# Bid Nudge Privacy Policy
Effective date: July 1, 2026
Version: 2026-07-01
This Privacy Policy explains how the operator of Bid Nudge under the Bid Nudge trade name ("Bid Nudge," "we," "us," or "our") collects, uses, discloses, retains, and protects personal information when you use the Bid Nudge mobile application, websites, email services, and related services (collectively, the "Service").
This policy covers information about account holders and information they submit about customers, prospects, contacts, and other individuals. If a business uses Bid Nudge to process your information, that business is generally responsible for deciding why and how the information is used. Privacy requests about a business's records should first be directed to that business.
## 1. Information we collect
### Account and identity information
We collect account identifiers such as your email address, user ID, authentication provider, and authentication metadata. If you use Sign in with Apple, Apple may provide an identifier and an email address, which may be a private relay address. We do not receive your Apple password.
### Business profile information
We collect business name, account type, industry, primary email, phone number, business or mailing address, website, preferred follow-up timing and tone, logo, sender alias, BCC tracking alias, and related settings you provide.
### Customer, contact, quote, and project information
We process information you enter, import, or send to the Service, including customer names, email addresses, phone numbers, postal or project addresses, property descriptions, quote and project details, line items, prices, taxes, discounts, notes, dates, outcomes, and activity history.
### Contacts information
With your permission, the iOS app can access the Contacts app to help you select or match a customer. Contact access occurs only after the iOS permission prompt. The app uses contact details you choose for the quote and customer-management features. You can revoke access in iOS Settings. Revoking access does not automatically remove contact details you already chose and saved in Bid Nudge; you can edit or delete those records in the app or delete your account.
### Scheduling, Calendar, and map information
When you enable scheduling, we store job information you choose to save, including customer and project details, project address, start and end times, notes, approximate coordinates, estimated travel times, and an Apple Calendar event identifier used to update or remove the synced event. Organization members may see scheduled jobs when organization collaboration is enabled and they are authorized to access that organization.
With your permission, the iOS app reads Apple Calendar event times and locations on your device to identify conflicts and calculate route-aware suggestions. General Apple Calendar events are processed on the device and are not copied to Bid Nudge's servers. Jobs you explicitly save in Bid Nudge are stored in the Service and may be added to Apple Calendar at your direction. You can revoke Calendar access in iOS Settings and remove synced events from Apple Calendar.
Project addresses are submitted to Apple's MapKit services to resolve locations, estimate driving time and distance, rank scheduling options, and open directions. Route estimates may reflect expected traffic but are approximate and may change.
### Email and attachment information
When you use a Bid Nudge BCC tracking address or otherwise send an email to the Service, we may receive message routing and header information, sender and recipient addresses, subject, body, message identifiers, timestamps, and attachments such as PDF quotes. We may retain the original message and extracted information to provide tracking, troubleshooting, security, and quote features.
### AI input and output
We process content submitted to AI features, such as quote text, selected attachment content, customer details, and instructions, together with generated summaries, extracted fields, recommendations, and draft follow-up messages. Do not submit information that is not necessary for the requested feature.
### Subscription and payment information
Stripe or Apple processes payment details. We receive transaction and subscription metadata such as customer or subscription identifiers, plan, payment status, renewal state, and limited billing contact information. We do not intentionally store full payment-card numbers or card security codes.
### Device, usage, and diagnostic information
We may collect information reasonably needed to operate and secure the Service, such as app version, build number, device and operating-system type, network and request metadata, timestamps, feature interactions, crash or error details, security events, and service logs. We do not currently use third-party advertising trackers or sell personal information.
### Support and communications
We collect information you provide when you contact support, report a problem, participate in testing, or provide feedback, including message content and attachments.
## 2. Sources of information
We collect information directly from you; from your device when you grant permission; from emails and attachments sent to your tracking address; from other users or organizations that use the Service; automatically through your use of the Service; and from providers such as Apple, Supabase, Resend, OpenAI, and Stripe.
## 3. How we use information
We use personal information to:
- create, authenticate, and secure accounts;
- provide quote tracking, customer records, reminders, scheduling, Calendar sync, route-aware time suggestions, dashboards, reports, branded documents, BCC ingestion, and other requested features;
- receive, store, extract, classify, and display information from emails and attachments;
- generate AI-assisted summaries, fields, insights, and message drafts;
- send service, security, billing, and support communications;
- process subscriptions and maintain premium entitlements;
- respond to support and privacy requests;
- monitor reliability, prevent abuse, investigate incidents, debug errors, and protect users and the Service;
- improve and develop the Service using information that is aggregated, deidentified where practical, or otherwise processed consistently with this policy;
- enforce agreements and comply with legal obligations; and
- establish, exercise, or defend legal claims.
Our legal bases, where required, include performing our contract with you, your consent, compliance with law, and our legitimate interests in operating, securing, supporting, and improving the Service. You may withdraw consent where processing is based on consent, but that does not affect earlier processing and may make a requested feature unavailable.
## 4. How we disclose information
We disclose information only as described below. We do not sell personal information, and we do not share it for cross-context behavioral advertising.
### Service providers
We use providers to operate the Service. They may process information on our behalf under their terms and safeguards, including:
- Supabase for authentication, databases, server functions, and private file storage;
- Resend for sending and receiving email and retrieving inbound attachments;
- OpenAI for AI-assisted extraction, summaries, recommendations, and drafts;
- Stripe for subscriptions, billing portals, connected payment services, and payment status; and
- Apple for app distribution, Sign in with Apple, Contacts and Calendar permissions, MapKit location and route services, and purchases if offered through Apple.
