Privacy Policy

1. Who We Are

BidSimple is operated by Epoche Technical Solutions, LLC. This policy describes what data we collect, how we use it, and the choices you have. Questions: see the Contact section below.

2. Data We Collect

Account data: your name, email address, and a hashed password (we never store passwords in plain text).

Business data: your company profile, logo, services and rates, default contract terms, and business type.

Deal and document data: client names, emails, and companies you enter; deal briefs; the documents the Service generates; signature records (typed name, optional email, timestamp, and IP address for the audit trail); and document view events (timestamp, IP address, browser user agent).

Billing data: handled by Stripe. We store only your Stripe customer and subscription identifiers and plan tier — never card numbers.

Usage data: anonymous page analytics via Vercel Analytics (no cross-site tracking cookies).

3. How We Use Data

To operate the Service: generating documents, sharing them with your clients, collecting signatures, sending transactional email (share notifications, signature confirmations, password resets, team invitations), and billing.

Document generation sends your deal brief and company context to our AI provider (Anthropic) to produce the document text. This data is used to generate your output, not to train AI models.

We do not sell your data or use it for third-party advertising.

4. Service Providers

We use a small set of processors to run the Service: Vercel (hosting and analytics), Neon (database), Anthropic (AI document generation), Stripe (payments), and Resend (transactional email). Each receives only the data needed for its function.

5. Cookies

We use a single first-party authentication cookie to keep you signed in. It is httpOnly and expires after 30 days — or when you close your browser, if you uncheck “Keep me signed in” at login. We do not use advertising or cross-site tracking cookies.

6. Sharing With Your Clients

When you share a document, anyone with the link can view it and download its PDF until the link expires. Your client's signature details become part of the document's audit trail, and a copy of the signed document may be emailed to them if they provide an email address.

7. Data Retention and Deletion

Your data is retained while your account is active. Deleting your account (Settings → Billing → Danger zone) permanently deletes your account, company profile, deals, documents, and signature records, and cancels any active subscription. For Agency teams, deals created under the team are transferred to the account owner rather than deleted.

8. Security

Data is encrypted in transit (TLS) and at rest by our hosting providers. Passwords are hashed with bcrypt. Sessions use signed, httpOnly cookies. No method of transmission or storage is 100% secure, but we work to protect your data using industry-standard practices.

9. Your Rights

You can access and update your business data in Settings, export your documents as PDFs, and delete your account at any time. Depending on where you live, you may have additional rights (such as access, correction, or deletion requests) — contact us using the email in the Contact section below and we will honor applicable requests.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via the email address on your account or a notice in the Service.

11. Contact

Privacy questions and data requests: support@epochetechnicalsolutions.com (please mention BidSimple in your subject line).