Privacy Policy

We collect the information you give us when you sign up and use 1 Click Bid (the “Service”), operated by 1 Click Bid LLC. We use it to run the Service, bill you, and make the product better. We don't sell your data, and we don't train AI models on your customer information.

Account info: name, email, hashed password, company name, trade type, service area, phone number.

Billing info: Stripe processes your card and stores payment details on their PCI-compliant infrastructure. We receive only a customer ID, the last 4 digits of your card, and subscription status — never full card numbers.

Customer and job data: the customer records, estimates, invoices, photos, voice recordings, and notes you create in the Service.

Usage data: pages visited, features used, device type, browser, approximate location (from IP), error logs. Used to debug and improve the product.

Cookies: session cookies to keep you logged in, and a minimal set of analytics cookies via PostHog.

• Run the Service — show you your data, generate estimates, send email and SMS you request
• Bill you for paid plans (via Stripe)
• Send you transactional email (receipts, password reset, important account notices)
• Respond to support requests
• Detect fraud, abuse, and security issues
• Improve the product (analytics on aggregated, anonymized usage)
• Comply with legal obligations

We use the following third-party providers to operate the Service. Each one only receives the data needed for its role, and each is bound by its own privacy and security commitments.

• Supabase — database, authentication, file storage (US-based)
• Vercel — application hosting (US-based)
• Stripe — payment processing and subscription billing
• Anthropic (Claude) — AI estimate generation and proposal copy. Anthropic does not train its models on data submitted through the API.
• OpenAI (Whisper) — voice transcription. Audio is processed and discarded; not used for model training.
• Resend — transactional email delivery
• Twilio — SMS delivery (when enabled on your plan)
• PostHog — product analytics
• Sentry — error monitoring

When you use AI features (estimate generation, proposal copywriting, photo analysis, voice transcription), the relevant inputs — job description text, uploaded photos, audio — are sent to the AI provider (Anthropic or OpenAI) over encrypted connections. By contract, these providers do not use your submitted data to train their public models.

We store the AI output alongside your estimate for your review and editing. We do not use your customer data to train any model of our own.

When you add a customer (name, email, phone, address) we act as a processor on your behalf — you are the data controller for that information. You are responsible for having the legal basis to collect and share customer contact details with us and to send them email or SMS via the Service.

Data is encrypted in transit (TLS 1.2+) and at rest. Passwords are hashed with bcrypt. Database access is restricted by row-level security so each organization only sees its own data. We review third-party security practices annually.

No system is 100% secure. If we learn of a breach affecting your data, we'll notify you promptly and follow applicable breach-notification laws.

We retain account data for as long as your account is active. After you cancel, we hold Your Content for up to 90 days to allow export, then delete it. Billing records are retained for 7 years to comply with tax and accounting obligations. Server logs are rotated after 30 days.

Depending on where you live, you may have the right to:

• Access a copy of your data
• Correct inaccurate data
• Delete your data (subject to legal holds)
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent where processing is consent-based

To exercise these rights, email privacy@1clickbid.com. We'll respond within 30 days.

California residents (CCPA): we do not sell personal information. You have the right to know, delete, and opt out of any sale. Email us to exercise these rights.

EU / UK residents (GDPR): our legal bases for processing are contract (running the Service you signed up for), legitimate interests (improving the product, preventing abuse), consent (optional analytics), and legal obligation (tax records).

The Service is not directed to anyone under 18. We don't knowingly collect data from children. If you believe a child has given us information, email privacy@1clickbid.com.

Our servers and sub-processors are primarily located in the United States. If you access the Service from outside the US, your data is transferred to and processed in the US. Where applicable, transfers rely on Standard Contractual Clauses or equivalent safeguards.

We may update this Privacy Policy as the product evolves. If the change is material, we'll email you or show an in-app notice at least 30 days before it takes effect.

Privacy questions, data requests, or breach notifications: privacy@1clickbid.com.

General support: support@1clickbid.com.