Privacy Policy

Last updated: April 20, 2026

This Privacy Policy describes how Apex Design Build ("Company," "we," "us," or "our") collects, uses, and protects your information when you use BidNexus at app.bidnexus.us ("Service").

1. Information We Collect

Account Information: When you create an account, we collect your email address, name, and password. Passwords are securely hashed and never stored in plain text.

Project Data: Information you enter into BidNexus including estimates, proposals, client names, project addresses, line items, costs, photos, and documents.

Usage Data: We collect information about how you use the Service, including login timestamps, IP addresses, browser type, and feature usage for the purpose of improving the Service and maintaining security.

Payment Information: Payment processing is handled by Stripe. We do not store credit card numbers or bank account details on our servers. Stripe's privacy practices are governed by their own privacy policy.

2. How We Use Your Information

• Providing the Service: Storing your projects, generating documents, syncing data across devices, and enabling team collaboration.
• Account Management: Authentication, password resets, and account security.
• Communication: Sending service-related notifications, billing confirmations, and important updates about the Service.
• Security: Detecting unauthorized access, monitoring for abuse, and maintaining audit logs.
• Improvement: Analyzing usage patterns to improve features and user experience.

3. Data Storage & Security

Your data is stored on Supabase infrastructure hosted in the United States. We implement industry-standard security measures including:

• Encryption in transit (TLS/SSL) for all data transfers.
• Row-level security (RLS) policies ensuring users can only access their own data and authorized organization data.
• Secure authentication via Supabase Auth with hashed passwords.
• Regular security reviews of access policies and data handling procedures.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We may share information only in the following circumstances:

• Within Your Organization: If you are a member of an organization on BidNexus, other members of that organization may access shared project data as configured by the organization owner.
• Service Providers: We use Supabase (database and authentication), Stripe (payments), and Netlify (hosting) to provide the Service. These providers process data on our behalf under their respective privacy policies.
• Legal Requirements: We may disclose information if required by law, court order, or governmental regulation.

5. Photos & Files

Project photos uploaded to BidNexus are stored in Supabase Storage. Photos are associated with your project and accessible to organization members with access to that project. Photos are not used for any purpose other than providing the Service.

6. Cookies & Local Storage

BidNexus uses browser local storage to cache your project data for offline access and faster load times. We use authentication tokens stored in local storage to maintain your session. We do not use third-party tracking cookies or advertising trackers.

7. Data Retention

• Active Accounts: Your data is retained for as long as your account is active.
• Deleted Projects: Projects you delete are soft-deleted (marked as deleted but retained) for 90 days to allow recovery, after which they may be permanently removed.
• Closed Accounts: Upon account closure, your data is retained for 90 days, then permanently deleted.
• Activity Logs: Login and activity logs are retained for 12 months for security purposes.

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct inaccurate information via your account settings.
• Deletion: Request deletion of your account and associated data by contacting us.
• Export: Export your project data at any time using the built-in JSON export feature.
• Objection: Object to specific processing activities by contacting us.

9. Children's Privacy

BidNexus is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes via email at least 14 days before changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact

For questions about this Privacy Policy or to exercise your data rights, contact us at:

Apex Design Build
Email: aron@apexdesign.build