Privacy Policy

1. Introduction

BidBrain (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered construction estimation service.

This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us:

• Account Information: Name, email address, company name, password
• Profile Information: Company details, trade preferences, labor rates, markup percentages
• Payment Information: Billing address, payment method details (processed securely by Stripe)
• Documents: Blueprints, specifications, project files you upload
• Communications: Messages sent through contact forms, support requests

2.2 Information Automatically Collected

When you use our Service, we automatically collect:

• Usage Data: Pages viewed, features used, time spent, actions taken
• Device Information: IP address, browser type, operating system, device identifiers
• Log Data: Access times, error logs, system activity
• Cookies and Similar Technologies: See Section 8 for details

2.3 Information from Third Parties

• Authentication Providers: If you sign in with Google, we receive your name and email
• Payment Processor: Transaction status and payment confirmations from Stripe
• Analytics Services: Aggregated usage statistics from Google Analytics

3. How We Use Your Information

We use the information we collect to:

• Provide the Service: Process documents, generate estimates, store your data
• Process Payments: Handle subscriptions, charge for services, issue refunds
• Communicate: Send receipts, notifications, support responses, service updates
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Train AI Models: Use anonymized data to improve estimation accuracy
• Security: Detect fraud, prevent abuse, ensure system security
• Legal Compliance: Comply with legal obligations, resolve disputes
• Marketing: Send promotional content (only with your consent)

4. How We Share Your Information

We do not sell your personal information. We share information only in these circumstances:

4.1 Service Providers

We share data with trusted third-party service providers:

• Google Cloud (Firebase): Database hosting and authentication
• Google AI (Gemini): Document analysis and AI processing
• Stripe: Payment processing
• Resend: Email delivery
• Sentry: Error tracking and monitoring
• Google Analytics: Usage analytics (anonymized)

These providers are contractually obligated to protect your data and use it only for specified purposes.

4.2 Legal Requirements

We may disclose information if required by law or in response to:

• Subpoenas, court orders, or legal processes
• Government or regulatory requests
• Protection of our rights, property, or safety
• Prevention of fraud or illegal activity

4.3 Business Transfers

If BidBrain is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this policy:

• Account Data: Retained while your account is active
• Bid Documents: Retained while your account is active, deleted 30 days after account deletion
• Payment Records: Retained for 7 years for tax and legal compliance
• Anonymized Data: May be retained indefinitely for analytics and AI training
• Backup Data: Deleted within 90 days after primary deletion

6. Your Rights

6.1 GDPR Rights (EU Users)

If you are in the European Economic Area, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (“right to be forgotten”)
• Restriction: Limit how we process your data
• Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for data processing
• Complain: Lodge a complaint with your data protection authority

6.2 CCPA Rights (California Users)

California residents have the right to:

• Know what personal information is collected, used, shared, or sold
• Request deletion of personal information
• Opt-out of the sale of personal information (we do not sell data)
• Non-discrimination for exercising privacy rights

6.3 How to Exercise Your Rights

To exercise any of these rights:

• Email us at privacy@bidbrainapp.com
• Use the “Export My Data” or “Delete Account” features in your account settings

We will respond to your request within 30 days.

7. Data Security

We implement appropriate technical and organizational measures to protect your information:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Strict authentication and authorization
• Firestore Security Rules: Database-level protection
• Rate Limiting: Protection against abuse and attacks
• Regular Security Audits: Ongoing security reviews
• Employee Training: Staff trained on data protection

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication and core functionality
• Analytics Cookies: Track usage and improve the Service (Google Analytics)
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Disabling certain cookies may limit functionality. For more details, see our Cookie Policy.

9. Third-Party Links

Our Service may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

10. Children’s Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

12. AI and Automated Decision Making

We use AI (Google Gemini) to analyze documents and generate estimates. This is not used for automated decision-making that significantly affects you. All AI outputs are provided as recommendations that you can review and modify.

13. Marketing Communications

We may send you marketing emails about new features, offers, or updates. You can opt out at any time by:

• Clicking “unsubscribe” in any marketing email
• Adjusting preferences in your account settings
• Contacting us at bidbrainapp@gmail.com

Note: You cannot opt out of transactional emails (receipts, security alerts, etc.).

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

• Email notification
• Prominent notice on our website
• In-app notification

Your continued use of the Service after changes constitutes acceptance of the updated policy. The “Last Updated” date at the top indicates when changes were made.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@bidbrainapp.com
Support: bidbrainapp@gmail.com

16. Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: dpo@bidbrainapp.com