Privacy Policy
Last updated: July 2, 2026 — DRAFT for owner review before launch.
Who we are, and the two kinds of data
BidRite provides business software to contracting shops. We handle two categories of personal data, and our role differs for each:
- Your account data (your shop name, your email, your subscription status): here BidRite is the data controller.
- Your shop's business records — the customers, addresses, phone numbers, job details, and jobsite photos you enter while running your business: here you are the controller and BidRite is a data processor. We store and sync this data on your instructions and use it for no other purpose.
What we collect
- Account: shop name, user email addresses, a salted password hash (never the password itself), subscription status.
- Shop records you create: customer names, billing and jobsite addresses, phone numbers, emails, job and quote details, price-book entries, appointments, and jobsite photos.
- Payments: we store no card numbers. Subscription cards are handled by Stripe; your customers' payments are handled by your own Square account.
- Technical: standard server logs (IP address, request time) kept briefly for security and troubleshooting. No advertising trackers, no analytics cookies on this site.
Subprocessors we use
We share data only with the service providers needed to run BidRite:
- Stripe — subscription billing for your BidRite plan.
- Square — payment links you create for your customers, under your own Square account.
- Cloud hosting provider — runs the BidRite servers and managed database — [owner: name provider, e.g. Railway/Render].
- File storage provider — stores jobsite photos — [owner: name provider, e.g. Cloudflare R2].
Each subprocessor handles data under its own security and privacy commitments. We do not sell personal data to anyone, ever.
Where data lives and how it's protected
Data on your phone is stored in encrypted local storage and can be protected by the app's biometric lock. In transit, everything moves over TLS. On our servers, each shop's data is isolated to its own account, and access requires that account's credentials.
How long we keep it
Your shop's data is kept for as long as your account is active. After account closure, we keep it available for export for 30 days, then delete it from active systems; residual copies in backups age out on the backup rotation schedule.
Your rights
You can request a copy, correction, or deletion of your data at any time by contacting us. If a person whose data you entered (for example, one of your customers) contacts us directly, we will refer the request to you as the controller of that record, and assist as needed.
Children
BidRite is business software and is not directed at children under 16.
Changes
We will announce material changes to this policy by email or in the Service at least 14 days before they take effect.
Contact
Privacy questions or requests: [owner: support email].