Easy Bids
EASY BIDS
Public Bid Analysis
Back to homeLegal

Privacy Policy

Last updated: May 10, 2026

This Privacy Policy explains how Easy Bids ("we", "us", "Easy Bids", the "Service") collects, uses, and protects your information when you use our web application at easybids.us (or any subdomain or preview URL we operate). By using the Service you agree to the practices described below.

§1Information We Collect

Account information you provide

  • Full name, email address, password (hashed with bcrypt — we never store plaintext)
  • Company name, role/title, phone number
  • Optional: company size, annual revenue tier, contractor license number, how you heard about us
  • If you sign in with Google, we receive your email, name, and profile picture from Google's OAuth response

Project content you upload

  • Bid documents (ITB / RPQ / specifications), construction plans, addenda
  • Project metadata you enter: project ID, descriptor, budget, bid due date

Automatically collected

  • IP address (used only for brute-force login protection; not used for tracking or advertising)
  • HTTP request timestamps and basic server logs
  • Session cookies (access_token and refresh_token, JWT-signed, http-only, Secure, SameSite=None)

Payment information

When you purchase credits or a Pro subscription, payment is processed by Stripe, Inc. We never see or store your card number, CVV, or banking details. We store only the Stripe checkout session ID, amount, currency, and payment status so we can show your billing history and grant credits.

§2How We Use Your Information

  • To deliver the Service: generate AI analyses of your uploaded documents, produce Word / Excel / ZIP exports, track your monthly quota.
  • To manage your account: authenticate sign-ins, support resets, prevent abuse.
  • To process payments: create Stripe Checkout sessions, grant credits/Pro after successful payment.
  • To improve the Service: diagnose errors from server logs, improve prompts and extraction accuracy.
  • To communicate with you: transactional emails (receipts, password resets, quota warnings). We will not send marketing emails unless you opt in.

§3Sharing With Third-Party Subprocessors

We use the following subprocessors. Each receives only the data necessary to perform its function.

  • Anthropic, PBC — Claude Sonnet 4.5 LLM. Receives the extracted text from your uploaded documents to generate the analysis. Anthropic's API does not train on this data by default.
  • Stripe, Inc. — payment processing. Receives your email, the amount, and a transaction ID.
  • Google LLC — only if you sign in with Google (OAuth). Receives a sign-in request; returns your basic profile.
  • Cloud hosting infrastructure — receives encrypted application traffic.

We do not sell your personal information. We do not share it with advertisers or data brokers.

§4Where Your Data Is Stored

  • User accounts, project metadata, and analyses are stored in a MongoDB database on our hosting infrastructure.
  • Uploaded files are stored on persistent server storage isolated per project. Files are accessible only via authenticated requests tied to your user account.
  • We retain files and analyses for as long as your account is active. You can delete individual projects at any time, which removes the files from disk and the record from the database.

§5Data Retention & Deletion

  • Active projects: retained while your account is active.
  • Deleted projects: file content is removed immediately; database row is removed.
  • Account deletion: email us at the address in §11 and we will delete your account, all projects, all uploads, and your billing transaction details (subject to legal retention requirements, e.g., tax records) within 30 days.
  • Server logs: rotated every 30 days.

§6Your Rights

Depending on your jurisdiction (e.g., GDPR in the EU/UK, CCPA/CPRA in California), you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data (use the Account page, or contact us)
  • Delete your account and associated data
  • Port your data to another service (export your projects via Word / Excel / ZIP, or request a data export)
  • Object to or restrict processing

To exercise any of these rights, email us at the address in §11.

§7Security

  • All traffic to easybids.us is encrypted with TLS.
  • Passwords are hashed with bcrypt (cost factor 12). We never log or transmit plaintext passwords.
  • Sessions use HTTP-only, Secure, SameSite=None cookies signed with HS256 JWTs.
  • Login attempts are rate-limited (5 failures per IP+email per 15 minutes triggers a temporary lockout).
  • Stripe handles all card data; we never see it.
No system is perfectly secure. You are responsible for safeguarding your password and not uploading documents you are not authorized to share.

§8Cookies

We use only the cookies strictly necessary to operate the Service:

  • access_token — 24-hour signed session JWT
  • refresh_token — 30-day signed renewal JWT

We do not use analytics, advertising, or tracking cookies. We do not need a cookie banner because we set no non-essential cookies.

§9Children

The Service is a B2B tool intended for contractors and is not directed to children under 18. We do not knowingly collect personal information from anyone under 18.

§10Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be posted on this page with a new "Last updated" date. For significant changes (e.g., new categories of data, new subprocessors handling personal data), we will also notify you by email.

§11Contact

Questions, data requests, or complaints: email privacy@easybids.us.

Terms of ServicePrivacy PolicyRefund PolicyAcceptable Use
Easy Bids
EASY BIDS
A field tool for construction contractors bidding public-sector RFP / ITB / RPQ / Municipal projects.
PricingTermsPrivacyRefunds

AI Disclaimer:Estimates and analyses are AI-generated for informational purposes only. AI can make mistakes. Output is a preliminary draft — verify every line item, citation, quantity and dollar figure against source documents. Not professional advice. Not affiliated with any government agency.

Made with Emergent