs are retained for up to 90 days for security and debugging, then deleted.

Your rights

You can, at any time:

  • Access your data — exportable from within the app or by emailing us.
  • Correct your data — directly editable in the app.
  • Delete your data — delete records in-app, or email us to delete your entire account.

If you are a California, EU, or UK resident, you may have additional rights under local law (CCPA/CPRA, GDPR). Email us and we'll honor those requests in line with the applicable law.

Customers vs contractors

If you received an estimate or invoice from a contractor using BidBildr and want your data removed, contact the contractor first— they are the controller of that record. If they don't respond, email us and we'll facilitate.

Children

BidBildr is built for business use by trade contractors. We do not knowingly collect personal information from anyone under 13. If you believe a child has provided information to us, email us and we'll delete it.

Changes

We may update this policy when we add features or change providers. We'll update the "Last updated" date and, for material changes, notify existing account holders by email at least 14 days before the change takes effect.

Contact

Questions, requests, or privacy concerns: hello@bidbildr.com.