BidShield ADA ("BidShield ADA," "we," "us," or "our") operates the website located at bidshieldada.com and the related software-as-a-service platform (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, retain, and protect information when you visit our website, create an account, purchase a product, or otherwise interact with the Service.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, you should not use the Service.
1. Information We Collect
1.1 Account Information
When you create an account, we collect your email address and any optional profile information you provide. Authentication is handled through Supabase Auth, our backend service provider. We do not store plaintext passwords; authentication credentials are managed and encrypted by Supabase in accordance with their security practices.
1.2 Payment Information
Payment processing is handled entirely by Stripe, Inc. ("Stripe"). When you purchase the Contractor's Defense Bundle or any other product, your payment card details are collected and processed directly by Stripe. We never receive, transmit, or store your full credit card number, CVV, or other sensitive payment credentials on our servers. We may receive and store a Stripe Customer ID, transaction confirmation, payment status, and the last four digits of your payment method for customer support purposes.
1.3 Scan Data & URLs
When you use the WCAG scanning feature, you submit a URL for analysis. We collect the URL you submit, the scan results (including identified WCAG violations, severity levels, and remediation suggestions), AI-generated alt-text descriptions for images and documents found at the scanned URL, and timestamped audit defense log entries associated with each scan.
Scan data is stored in your account and is used solely to provide the Service to you. We do not share individual scan results with third parties. We do not scan any URL unless you explicitly submit it for analysis.
1.4 Uploaded Documents
If you upload PDFs, engineering schematics, site plans, or other documents for AI-powered analysis, we process those files to generate accessibility remediation data. Uploaded documents are stored securely and are accessible only to your account. We do not use your uploaded documents to train machine learning models, and we do not share them with third parties except as necessary to perform the analysis (e.g., sending content to an AI inference provider for alt-text generation).
1.5 Automatically Collected Information
When you visit our website, we may automatically collect technical information including your IP address, browser type and version, operating system, referring URL, pages visited and time spent on each page, device identifiers, and general geographic location derived from your IP address. This information is collected through server logs and may be supplemented by analytics services. We use this data to improve the Service, diagnose technical issues, and prevent abuse.
1.6 Cookies & Similar Technologies
We use strictly necessary cookies to maintain your authenticated session and remember your preferences. We may use analytics cookies to understand how visitors interact with our website. We do not use cookies for behavioral advertising or cross-site tracking. You can control cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent you from using authenticated features of the Service.
2. How We Use Your Information
We use the information we collect to provide, maintain, and improve the Service, including processing scans, generating audit defense logs, and delivering AI-powered remediation data. We also use your information to process transactions and send purchase confirmations, communicate with you about your account, product updates, and support requests, detect and prevent fraud, abuse, and security incidents, comply with legal obligations, and generate aggregated, de-identified analytics to improve the platform (no individual user data is included in aggregated metrics).
We will not sell, rent, or lease your personal information to any third party. We do not use your personal data for targeted advertising.
3. Third-Party Service Providers
We rely on a limited number of trusted third-party providers to operate the Service. Each provider receives only the minimum data necessary to perform its function.
Supabase (Backend & Database)
Hosts our database, handles authentication, and provides real-time data services. Your account data, scan results, and audit logs are stored in Supabase's infrastructure. Supabase's privacy policy is available at supabase.com/privacy.
Stripe, Inc. (Payment Processing)
Processes all payment transactions. Stripe is PCI-DSS Level 1 certified. Your payment details are handled entirely within Stripe's infrastructure. Stripe's privacy policy is available at stripe.com/privacy.
Vercel (Hosting & Deployment)
Hosts the BidShield ADA front-end application and serverless functions. Vercel may process server logs containing IP addresses and request metadata. Vercel's privacy policy is available at vercel.com/legal/privacy-policy.
AI Inference Providers
We may send content from your scanned URLs or uploaded documents to AI model providers for the purpose of generating alt-text descriptions and remediation suggestions. This content is sent via API and is not used to train the provider's models. We select providers that offer data processing agreements and do not retain input data beyond the duration of the API request.
