Bidi Contracting

BIDI

BETA
Bidi Contracting

BIDI

BETA

Privacy Policy

Last updated: January 20, 2026

1. Introduction

BIDI Construction, Inc. ("BIDI", "Company", "we", "us", or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our AI-powered construction estimating and bid management platform, website, mobile applications, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, company name, job title, and password when you create an account
  • Profile Information: Business address, license numbers, specialties, service areas, and other professional details
  • Project Data: Construction plans, blueprints, specifications, project details, estimates, bids, proposals, and related documents you upload
  • Subcontractor Information: Contact details, trade specialties, certifications, insurance information, and performance data
  • Payment Information: Billing name, billing address, and payment card details (note: payment card information is processed directly by our payment processor, Stripe, and is not stored on our servers)
  • Communications: Messages, emails, notes, and other communications sent through our platform
  • Support Requests: Information you provide when contacting customer support
  • Survey Responses: Information you provide in response to surveys or feedback requests

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, actions taken, time spent on pages, search queries, and interaction patterns
  • Device Information: IP address, browser type and version, operating system, device type, device identifiers, screen resolution, and language settings
  • Log Data: Access times, error logs, referring/exit pages, clickstream data, and system activity
  • Location Information: Approximate geographic location based on IP address
  • Performance Data: Page load times, errors, and other performance metrics

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Social Login Providers: If you sign in using Google or other social login providers, we receive your name, email address, and profile picture
  • Business Partners: Information from partners who help us provide services
  • Public Sources: Publicly available business information such as company registrations and professional licenses

2.4 Google User Data

If you choose to sign in using Google OAuth, we access the following information from your Google account:

  • Basic Profile Information: Your name and email address
  • Profile Picture: Your Google profile picture (if available)

Important: We do NOT access, read, or store any data from your Gmail account. We do NOT use the Gmail API or access any Gmail messages, attachments, drafts, labels, or other Gmail data. All email functionality in our application is handled through Resend, a third-party email service provider. The Google user data we access is used solely for authentication and account creation purposes.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving the Service

  • Create and manage your account
  • Process and analyze construction plans using AI technology
  • Generate estimates, takeoffs, and cost calculations
  • Facilitate communications between users (general contractors, subcontractors)
  • Process transactions and send related billing information
  • Provide customer support and respond to inquiries
  • Improve, personalize, and expand the Service
  • Develop new products, services, features, and functionality

3.2 AI Processing and Machine Learning

  • Process your construction plans through AI systems to generate estimates and analysis
  • Use aggregated and anonymized data to train and improve our AI models
  • Send your data to third-party AI providers (such as OpenAI, Anthropic, Google) for processing
  • Generate insights and recommendations based on your data

3.3 Communications

  • Send technical notices, updates, security alerts, and administrative messages
  • Send transactional communications (bid notifications, project updates, etc.)
  • Send marketing communications (with your consent, where required)
  • Respond to your comments, questions, and requests

3.4 Analytics and Research

  • Monitor and analyze usage patterns, trends, and activities
  • Measure the effectiveness of our Service and marketing campaigns
  • Conduct research and analysis to improve our products

3.5 Security and Compliance

  • Detect, prevent, and address technical issues, fraud, and security threats
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations and respond to legal requests
  • Protect the rights, property, and safety of BIDI, our users, and others

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service and fulfill our contractual obligations to you
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and marketing (where your interests and rights do not override)
  • Consent: Processing based on your explicit consent (e.g., for certain marketing communications or optional features)
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud Infrastructure: Vercel (hosting), Supabase (database and authentication)
  • Payment Processing: Stripe (payment processing and billing)
  • AI Providers: OpenAI, Anthropic, Google (AI processing and analysis)
  • Email Services: Resend (transactional and marketing emails)
  • SMS Services: Telnyx (text message notifications)
  • Analytics: PostHog, Vercel Analytics (usage analytics and performance monitoring)
  • Customer Support: Tools to manage customer inquiries

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Other Users

When you use the Service, certain information may be shared with other users:

  • Project information you share with subcontractors or general contractors
  • Your business profile information visible to other users on the platform
  • Bids, proposals, and communications you send to other users

5.3 Business Transfers

If BIDI is involved in a merger, acquisition, reorganization, bankruptcy, asset sale, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

  • Subpoenas, court orders, or other legal process
  • Requests from law enforcement or government agencies
  • To protect the rights, property, or safety of BIDI, our users, or others
  • To enforce our Terms of Service and other agreements

5.5 With Your Consent

We may share your information with your consent or at your direction.

