# BidNest Privacy Policy (Interim Launch Draft) _Last updated: 2026-03-15_ > **Important disclaimer:** Interim operational draft for launch planning. **Not legal advice.** Requires licensed counsel review. ## 1. Scope This Privacy Policy explains how BidNest collects, uses, stores, and shares personal data in connection with marketplace operations. ## 2. Data We Collect - Account and identity data (name, email, phone, role) - Contractor business information (licenses, insurance, service areas) - Project and bid data (descriptions, photos, location attributes) - Payments metadata and transaction records (not full card details) - Product usage analytics (events, page flow, attribution) - Communications and support interactions - Device/network security signals (IP, user-agent, timestamps) ## 3. Why We Process Data - Operate project posting, matching, and bid workflows - Support trust and safety checks - Prevent fraud/abuse and enforce policy - Analyze conversion and product performance - Improve scope quality, matching quality, and platform intelligence (including AI-assisted product features) - Process billing, payouts, and compliance records - Send service and marketing communications (where permitted) ## 4. Legal Bases (Jurisdiction-dependent) BidNest may rely on contract necessity, legitimate interest, legal obligation, and consent depending on jurisdiction and processing purpose. ## 5. Sharing and Disclosures BidNest may share data: - With service providers (hosting, analytics, payments, email) - Between marketplace participants as needed to deliver services - For legal requests, fraud prevention, and rights protection - In mergers, acquisitions, financing, or business transfers BidNest does not sell personal information for third-party ad resale. ## 6. Cookies, Local Storage, and Analytics BidNest uses cookies/local storage and event tracking for authentication, UX continuity, performance analytics, and conversion optimization. ## 7. Data Retention Retention periods vary by data class and may be extended for dispute support, tax/accounting obligations, safety investigation, and legal compliance. ## 8. Security BidNest applies layered administrative, technical, and organizational safeguards aligned to industry best practices, including encryption in transit, encryption at rest for sensitive systems, least-privilege access controls, and access logging for high-risk operations. No method of transmission/storage is 100% secure. ## 9. Your Rights and Controls Depending on law, users may request access, correction, deletion, data portability, processing restrictions, and marketing opt-outs. Users may also control notification preferences (for example SMS, email, or both for supported transactional events) in account settings. Requests are subject to identity verification and legal exceptions. ## 10. Children BidNest is not intended for children under 13 (or equivalent jurisdictional age threshold). ## 11. International Transfers Data may be processed in the US and other countries where providers operate, subject to lawful transfer mechanisms where required. ## 12. Policy Changes BidNest may update this policy and post a revised date. ## 13. Contact Privacy requests mailbox: **TODO (domain privacy inbox + process owner)**. --- ## Attorney Review TODOs (Must-finalize before scale) 1. CCPA/CPRA and US state privacy right language and request workflow details. 2. GDPR/UK GDPR lawful basis matrix + DPA controller/processor clarification. 3. Cookie consent framework and non-essential tracker controls. 4. Data retention schedule by table/event class. 5. Security incident notification policy and regional deadlines.