1. Who We Are

BidRise is operated by Live Lead Solutions LLC, a Utah limited liability company. Contact us at kaden@liveleadsolutions.com.

2. Information We Collect

Information you provide

• Account info: name, email, business name, phone number
• Company details: logo, address, license number, pricing configuration
• Team member information: names, emails, roles of invited team members
• Customer information: names, emails, phone numbers, addresses entered when creating bids
• Bid content: job descriptions, scope of work, line items, pricing, Good/Better/Best tier details
• Voice and video recordings made during bid creation
• Electronic signatures collected from your customers including name, date, timestamp, and IP address
• Additional notes added to bids before sending
• Subject to / legal terms configured in settings
• CRM webhook URL configured in settings

Information collected automatically

• Device and browser information
• IP address and general location
• Usage data: features used, pages visited, actions taken
• Draft bid data saved automatically as you type
• Error logs and performance data
• IP address of customers who sign bids electronically

3. How We Use Your Information

• Provide and improve the BidRise platform
• Generate AI-powered bid estimates from your recordings
• Send bids and estimates to your customers on your behalf
• Process electronic signatures and maintain signature audit records
• Manage team accounts, roles, and invite flows
• Auto-save draft bids to prevent data loss
• Send account notifications and product updates
• Respond to support requests and ensure platform security

4. Voice and Video Recordings — Biometric Disclosure

Voice and video recordings you make through BidRise are:

• Used solely to generate AI-powered bid content and document job sites
• Stored securely for up to 90 days from the date of recording, then permanently deleted unless exported
• Exportable by you as part of the internal bid export package
• Transmitted to OpenAI for transcription (Whisper) and bid generation (GPT) under OpenAI’s API data-use policy, which prohibits training on customer data by default
• Never sold to third parties
• Gated by an affirmative in-app consent confirmation that the contractor has informed and obtained consent from every recorded individual; the timestamp of that confirmation is stored on the bid record

Biometric data notice (IL, TX, WA)

Voiceprints and facial geometry may be considered “biometric identifiers” or “biometric information” under the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), and Washington RCW 19.375. BidRise does not intentionally extract, generate, or store voiceprints or facial-geometry templates from recordings. Recordings are stored as raw audio/video files for the retention period above and used only to generate the bid. We do not sell biometric data and do not disclose it except to the subprocessors listed in Section 11 strictly for the purpose of providing the Service.

Recorded customer responsibility

If you are a customer who has been recorded by a BidRise contractor and wish to have your recording deleted before the 90-day retention period elapses, contact us at kaden@liveleadsolutions.com with the contractor’s business name and the approximate date of the recording. We will locate and delete the recording within 30 days, subject to verification.

5. Electronic Signature Data

When a customer signs a bid through BidRise, we collect and permanently store:

• The customer's full name as typed
• The date and time of signing with timezone
• The IP address of the device used to sign

This data is retained permanently for legal and audit purposes and is never deleted even if the bid is otherwise modified. This information is visible to the business account owner within the bid detail page.

6. Customer Data and Your Responsibilities

When you enter your customers' personal information into BidRise, you are acting as a data controller for that information. We process it on your behalf solely to provide the Service. You are responsible for:

• Having a lawful basis to collect and store your customers' personal data
• Informing your customers about how their data is used
• Compliance with all applicable privacy laws in your jurisdiction
• Any third-party sharing of customer data through the CRM webhook feature

7. CRM Webhook and Third-Party Data Sharing

If you configure a CRM webhook URL in your settings, BidRise will automatically send the following customer data to your configured webhook when a customer signs a bid: customer name, email, phone number, address, job name, total bid amount, and date signed.

You are solely responsible for:

• Ensuring you have the legal right to transmit your customers' data to the third-party system you configure
• The privacy practices and data security of any CRM or third-party system you connect
• Informing your customers that their information may be stored in your business management systems
• Compliance with GDPR, CCPA, and any other applicable data protection regulations

BidRise is not responsible for the data practices, security breaches, or actions of any third-party system you connect via webhook. If no webhook URL is configured, no customer data is transmitted to third parties by this feature.

8. Team Account Data

When you invite team members to your company account, their name, email, and role are stored in our database. Team members can view company bids according to their assigned role. Owners can remove team members at any time. Removed team members lose access immediately but their previously created bid data remains in the company account.

9. How We Share Your Information

We do not sell your personal information and we do not share it for cross-context behavioral advertising. We disclose data only to the categories below:

• Subprocessors: The vetted service providers listed in Section 11, each contractually required to process data only on our instructions and to apply industry-standard security.
• CRM webhooks: Only if you configure a webhook URL — customer and bid data is transmitted to the third-party system you choose when a bid is signed. You are the data controller for that transfer.
• App-store and push providers: Apple (iOS push via APNs) and Google (Android push via Firebase Cloud Messaging) for delivering notifications to your device. The push payload itself contains only the bid title and a generic message.
• Legal compliance: When required by subpoena, court order, or applicable law, or to protect our rights, safety, or property.
• Business transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or use of your personal information.

10. Data Storage and Security

Your data is stored on infrastructure operated by Supabase (Postgres + object storage) and Vercel (application hosting), both located in the United States. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Role-based access control limits team members to records appropriate to their role, and all data operations route through authenticated server-side API routes that enforce company-membership checks. Access to production credentials is limited to the founder and is rotated on a periodic basis. We retain a tamper-evident audit log of security-relevant events. No system is 100% secure and we cannot guarantee absolute security.

11. Subprocessors

BidRise relies on the following subprocessors. Each is bound by a written agreement (DPA, terms of service, or equivalent) requiring them to process data only on our documented instructions and to maintain appropriate security. We will provide 30 days’ advance notice via email or this page before adding or replacing a subprocessor that processes personal data.

