BidReady AI

BidReady AI

Spec intelligence for precon teams

Privacy Policy

Privacy Policy

This policy describes how BidReady AI collects, uses, and protects your information.

Last updated: May 2026

Note: This is a template document. [LEGAL ENTITY NAME] has not yet completed a formal legal review. Please consult qualified legal counsel before relying on this policy.

1. Who we are

[LEGAL ENTITY NAME] ("Company", "we", "us", or "our") operates BidReady AI, a software-as-a-service platform that analyzes construction specification documents using artificial intelligence. Our registered address is in [JURISDICTION/STATE].

For privacy inquiries: privacy@bidreadyai.com

2. Information we collect

Account information

  • Email address and display name (collected via Google Sign-In or email/password).
  • Organization name and team membership (when set up on a Team plan).

Project and document data

  • Construction specification documents (PDFs) you upload for analysis.
  • Extracted text, compliance check results, bid-readiness scores, and AI-generated summaries from your documents.
  • Chat messages and queries you submit within a project.

Usage and technical data

  • Log data: IP address, browser type, pages visited, and error events (collected by Firebase / Google Cloud).
  • Feature usage events for product improvement (e.g., which tools you use).

Billing data

  • Payment details are processed directly by Stripe. We do not store raw card numbers. We store a Stripe customer ID and subscription status.

3. How we use your information

  • Providing the service: Processing your documents, running AI analysis, generating reports, and managing your account.
  • Billing: Managing subscriptions and processing payments via Stripe.
  • Communications: Sending transactional emails (invitations, receipts, security alerts) via Resend.
  • Security and fraud prevention: Monitoring for abuse, enforcing rate limits, and maintaining audit logs.
  • Product improvement: Analyzing aggregate, non-identifiable usage patterns to improve features.
  • Legal obligations: Complying with applicable law and responding to lawful requests.
We do not train AI models on your document content. Your specification files and extracted text are used solely to perform the analysis you request, and are not used to train or fine-tune any AI model.

4. Subprocessors

We use the following third-party subprocessors to operate the service:

Subprocessor Purpose Location
Google Cloud / Firebase Authentication, database (Firestore), file storage, serverless functions USA (primary)
Google Gemini API AI document analysis and natural-language processing USA (primary)
Stripe Payment processing and subscription management USA
Resend Transactional email delivery USA

5. Data retention

  • Active accounts: Project data, documents, and messages are retained as long as your account is active or until you delete them.
  • Account deletion: Upon account deletion, we delete your personal data within 30 days, subject to any legal retention obligations.
  • Billing records: Stripe transaction records are retained as required by financial regulations (typically 7 years).
  • Logs: Operational logs are retained for up to 90 days.

6. Security

  • All data is transmitted over TLS (HTTPS).
  • Documents and database records are encrypted at rest by Google Cloud infrastructure.
  • Access control is enforced per-project; every server-side function verifies ownership before processing.
  • Secrets and API keys are managed via Firebase/Functions environment configuration and are not exposed in client bundles.

We are working toward SOC 2 Type II certification. No formal certifications have been issued at this time.

7. Your rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data (right to erasure / "right to be forgotten").
  • Portability: Request an export of your data in a machine-readable format.
  • Objection / restriction: Object to or request restriction of processing in certain circumstances.
  • CCPA (California residents): Right to know, delete, and opt out of sale of personal information. We do not sell personal information.

To exercise any of these rights, email privacy@bidreadyai.com. We will respond within 30 days.

8. Cookies and local storage

We use browser local storage and session cookies for authentication state (Firebase Auth tokens) and user preferences. We do not use third-party advertising or tracking cookies.

9. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or an in-app notice at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision.

Questions about this policy? Email privacy@bidreadyai.com.