Privacy Policy
Last Modified: May 26, 2026

BWJZ, LLC d/b/a Biddy (“Company,” “we,” “us,” or “our”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This policy describes the types of information we may collect from you or that you may provide when you visit https://www.biddyhq.com or any other white-labeled deployment of the Biddy platform (the “Platform”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

You may be accessing the Platform through a white-labeled deployment operated by a third party (a “Planroom Operator”). The Platform itself is provided by us, and this Privacy Policy governs your use of the Platform regardless of which white-labeled site you accessed it from. Where a Planroom Operator independently collects or processes information about you outside of the Platform, that processing is governed by the Planroom Operator’s own privacy policy, not this one. When you submit information through a white-labeled deployment, both we (as the Platform provider) and the Planroom Operator (as the administrator of that planroom) may act as independent controllers of that information for the purposes described in this policy.

Please read this Privacy Policy carefully. By accessing or using the Platform, you agree to this Privacy Policy. If you do not agree, do not use the Platform. This policy may change from time to time and your continued use of the Platform after we revise this policy means you accept those changes.

U.S. residents only. The Platform is offered to and intended for users located in the United States. We do not offer the Platform to users in the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States, and this Privacy Policy is not intended to address the requirements of privacy laws in those jurisdictions. If you access the Platform from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.

Information We Collect

We collect information about you in the following ways:

Information you provide to us. When you register an account, complete your profile, submit a bid, send a message, or otherwise use the Platform, we collect:

• Identifiers and contact details: first and last name, email address, mobile phone number, office phone number, profile photo, job title, trade, and any certifications you provide.
• Company information: company name, address, and phone number.
• Account credentials: password (stored only as a salted, one-way hash) and authentication tokens.
• Payment information: when you subscribe to a paid plan, billing is processed by Stripe. We receive limited billing metadata (such as your Stripe customer identifier and subscription status) but we do not receive or store your full card number or CVV.
• Content you upload or send: bid documents, project files, attachments, messages, comments, and any other content you submit through the Platform.
• Communications preferences: your choices for receiving email notifications and SMS/text-message notifications, including the opt-in record showing the date, time, and form on which you provided consent.

Information collected automatically. When you use the Platform, we and our service providers automatically collect:

• Log and usage data: IP address, browser type and version, device type, operating system, referring and exit pages, pages viewed, and timestamps.
• Cookies and similar technologies: see the “Cookies” section below.
• Error and diagnostic data: when the Platform encounters an unexpected error, technical information about the request and your session may be transmitted to our error-monitoring provider so we can debug and fix the issue.

How We Use Your Information

We use the information we collect to:

• Provide, operate, maintain, and improve the Platform.
• Authenticate you, secure your account, and prevent fraud or abuse.
• Process subscription payments and send billing-related communications.
• Send transactional and operational emails about projects, bids, invoices, and account activity.
• Send SMS/text-message notifications about important project updates when you have opted in (see “SMS / Text Messages” below).
• Respond to your inquiries and provide customer support.
• Monitor and analyze usage to debug issues, evaluate features, and improve performance.
• Comply with legal obligations and enforce our Terms of Use.

SMS / Text Messages

If you opt in to receive text messages from us, we will send you SMS notifications about important project updates (such as manual job updates and addendums for projects you are connected to). Message frequency is approximately 3 to 5 messages per month. Message and data rates may apply depending on your mobile carrier.

You can opt out at any time by replying STOP to any text message we send, or by unchecking the SMS notifications option in your account settings. Reply HELP for help.

We use Twilio as our SMS service provider to deliver text messages and process inbound replies (including STOP and HELP keywords). When we send you a text message, your phone number, the message content, delivery status, and any reply you send are processed by Twilio on our behalf. Twilio is contractually required to use this information solely to provide messaging services to us.

We will not share, sell, rent, or trade your mobile phone number or your text-message opt-in data with any third party for marketing purposes. Your consent to receive text messages applies only to the Platform and is not shared with affiliates or other companies.

Service Providers

We rely on a small set of trusted third-party service providers to operate the Platform. Each provider receives only the information necessary to perform its function and is contractually restricted from using your information for any other purpose:

• Twilio — SMS/text-message delivery and inbound reply handling.
• Stripe — subscription billing and payment processing.
• Cloudflare Turnstile — bot and abuse detection on sign-up and lead forms.
• Filestack — secure storage of file uploads, including profile photos and project documents.
• Bugsnag — error and exception monitoring to help us diagnose and fix software issues.
• SendGrid — delivery of transactional and notification emails.
• PostHog — product analytics to understand how the Platform is used and to improve features. PostHog is configured to process usage and event data on our behalf and is contractually restricted from using it for any other purpose.
• Amazon Web Services (S3) — cloud storage and infrastructure for the Platform.