5.6 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose, including research, analytics, and improving our AI models.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

We use cookies and similar tracking technologies to collect and store information:

  • Essential Cookies: Required for the Service to function properly (authentication, security, preferences)
  • Performance Cookies: Help us understand how visitors interact with the Service by collecting anonymous information
  • Functionality Cookies: Remember your preferences and personalize your experience
  • Analytics Cookies: Allow us to measure and analyze how you use the Service

6.2 Third-Party Cookies

Some cookies are placed by third-party services on our pages, including analytics providers and other service providers.

6.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable cookies, some features of the Service may not function properly.

6.4 Do Not Track

Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that they not track the user. We do not currently respond to DNT signals because there is no industry-wide standard for compliance.

7. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access controls and authentication mechanisms
  • Infrastructure Security: Secure cloud infrastructure with regular security assessments
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Employee Training: Regular security awareness training for our team
  • Vendor Security: Security assessments of third-party service providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Investigate the incident and take steps to contain and remediate the breach
  • Notify affected users without undue delay (and within 72 hours where required by law)
  • Notify relevant supervisory authorities as required by applicable law
  • Provide information about the nature of the breach, the data affected, and steps we are taking
  • Provide guidance on steps you can take to protect yourself

9. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (e.g., tax, accounting, legal hold requirements)
  • Resolve disputes and enforce our agreements
  • For legitimate business purposes (e.g., analytics, fraud prevention)

Specific Retention Periods:

  • Account Data: Retained while your account is active and for up to 3 years after account deletion
  • Project Data: Retained while your account is active and for up to 7 years for tax and legal compliance
  • Transaction Records: Retained for 7 years for tax and accounting purposes
  • Support Communications: Retained for 3 years after resolution
  • Log Data: Retained for up to 1 year
  • Aggregated/Anonymized Data: May be retained indefinitely

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

10. Your Rights and Choices

10.1 General Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request transfer of your data in a structured, commonly used format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

10.2 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Note that you may still receive transactional communications related to your account and the Service.

10.3 Account Deletion

You may delete your account at any time by contacting us. Upon account deletion, we will delete or anonymize your personal information, except as required for legal compliance or legitimate business purposes.

10.4 How to Exercise Your Rights

To exercise any of these rights, please contact us at weston@bidicontracting.com. We will respond to your request within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before processing your request.

11. International Data Transfers

BIDI is based in the United States, and your information is processed and stored in the United States and potentially other countries where our service providers operate.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your information may be transferred to countries that may not have the same data protection laws as your country. When we transfer personal data outside the EEA, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries deemed to have adequate data protection by the European Commission
  • Other legal mechanisms as permitted by applicable law

By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it
  • Right to Delete: Request deletion of personal information we have collected (subject to exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Right to Limit Use of Sensitive Personal Information: You have the right to limit the use and disclosure of sensitive personal information

Categories of Personal Information Collected: We collect identifiers, commercial information, internet activity, professional information, and geolocation data as described in Section 2.

To exercise your California privacy rights, please contact us at weston@bidicontracting.com. You may also designate an authorized agent to make a request on your behalf.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Article 15): Obtain confirmation and access to your personal data
  • Right to Rectification (Article 16): Correct inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Article 18): Restrict processing of your personal data
  • Right to Data Portability (Article 20): Receive your data in a structured format and transfer to another controller
  • Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
  • Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing

Data Controller: BIDI Construction, Inc. is the data controller for personal data collected through the Service.

Supervisory Authority: If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.

14. Children's Privacy

The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Service or provide any information to us.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us immediately at weston@bidicontracting.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Privacy Policy on our website
  • Update the "Last updated" date at the top of this page
  • Send an email notification to registered users (for material changes)
  • Obtain consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

BIDI Construction, Inc.
Email: weston@bidicontracting.com
Phone: 385-216-9587
Address: Salt Lake City, Utah, United States

For privacy-related inquiries, you may also contact our Data Protection Contact at the email address above with the subject line "Privacy Inquiry."