Privacy Policy
Effective date: May 6, 2026 · Last updated: May 6, 2026
BidBud, Inc. (“BidBud,” “we,” “our,” or “us”) respects your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website at bidbud.ai (the “Site”) and our software-as-a-service platform (collectively, the “Service”). By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, do not use the Service.
1. Who This Policy Applies To
This policy applies to two distinct categories of people:
Business Users — companies and individuals who create a BidBud account to build intake forms, generate proposals, and collect payments. Business Users are “data controllers” for the personal data of their customers.
End Customers — individuals who submit information through a Business User’s intake form, view proposals or invoices, or make payments via the platform. End Customers have no direct contractual relationship with BidBud; their data is processed on behalf of the relevant Business User.
BidBud acts as a data processor with respect to End Customer data and a data controller with respect to Business User account data.
2. Information We Collect
2.1 Information You Provide (Business Users)
- Account registration: full name, email address, password (stored hashed), business name, business email, and industry.
- Business profile: logo, branding colors, and business address.
- Payment and billing information: collected and tokenized by Stripe, Inc. on our behalf. BidBud does not store raw card numbers.
- Communications: support requests, feedback, or correspondence you send us.
2.2 Information Collected from End Customers (on behalf of Business Users)
Business Users configure intake forms that collect data from their customers. The data collected depends on what the Business User includes in the form and may include:
- Name, email address, and phone number.
- Physical address or service location.
- Free-text answers to custom questions.
- File uploads (photos, PDFs, documents).
- Job or project details.
BidBud stores this data in Supabase-hosted databases in order to facilitate proposal generation and the Business User’s workflow. End Customers do not have an account with BidBud.
2.3 Automatically Collected Information
- Log data: IP address, browser type, referring URL, pages visited, and timestamps.
- Device information: operating system, browser version, and screen resolution.
- Cookies and similar technologies (see Section 8).
3. How We Use Information
3.1 Business User Data
We use Business User data to: create and manage your account; provide, operate, and improve the Service; process payments and subscriptions via Stripe; send transactional emails (proposals, invoices, notifications) via Resend; respond to support inquiries; comply with legal obligations; and enforce our Terms of Service.
3.2 End Customer Data
We process End Customer data solely on behalf of the Business User to: receive and store form submissions; pass submission and business context to Anthropic’s Claude AI API to generate proposal content; deliver proposals, invoices, and payment links via email; and process payments when an End Customer pays via Stripe Connect. We do not use End Customer data for our own marketing and do not sell it.
3.3 Artificial Intelligence Processing
Important disclosure: When a Business User generates an AI proposal, BidBud transmits the following data to Anthropic, PBC via their Claude API: (1) the End Customer’s submitted form answers (name, contact info, job details, uploaded file contents), and (2) the Business User’s price book data and business profile details.
Anthropic’s use of this data is governed by Anthropic’s own Privacy Policy and Terms of Service. BidBud does not use data sent to Anthropic to train AI models; Anthropic’s API terms prohibit using API inputs and outputs to train their models without consent.
Business Users, by using AI proposal generation, consent to this data transmission and, as data controllers, represent that they have a lawful basis to transmit their customers’ data to third-party processors for this purpose.
4. How We Share Information
We do not sell personal information. We share information with third parties only as described below.
4.1 Service Providers (Sub-processors)
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Anthropic, PBC | AI proposal generation | Form submissions, business data |
| Stripe, Inc. | Payment processing, Connect | Billing info, payment amounts |
| Supabase, Inc. | Database and authentication | All platform data |
| Resend, Inc. | Transactional email delivery | Recipient email, proposal/invoice content |
| Vercel, Inc. | Application hosting and CDN | All web traffic |
| Intuit, Inc. | QuickBooks accounting sync | Invoice and payment data |
4.2 Public Shareable Links
Proposals and invoices are accessible to anyone with the unique shareable link — no login is required. Business Users are responsible for managing these links. BidBud does not index these links or make them searchable.
4.3 Legal and Safety
We may disclose information if required by law, court order, or governmental authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of BidBud, our users, or the public.
4.4 Business Transfers
If BidBud is acquired, merges, or transfers substantially all of its assets, personal data may be transferred to the successor entity, subject to the same privacy commitments.
5. Data Retention
- Business User account data: retained for the life of the account and deleted within 90 days of account deletion, unless legally required to retain it longer.
- End Customer data: retained as long as the associated Business User account is active. Upon account deletion, associated End Customer data is deleted within 90 days.
- Billing records: retained for seven (7) years as required by financial regulations.
- Server logs: retained for up to 90 days.
6. Data Security
We implement industry-standard security measures including: encryption in transit (TLS 1.2+) for all data; encryption at rest for database storage via Supabase; hashed password storage (Business User credentials are never stored in plaintext); row-level security policies on our database; and API key rotation and access controls for third-party integrations. No method of transmission or storage is 100% secure. We cannot guarantee absolute security.
7. Your Rights
Depending on your location, you may have the following rights with respect to your personal data:
All users
- Access: request a copy of the personal data we hold about you.
- Correction: request correction of inaccurate data.
- Deletion: request deletion of your data (subject to legal retention requirements).
- Portability: request your data in a machine-readable format.
California residents (CCPA/CPRA)
You have the right to know what personal information we collect, to delete it, to opt out of sale (we do not sell data), and to non-discrimination for exercising these rights. You may designate an authorized agent to make requests on your behalf.
EEA/UK residents (GDPR/UK GDPR)
You additionally have the right to object to processing, restrict processing, and lodge a complaint with your supervisory authority. Our lawful bases for processing include: contract performance (Business User accounts), legitimate interests (security and fraud prevention), and consent (AI processing disclosure).
To exercise any right: email hello@bidbud.ai with the subject line “Privacy Request.” We will respond within 30 days. We may require identity verification before processing your request.
Note for End Customers: If you submitted data through a Business User’s form, that Business User is the data controller for your data. While we will assist where we can, you may need to direct certain requests to the Business User directly.
8. Cookies
We use the following cookies:
- Authentication cookies: session tokens required to keep you logged in. Strictly necessary; cannot be disabled.
- Preference cookies: store UI preferences. May be disabled but will affect functionality.
We do not use third-party advertising cookies or tracking pixels. We do not participate in behavioral advertising networks.
9. Children’s Privacy
The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected information from a child under 13, we will delete it promptly. Contact hello@bidbud.ai if you have concerns.
10. International Data Transfers
BidBud is operated from the United States. If you are located outside the U.S., your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer. Where required by applicable law, we rely on Standard Contractual Clauses or other appropriate transfer mechanisms.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify Business Users of material changes via email or an in-app banner at least 14 days before changes take effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
12. Contact
BidBud, Inc.
Email: hello@bidbud.ai
Website: bidbud.ai