4. Data Retention
We retain your account information and scan data for as long as your account is active or as needed to provide the Service. Audit defense logs and scan history are retained indefinitely while your account is active, as these records are designed to serve as long-term compliance documentation for your benefit. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain certain information to comply with legal obligations, resolve disputes, or enforce our agreements. Payment transaction records may be retained by Stripe independently in accordance with their data retention policies and applicable financial regulations.
5. Data Security
We implement commercially reasonable technical and organizational safeguards to protect your data, including encryption in transit (TLS/SSL) for all data transmitted between your browser and our servers, encryption at rest for data stored in our database, access controls limiting employee and contractor access to personal data on a need-to-know basis, and regular security reviews of our infrastructure and third-party providers.
No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal information, we cannot guarantee its absolute security. You are responsible for maintaining the confidentiality of your account credentials.
6. Your Rights & Choices
6.1 Access & Portability
You may access and export your scan data and audit defense logs at any time through the dashboard. You may also request a copy of all personal data we hold about you by contacting us at privacy@bidshieldada.com.
6.2 Correction
You may update your account information at any time through your account settings. If you believe any information we hold about you is inaccurate, you may contact us to request correction.
6.3 Deletion
You may request deletion of your account and associated personal data by contacting us at privacy@bidshieldada.com. Upon receiving a verified deletion request, we will delete or anonymize your data within 30 days, subject to the retention exceptions described in Section 4.
6.4 Opt-Out of Communications
You may opt out of non-essential email communications at any time by clicking the "unsubscribe" link in any marketing email or by contacting us directly. Note that transactional emails related to your account or purchases cannot be opted out of.
7. State-Specific Privacy Rights
7.1 California Residents (CCPA/CPRA)
If you are a California resident, you have the right to know what personal information we collect, use, and disclose, request deletion of your personal information, opt out of the sale or sharing of your personal information (we do not sell or share personal information as defined by the CCPA), and not be discriminated against for exercising your privacy rights.
To exercise these rights, contact us at privacy@bidshieldada.com. We will verify your identity before fulfilling any request. You may also designate an authorized agent to submit a request on your behalf.
7.2 Virginia, Colorado, Connecticut, Utah & Other State Privacy Laws
Residents of states with comprehensive privacy laws (including the VCDPA, CPA, CTDPA, and UCPA) may have additional rights, including the right to access, correct, delete, and obtain a portable copy of personal data, and the right to opt out of targeted advertising, sale of personal data, or profiling. We do not engage in targeted advertising, sale of personal data, or automated profiling that produces legal effects. To exercise any applicable rights, contact us at privacy@bidshieldada.com.
8. International Users
BidShield ADA is operated from the United States. If you access the Service from outside the United States, you understand and consent to the transfer, storage, and processing of your data in the United States and other countries where our service providers operate. We will take reasonable steps to ensure your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed.
If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland and the General Data Protection Regulation (GDPR) applies to you, our legal basis for processing your personal data is typically the performance of a contract (providing the Service you requested), our legitimate interests (improving the Service, preventing fraud), and your consent (where explicitly provided, such as for marketing emails). You may exercise your rights under the GDPR — including access, rectification, erasure, restriction, data portability, and objection — by contacting us at privacy@bidshieldada.com.
9. Children's Privacy
The Service is designed for business professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal information from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at privacy@bidshieldada.com.
10. Third-Party Links
The Service may contain links to third-party websites, including the URLs you submit for scanning. We are not responsible for the privacy practices or content of those third-party sites. We encourage you to review the privacy policies of any website you visit. Scanning a URL through our Service does not imply any affiliation with or endorsement of the scanned website.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page with a revised "Effective Date" and, where appropriate, by sending an email notification to the address associated with your account. Your continued use of the Service after the effective date of any updated policy constitutes your acceptance of the revised terms.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us at: