Back to home

Privacy Policy

Effective February 10, 2026

MDG Labs ("we", "us") operates BidFlow. This policy explains what data we collect, how we use it, and your rights.

1. What We Collect

  • Account info — your name, email, business name, and state (provided at signup or in settings)
  • Estimate & proposal data — job descriptions, line items, customer names/emails/addresses, photos you upload, and generated PDFs
  • Usage data — pages visited, features used, device type, browser, and IP address (collected automatically)
  • Payment info — Stripe handles all payment processing. We never see or store your full card number

2. How We Use It

  • Provide the service — generate estimates, create proposals, process payments
  • Improve our AI — we may use anonymized, aggregated data to train better pricing models. Your identifiable business data is never shared
  • Communicate with you — account updates, billing, and product announcements (you can opt out of non-essential emails)
  • Send proposals on your behalf — when you send a proposal, we email it to your customer using the email address you provide

3. What We Share

We share data only with the services needed to run BidFlow:

  • Stripe — payment processing (your bank/card info)
  • Resend — sending proposal emails on your behalf
  • Anthropic — AI estimate generation (your job description is processed in real-time and not stored by Anthropic for training)
  • Supabase — database hosting and authentication (AWS infrastructure)

We do not sell your data. We do not share your data with advertisers. Period.

4. Your Customers' Data

When you create proposals, you provide customer names, emails, and addresses. We store this data only to deliver proposals and process payments on your behalf. We never market to your customers or share their information with third parties.

5. Security

Your data is stored on Supabase (AWS infrastructure) with encryption at rest and in transit. All connections use HTTPS. Passwords are hashed and never stored in plain text. We follow industry-standard security practices, but no system is 100% secure — if we discover a breach, we'll notify affected users promptly.

6. Cookies

We use cookies only for authentication (keeping you signed in). We do not use tracking cookies, advertising pixels, or third-party analytics that track you across the web.

7. Your Rights

  • Export your data — download any proposal as a PDF from your dashboard
  • Delete your account — email us at support@bidflow.app and we'll delete your account and data within 30 days
  • California residents (CCPA) — you have the right to know what data we collect, request deletion, and opt out of data sales (we don't sell data, so there's nothing to opt out of)

8. Contact

Questions about your privacy? Reach us at support@bidflow.app.