We may add or change service providers from time to time as needed to operate the Platform.

Sharing and Disclosure

We do not sell your personal information. We may share information about you only in the following circumstances:

• With the service providers listed above, to operate the Platform.
• With other Platform users in the ordinary course of using the Platform — for example, when you submit a bid, the planroom administrator and project owner will see your name, company, and the contents of your submission.
• With the Planroom Operator of a white-labeled deployment you use, who acts as an independent controller for information you submit within that planroom.
• To comply with applicable law, legal process, or government request, or to protect the rights, property, or safety of the Company, our users, or others.
• In connection with a merger, acquisition, financing, or sale of all or part of our business, in which case personal information may be transferred as part of that transaction.

Cookies

We use cookies and similar technologies in the following categories:

• Strictly necessary — required for the Platform to function (e.g., keeping you signed in, remembering your last-visited planroom, securing forms against abuse).
• Functional — remember your preferences and improve your experience.
• Analytics — help us understand how the Platform is used so we can improve it (PostHog).

Most browsers let you control cookies through their settings. If you disable cookies, parts of the Platform may not function correctly. We honor Global Privacy Control (GPC) signals as an opt-out for non-essential analytics where browsers transmit them.

Data Retention

We retain your account information for as long as your account is active and for a reasonable period afterwards to comply with our legal, accounting, and reporting obligations. Project content (bids, files, messages) is retained for the lifetime of the project record and may be retained longer where required by law. You may request deletion of your account by contacting us; some information may be retained in archived or backup form after deletion.

Security and Breach Notification

We implement administrative, technical, and physical safeguards designed to protect your information. Passwords are stored as salted one-way hashes. Connections to the Platform are encrypted in transit using TLS. Despite these measures, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

In the event of a data breach affecting your personal information, we will notify affected users and applicable regulators as required by law, without unreasonable delay after we become aware of the breach.

Your Choices

• You can review and update most account information at any time from your account settings.
• You can opt in or out of SMS notifications from the Notifications section of your account, or by replying STOP to any text message you receive from us.
• You can opt out of marketing or product-update emails using the unsubscribe link in those emails. Transactional emails about your account, projects, and billing will continue.
• You can request access to, correction of, or deletion of personal information we hold about you by contacting us at the address below.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (“CCPA/CPRA”), provides you with the following rights:

• Right to know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business or commercial purposes for collecting it, and the categories of third parties with whom we share it, over the prior 12 months.
• Right to delete. You may request that we delete personal information we have collected from you, subject to certain exceptions (for example, information we need to complete a transaction, comply with a legal obligation, or detect security incidents).
• Right to correct. You may request that we correct inaccurate personal information we maintain about you.
• Right to portability. You may request a copy of your personal information in a portable, readily usable format.
• Right to opt out of sale or sharing. We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising, as those terms are defined under the CCPA/CPRA. We honor Global Privacy Control (GPC) signals as a valid opt-out request from browsers that transmit them.
• Right to limit use of sensitive personal information. We do not use or disclose sensitive personal information for purposes beyond those permitted under the CCPA/CPRA (for example, to provide the services you requested, to detect security incidents, or to verify your identity).
• Right to non-discrimination. We will not discriminate against you for exercising any of these rights.

Categories of personal information collected in the prior 12 months. Identifiers (name, email, phone, IP address); customer records (company information, job title, certifications); commercial information (subscription and billing metadata); internet or network activity (log and usage data); geolocation (general location derived from IP address); professional or employment-related information (trade, certifications, company role); and content you upload or send through the Platform.

Sources. Directly from you; automatically from your device when you use the Platform; and from our service providers (e.g., Stripe for billing metadata).

Purposes. As described in “How We Use Your Information” above.

Categories of third parties. Service providers listed under “Service Providers”; other Platform users in the ordinary course of your use; Planroom Operators of white-labeled deployments you use; and legal or governmental authorities when required by law.

How to exercise your rights. Submit a request by emailing team@biddyhq.com with the subject line “California Privacy Request.” We will verify your identity using information already associated with your account before fulfilling a request. We will respond within 45 days, with a possible 45-day extension where reasonably necessary. You may also designate an authorized agent to make a request on your behalf; we will require written proof of the agent’s authorization.

Children’s Privacy

The Platform is intended for use by adults aged 18 and over. We do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from a person under 18, we will delete that information as quickly as possible.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Modified” date at the top of this page. Material changes will be highlighted on the Platform or sent to you by email where appropriate. Your continued use of the Platform after the effective date of a revised policy constitutes your acceptance of the revised policy.

Contact Us

Questions, comments, or requests regarding this Privacy Policy should be sent to team@biddyhq.com, or by mail to:

BWJZ, LLC d/b/a Biddy
132 Pinewood Place
Port Matilda, PA 16870