An up-to-date version of this list is always available on this page. If you object to a new subprocessor, contact us before the change takes effect; your only remedy is to terminate the Service.

12. Data Retention

• Account and company data: Retained while active. When you delete your account, data enters a 30-day grace period during which you can sign in and restore the account. After 30 days, data is permanently and irreversibly deleted.
• Bid records, customers, line items, team memberships, invites: Follow the same 30-day grace period as the parent company account.
• Draft bids: Auto-deleted after 30 days of inactivity
• Voice and video recordings: 90 days then permanently deleted
• Electronic signature records: Retained permanently for legal purposes (see Section 13)
• Audit log: Retained for security and compliance purposes, separate from the deletion grace period.
• Tax and billing records: Retained for at least 7 years to comply with applicable tax law (IRS § 6001), even after account deletion.
• Diagnostic and error-monitoring data (Sentry): Retained for up to 90 days, then purged by the provider.
• Server access logs (Vercel): Retained for up to 30 days for security and abuse prevention.
• Push notification device tokens: Retained until the device unregisters or the user signs out, whichever occurs first.

Reminder emails are sent at the time of scheduling and 7 days before the deletion executes. After permanent deletion, recovery is not possible.

For step-by-step deletion instructions (in-app and via email), see our dedicated Account Deletion page.

13. Electronic Signature Records (Permanent)

Electronic signature data described in Section 5 is retained permanently for legal and audit purposes and cannot be deleted via account-deletion request. This is necessary to preserve the legal validity of agreements signed through the platform under the federal E-SIGN Act and analogous state laws.

14. Your Rights — California Residents (CCPA / CPRA)

If you are a California resident, you have the following rights with respect to your personal information:

• Right to know what categories and specific pieces of personal information we collect, the sources, the business purposes, and the categories of third parties to whom we disclose it.
• Right to delete personal information we have collected from you, subject to the legal exceptions in Cal. Civ. Code § 1798.105(d).
• Right to correct inaccurate personal information.
• Right to access & portability — a copy of your personal information in a portable, readily usable format.
• Right to opt out of sale or sharing. We do not sell or share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive personal information. Voice recordings may constitute sensitive personal information; we use them solely to provide the Service.
• Right to non-discrimination for exercising any of the above.

Categories of personal information collected (last 12 months)

Identifiers; commercial information (subscription history); internet/electronic activity (logs); geolocation (general, IP-derived); audio/visual data (recordings); professional information (license, business details); inferences (AI-derived bid recommendations). We do not collect government IDs, financial-account numbers, precise GPS, health data, race/ethnicity, religion, sexual orientation, or genetic data.

How to submit a request

Email kaden@liveleadsolutions.com with the subject line “CCPA Request” and the type of request. We will verify your identity using information already associated with your account and respond within 45 days (extendable by another 45 days with notice). You may designate an authorized agent to make a request on your behalf with a written, signed authorization.

15. Your Rights — EEA, UK, and Switzerland (GDPR)

BidRise is offered to U.S. business customers only and we do not intentionally market or offer the Service in the European Economic Area, the United Kingdom, or Switzerland. If, despite this, you are a resident of those regions and have provided us with personal data, you may have the rights to access, rectify, erase, restrict processing of, port, or object to processing of your personal data, and to lodge a complaint with your local supervisory authority. The legal basis for our processing is performance of a contract (Art. 6(1)(b) GDPR) for account holders, and our legitimate interest (Art. 6(1)(f)) in operating and securing the Service. International transfers, if any, are made under Standard Contractual Clauses or equivalent safeguards. Contact kaden@liveleadsolutions.com to exercise any right.

16. Other U.S. State Privacy Rights

Residents of states with comprehensive privacy laws — including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and others — have substantially the same rights described in Section 14. To exercise these rights, contact us at kaden@liveleadsolutions.com.

17. Do Not Sell or Share My Personal Information

We do not sell personal information for monetary consideration and we do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA. No opt-out is required because no such sharing occurs. We honor browser-based Global Privacy Control (GPC) signals as a request to opt out of any future sale or sharing.

18. Cookies and Local Storage

BidRise uses essential cookies and browser local storage solely to maintain your authenticated session, persist your last-used company, and store auto-saved drafts. We do not use advertising cookies, tracking pixels, or third-party analytics that profile users.

19. Children's Privacy

BidRise is intended for users 18 years of age or older. We do not knowingly collect personal information from anyone under 13 (COPPA) or under 16 without parental consent where applicable. Contact us immediately if you believe a minor has provided us with personal information.

20. Mobile App Data

The BidRise mobile app for iOS and Android requests permission to access the camera, microphone, and photo library. These permissions are used only to capture job-site recordings, take job-site photos, attach a logo or job photo to a bid, and save a signed PDF to your library. Permissions can be revoked at any time in your device settings. The app delivers push notifications via APNs (iOS) and FCM (Android); the device-token-to-user mapping is stored in our database and deleted when you sign out or unregister the device.

21. Third-Party Links

We are not responsible for the privacy practices of third-party websites or systems linked from or connected to the Service.

22. Changes to This Policy

We will notify you of significant changes via email or in-app notification at least 30 days before they take effect. Continued use after the effective date constitutes acceptance.

23. Governing Law

This Privacy Policy is governed by the laws of the State of Utah. Disputes shall be resolved in the courts of Utah County, Utah, without regard to conflicts-of-law principles. Nothing in this section limits the rights of California, EU, UK, or other consumers under their respective home jurisdictions’ mandatory laws.