Privacy Policy

Last updated: February 15, 2026

Biddesk ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, web application, and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Create an account: Name, email address, phone number, company name, and password.
  • Set up your business profile: Business name, address, industry, team size, and logo.
  • Use the Service: Customer records, quotes, invoices, job details, notes, photos, and other business data you enter.
  • Make payments: Billing address and payment method details (processed securely by our payment processor, Stripe).
  • Contact us: Any information you include in support requests, emails, or feedback.

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

  • Device information: Browser type, operating system, device type, and screen resolution.
  • Usage data: Pages visited, features used, time spent, and click patterns.
  • Log data: IP address, access times, referring URLs, and error logs.
  • Cookies and similar technologies: Session cookies for authentication and preferences. See Section 6 for details.

1.3 Information from Third Parties

We may receive information from third-party services you connect to Biddesk, such as email providers, payment processors, or communication platforms (e.g., Telnyx for SMS).

2. How We Use Your Information

We use the information we collect to:

  • Provide and maintain the Service: Operate your account, process data, and deliver features.
  • Process transactions: Handle subscription payments and facilitate customer invoice payments.
  • Send communications: Service-related emails, security alerts, and account notifications.
  • Improve the Service: Analyze usage patterns to enhance features, performance, and user experience.
  • Provide support: Respond to your requests, troubleshoot issues, and offer assistance.
  • Ensure security: Detect, prevent, and address fraud, abuse, and technical issues.
  • Comply with legal obligations: Meet applicable laws, regulations, and legal processes.

We do not sell your personal information to third parties. We do not use your business data (customer records, quotes, invoices, etc.) for advertising or marketing purposes.

3. How We Share Your Information

We may share your information only in the following circumstances:

  • Service providers: We use trusted third-party services to operate the platform, including Supabase (database and authentication), Vercel (hosting), Stripe (payment processing), Telnyx (SMS), and Resend (email delivery). These providers access only the data necessary to perform their services and are bound by their own privacy policies.
  • Your customers: When you send quotes, invoices, or communications through Biddesk, the relevant information is shared with your customers as intended.
  • Legal requirements: We may disclose information if required by law, subpoena, court order, or government request.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
  • With your consent: We may share information for any other purpose with your explicit consent.

4. Data Security

We take the security of your data seriously and implement industry-standard measures to protect it:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest using AES-256 encryption.
  • Authentication: We use secure authentication with hashed passwords and support multi-factor authentication.
  • Access controls: Role-based access controls and row-level security ensure users can only access data they are authorized to see.
  • Infrastructure: Our infrastructure is hosted on enterprise-grade cloud platforms with SOC 2 compliance.
  • Monitoring: We continuously monitor for security threats and vulnerabilities.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active and for 30 days after deletion to allow recovery.
  • Business data: Your customer records, quotes, invoices, and job data are retained while your account is active. Upon account deletion, this data is permanently removed within 30 days.
  • Usage and log data: Retained for up to 12 months for analytics and security purposes.
  • Payment records: Retained as required by applicable tax and financial regulations.

You may request deletion of your data at any time by contacting us at privacy@biddesk.co.

6. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

  • Essential cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Analytics cookies: Help us understand how the Service is used so we can improve it. You may opt out of analytics cookies.

We do not use advertising or tracking cookies. We do not participate in cross-site tracking or sell cookie data.

Most browsers allow you to control cookies through their settings. Disabling essential cookies may prevent you from using the Service.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your personal information.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at privacy@biddesk.co. We will respond within 30 days.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete it promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries. We ensure appropriate safeguards are in place to protect your data in accordance with this policy.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification to the address associated with your account.

Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Biddesk

Email: privacy@biddesk.co

Website: biddesk.co