Privacy Policy

1 . Introduction

Bid Mailers LLC (“Bid Mailers,” “we,” “us,” or “our”) operates a mobile application, website, and related services (collectively, the “Services”). This Policy explains how we collect, use, and share information—including data used for automated text messaging (A2P 10DLC compliance). By creating an account or using the Services you agree to this Policy.

2 . Information We Collect

Category Examples Why We Collect It

2.1 Account Data Username, password, company name Secure and manage user access

2.2 Contact Data Email, mobile number (SMS opt-in box shown at signup) Manual & automated messages

2.3 Payment Data Tokenized card details processed by Stripe (we never store full card numbers) Billing and fraud prevention

2.4 Location Data GPS coordinates (when tracking is turned on) Route mapping & avoiding duplicates

2.5 Usage Data Homes pinned, addresses collected, in-app clicks Improve and debug features

2.6 Device Data Device type, OS, unique IDs, app version Compatibility & security

2.7 Messaging Logs Timestamps, sender ID, carrier responses A2P record-keeping & spam control

2.8 Website Cookies / Pixels Google Analytics, Facebook pixel Site analytics & remarketing

3 . How We Use Your Information

Provide & Operate the Services – Show routes, prevent duplicate surveys, generate mailers.

Automated & Manual Communications

Transactional (e.g., “Pin saved”).

Operational (reminders, outage notices).

Announcements/Check-ins (feature launches, tips).

Promotional SMS/MMS will be sent only if you checked the opt-in box.

Improve & Secure – Analyze aggregated usage, diagnose bugs, combat fraud.

Legal / Compliance – Enforce our Terms of Service and meet TCPA, CTIA, and other U.S. laws.

4 . Legal Basis

We process data to perform our contract with you, pursue legitimate business interests (service improvement, security), and—where required—your consent (location tracking, promotional texts).

5 . Sharing Your Information

Recipient Purpose Safeguards

Your Roofing Company Share data among your authorized admins & surveyors Role-based access

Service Providers Hosting (Supabase, AWS), mapping, Stripe, A2P messaging (e.g., Twilio) Data-processing agreements & encryption

Legal / Safety Respond to lawful requests or protect rights Disclose only what is required

We do not sell or share data with third parties for their independent marketing. If that ever changes we’ll seek your explicit consent first.

6 . Your Messaging Choices

Opt-In – You check a box at signup agreeing to receive automated texts.

Opt-Out – Reply STOP to any SMS. Opt-out is honored within 24 hours and logged per CTIA rules.

HELP – Reply HELP for assistance.

Frequency – Typically fewer than 10 automated texts per week, tied to your activity.

You can also email [email protected] to adjust preferences.

7 . Data Retention (Default Limits)

Data Type Retention Period

Account & Billing Records Life of account + 7 years (tax & audit)

GPS Tracks 24 months, then aggregated or deleted

Message Logs & Metadata 4 years (A2P audit trail)

Device & Usage Analytics 24 months

We may keep data longer if required by law or for dispute resolution.

8 . Security

We use TLS encryption in transit, AES-256 at rest, regular penetration testing, and least-privilege access controls. Stripe handles all payment data with PCI-DSS compliance. Despite safeguards, no system is 100 % secure and you use the Services at your own risk.

9 . Your Rights

Right How to Exercise

Access / Correction Email [email protected]

Deletion Same email; invoices & tax records may be retained

Location Opt-Out Toggle tracking off in the app

SMS Opt-Out Reply STOP to any text

Because we operate primarily in the United States and are below CPRA thresholds, CCPA/CPRA rights may not apply but we extend similar access and deletion rights to all users.

10 . Cookies & Analytics

Our website uses first-party cookies plus Google Analytics and Facebook pixel for metrics and remarketing. You can block cookies in your browser settings. The mobile app stores only local data required for offline operation and does not use cookies.

11 . Children’s Privacy

The Services are not directed to children under 13 and we do not knowingly collect their data. If you believe we have done so, contact us and we will delete it.

12 . International Data Transfers

All servers are currently U.S.-based. If we expand storage to Canada or elsewhere, we will update this Policy and, where required, obtain additional consent.

13 . Changes to This Policy

We may update this Policy. Material changes will be announced by email, SMS, or in-app notice 30 days before they take effect. Continued use after the effective date means you accept the revisions.