◆ LEGAL

Privacy Policy

Last updated: April 2026

BIDGRIT respects your privacy. This policy describes what we collect, how we use it, and your rights — including your rights as a California resident under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

1. Information We Collect

Account data

  • Email, hashed password (or Google OAuth identifier)
  • Company name, CSLB license number, contact details you enter

Proposal data

  • Client names, project scope, pricing you submit to generate contracts
  • AI-generated proposal text and form inputs (stored in Supabase)

Signature data

  • Drawn signature image or typed name
  • IP address, user agent, signing timestamp (required for UETA audit trail)

Usage data

  • Pages viewed, features used, email opens (tracked pixel), proposal views
  • Browser, device, approximate location from IP

Billing data

  • Stripe customer ID, plan, billing cycle. We never see or store full card numbers.

2. How We Use It

  • Provide, secure, and improve the Service
  • Generate contracts (data sent to OpenAI under their API data policy; not used for training)
  • Process subscriptions via Stripe
  • Send transactional email (signed-contract confirmations, billing receipts) via Resend
  • Detect abuse and enforce our Terms

3. Sharing

We do not sell personal information. We share data only with processors we need to run the Service:

  • Supabase — database & auth
  • OpenAI — AI generation (inputs transmitted per request; not used to train models)
  • Stripe — payment processing
  • Resend — transactional email
  • Vercel — hosting

We may disclose information when required by law (subpoena, court order).

4. Retention

  • Account & proposal data: retained for the life of your account plus 3 years (statute of limitations).
  • Signatures: retained indefinitely as part of the legal audit trail.
  • Billing records: retained 7 years for tax compliance.

5. Your California Rights (CCPA / CPRA)

As a California resident you have the right to:

  • Know what personal information we collect and how we use it
  • Delete personal information we hold (subject to legal retention exceptions)
  • Correct inaccurate personal information
  • Opt out of sale/sharing — BIDGRIT does not sell or share personal information for cross-context behavioral advertising
  • Limit use of sensitive personal information
  • Non-discrimination — we will not charge you more or provide a lesser service for exercising any right

To exercise any right, email privacy@bidgrit.ai. We respond within 45 days as required by law.

6. Cookies

We use essential cookies for authentication and billing. Analytics cookies are optional and you can decline them via the cookie banner. Your preference is stored in the bidgrit_consent cookie.

7. Security

We encrypt data in transit (TLS) and at rest (Supabase). Access is protected by Row-Level Security policies. Passwords are hashed by Supabase Auth. We enforce least-privilege on all internal tools.

8. Children

BIDGRIT is not intended for anyone under 18. We do not knowingly collect children’s data.

9. Changes

We will notify active subscribers by email before material changes take effect.

10. Contact

Privacy questions: privacy@bidgrit.ai