Privacy Policy

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and optional profile details such as your company name, role, and hourly rate.

Proposal Content: We process client briefs and portfolio materials you submit to generate proposals. This content is stored securely and used solely to provide the Service.

Usage Data: We collect analytics data including page views, feature usage, and proposal view statistics to improve the Service.

Payment Information: Payment processing is handled by Paddle. We do not store credit card numbers or bank account details. Paddle's privacy policy governs the handling of payment data.

2. How We Use Your Information

We use your information to: provide and improve the Service; generate AI-powered proposals based on your inputs; send transactional notifications (proposal views, account updates); process payments through Paddle; and respond to support requests.

3. AI Processing

Your client briefs and profile information are sent to third-party AI providers (via Vercel AI Gateway) to generate proposal content. This data is processed in real-time and is not retained by AI providers for model training. We select AI providers that comply with enterprise data processing standards.

4. Data Sharing

We do not sell your personal information. We share data only with: service providers necessary to operate the Service (hosting, AI processing, payment processing, email delivery); and as required by law or to protect our rights.

5. Data Storage and Security

Your data is stored on secure servers provided by Supabase (hosted on AWS). We use encryption in transit (TLS) and at rest. Access to production data is restricted to essential personnel. We implement row-level security policies to ensure users can only access their own data.

6. Published Proposals

When you publish a proposal, it becomes accessible via a unique shareable link. Anyone with the link can view the proposal content. You can unpublish a proposal at any time to revoke public access. View analytics (IP-based visitor counts and time spent) are collected for published proposals.

7. Your Rights

You have the right to: access and export your data; correct inaccurate information; delete your account and associated data; opt out of non-essential communications. To exercise these rights, contact us at privacy@bidsmith.app or use the account settings page.

8. Cookies

We use essential cookies for authentication and session management. We use analytics cookies (Vercel Analytics) to understand Service usage. No advertising or tracking cookies are used.

9. Data Retention

We retain your data for as long as your account is active. Upon account deletion, we remove your personal data within 30 days. Anonymized analytics data may be retained indefinitely.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email. Continued use of the Service after changes constitutes acceptance.

11. Contact

For privacy-related questions, contact us at privacy@bidsmith.app.