We require providers to handle information consistently with their contractual obligations and applicable law. Their independent privacy notices may also apply when you interact directly with them.
### Your instructions and business relationships
We disclose information when you direct us to, such as when sharing a quote, opening a payment service, or sending content to a recipient. Other members of an organization may have access if organization collaboration features are enabled in the future and you join that organization.
### Legal, safety, and rights protection
We may disclose information when we reasonably believe it is necessary to comply with law or lawful process; protect rights, safety, and security; investigate fraud or abuse; enforce agreements; or respond to an emergency. We review requests and disclose only what we reasonably believe is required.
### Business transfers
Information may be disclosed in connection with financing, due diligence, merger, acquisition, reorganization, bankruptcy, or sale of some or all of the Service, subject to appropriate confidentiality protections and applicable law.
## 5. Use of Artificial Intelligence
Bid Nudge uses OpenAI's API to help extract quote information and generate follow-up message drafts. When you use these features, relevant quote details may be sent to OpenAI, including a customer's name, job or project description, quoted amount, dates, notes, and other information needed to produce the requested result. Do not include information that is unnecessary for the requested feature.
AI-generated messages are optional. You can opt out by not selecting an AI-generation feature and instead write follow-up messages manually. The business using Bid Nudge remains responsible for reviewing every generated message before sending or relying on it. AI systems can produce incomplete, inaccurate, or inappropriate output.
We use OpenAI's business/API services rather than consumer chatbot accounts. OpenAI's handling of information is described in [OpenAI's Privacy Policy](https://openai.com/policies/privacy-policy/), applicable business terms, and API data commitments.
We do not use Customer Data to train our own general-purpose AI model. A provider's handling of API data is governed by its applicable business terms, privacy commitments, retention controls, and legal obligations.
## 6. Data retention
We retain account and Service data while an account is active and as needed to provide the Service. When you delete your account, we delete or deidentify account-linked information from active Bid Nudge systems, including database records and user-owned files, except where retention is reasonably necessary for security, fraud prevention, dispute resolution, legal compliance, tax or accounting obligations, or enforcement.
Operational backups may retain residual copies for up to 90 days before normal deletion or overwrite. Security and server logs are generally retained for a limited period appropriate to troubleshooting and abuse prevention. Payment processors may retain transaction records under their own legal and compliance obligations. Email providers and recipients may retain communications independently. Deidentified information that can no longer reasonably identify a person may be retained.
## 7. Your choices and rights
Depending on where you live, you may have rights to request access, correction, deletion, portability, or restriction of personal information; object to certain processing; withdraw consent; or appeal a denied privacy request. You may also have the right not to receive discriminatory treatment for exercising privacy rights.
You can:
- update business and customer details in the app;
- export quote records from the app;
- revoke Contacts access in iOS Settings;
- manage notification permissions in iOS Settings;
- manage or cancel a subscription through the applicable billing channel;
- delete your account and associated active-system data from the app; or
- email support@bid-nudge.com for access, correction, deletion, appeal, or other privacy requests.
We may verify your identity before completing a request. Authorized agents may submit requests where permitted by law, but we may require proof of authority and identity. Some information may be exempt from a request or retained where legally permitted. If Bid Nudge processes information solely for a business customer, we may direct the request to that business.
## 8. Security
We use administrative, technical, and organizational safeguards designed to protect personal information, including encrypted network transport, iOS Keychain storage for session credentials, access controls, private storage buckets, database row-level security, server-side authorization checks, and restricted service credentials. Access is limited according to role and operational need.
No transmission or storage system is completely secure. You are responsible for securing your device, email account, credentials, exports, customer communications, and access to your business records. Contact support@bid-nudge.com if you believe your account or data has been compromised.
## 9. International processing
The Service and its providers may process information in the United States and other countries where privacy laws may differ from those where you live. Where required, we use legally recognized transfer mechanisms and provider commitments designed to protect transferred information.
## 10. Children
The Service is intended for business users who are at least 18. We do not knowingly collect personal information directly from children under 13, or a higher minimum age where required, to create Bid Nudge accounts. If you believe a child has provided account information, contact us. Businesses using the Service must not submit children's information unless they have a lawful reason and all required permissions.
## 11. Sensitive and regulated information
Do not submit Social Security numbers, full payment-card data, account passwords, protected health information, government identification, biometric identifiers, or other sensitive information unless a feature expressly requests it and we have agreed in writing to support that category. The standard Service is not intended for HIPAA-regulated protected health information, cardholder-data storage, classified information, or legally privileged material.
## 12. State and regional disclosures
Residents of certain U.S. states may have additional privacy rights. Bid Nudge does not sell personal information or share it for targeted or cross-context behavioral advertising as those terms are commonly defined. We will honor applicable rights as the Service reaches relevant legal thresholds.
Users in the European Economic Area, United Kingdom, and Switzerland may have rights under applicable data-protection law and may lodge a complaint with a local supervisory authority. Contact us first so we can try to address the concern.
## 13. Third-party links and services
The Service may link to or interoperate with third-party services. Their privacy practices are governed by their notices, not this policy, when they act independently. Review those notices before providing information directly to a third party.
## 14. Changes to this policy
We may update this policy to reflect changes in the Service, providers, or law. We will update the effective date and provide additional notice or request renewed acknowledgment when required. Material changes apply prospectively unless law permits otherwise.
## 15. Contact us
For privacy questions, requests, complaints, or appeals, contact:
Bid Nudge
Email: support@bid-nudge.com
Please include enough information for us to identify your account and understand the request. Do not send passwords, full card numbers, or sensitive identity documents by ordinary email unless we specifically request a secure method.