Privacy Policy

How Bid Reasoner collects, uses, and protects information. Last updated: June 1, 2026.

Draft for review. This Privacy Policy is a working draft shared for transparency during our pilot. It has not yet been reviewed by legal counsel; Bid Reasoner, Inc. will finalize it before general availability. Questions: alex@bidreasoner.com.

Bid Reasoner is an AI-assisted subcontractor-bid management platform for heavy-civil general contractors (GCs). This policy explains what information we handle when you use the web app at app.bidreasoner.com, including the subcontractor portal, and the choices you have. We designed the product to keep each customer's data isolated and to put AI work behind human review.

1 · Who we are

Bid Reasoner is operated by Bid Reasoner, Inc. ("Bid Reasoner", "we", "us"). For any privacy question or request, contact us at alex@bidreasoner.com. For our customers (GCs), Bid Reasoner acts as a service provider / processor of the bid information you and your invited subcontractors submit; you remain the controller of that information.

2 · Scope

Bid Reasoner is a business-to-business tool. Two kinds of people use it:

  • GC team members — your company's estimators, precon managers, and admins who manage projects, packages, and awards.
  • Invited subcontractors — companies a GC invites to bid, who use the sub portal to view a package and submit a quote.

3 · Information we collect

  • Account & contact data. Name, work email, company name, and role, plus your hashed password (GC accounts). Subcontractors sign in through a secure link and don't set a password.
  • Documents & bid content you upload. Owner documents (drawings, specs, addenda, contracts), subcontractor proposals, scope sheets, and required compliance documents. These may contain pricing, schedules, exclusions, and the names and contact details of the people who prepared them.
  • Communications. Clarification questions and answers, invitation emails, and bids you forward to us by email so we can match and file them.
  • Usage & log data. Standard server logs (IP address, timestamps, pages and actions, browser type) used to operate, secure, and debug the service.

4 · How we use information

We use the information above to:

  • Provide the service — read and normalize bids against your scope, surface risk, and produce comparisons, recommendations, and award documents.
  • Send transactional email — invitations, sign-in links, clarification and award notifications, and security alerts.
  • Keep the service secure and reliable — authentication, rate limiting, abuse and error monitoring, and backups.
  • Provide support and comply with legal obligations.

We do not sell personal information, and we do not use your documents or bid content to advertise to you.

5 · AI processing

To read documents and analyze bids, Bid Reasoner sends the relevant content to our AI provider, Anthropic, through its API. A few points about how that works:

  • Content sent through the Anthropic API is not used to train their models.
  • AI output is decision-support: every extracted field and recommendation is labeled and reviewable by a human, and an optional approval gate can require sign-off before extraction.
  • Deterministic, rule-based checks run locally and are not sent to the AI provider.

6 · Subprocessors

We rely on a small set of vetted third parties to run the service. Each receives only the data needed for its function:

ProviderPurpose
SupabaseDatabase & private file storage
RenderApplication hosting
AnthropicAI document reading & bid analysis
PostmarkTransactional email delivery
SentryError monitoring (when enabled)

We'll keep this list current as our infrastructure changes. Contact us for the latest details.

7 · How we share information

  • Tenant isolation. Each GC's data is siloed. Other GCs cannot see your projects, documents, or bids. A subcontractor only sees the invitations sent to them — never another sub's pricing or another GC's documents.
  • With your direction. When you award a package or send notifications, we deliver the messages and documents you choose to the recipients you choose.
  • Subprocessors as listed above, and legal compliance where required by law or to protect rights and safety.
  • We do not sell or rent personal information.

8 · Cookies

Bid Reasoner uses only essential cookies — a signed session cookie to keep you logged in and a token that protects forms against cross-site request forgery (CSRF). We do not use advertising or third-party tracking cookies, so there is no tracking to opt out of. Your browser also stores a small preference for light/dark theme.

9 · How we protect information

  • Encryption in transit (HTTPS, with HSTS) and passwords hashed with argon2.
  • Strict tenant isolation, access controls, and audit logging of administrative actions.
  • Account-lockout on repeated failed logins, optional two-factor authentication for administrators, and rate limiting.
  • Files are stored in private storage and served only through authenticated, tenant-scoped routes; uploads can be scanned for malware.

No system is perfectly secure, but we work to protect your information using industry-standard safeguards.

10 · Retention & deletion

We keep account and project information for as long as your account is active and as needed to provide the service. You can ask us to delete your data, and we will do so unless we're required to retain it for legal or legitimate business reasons. For customers, we honor data-handling and deletion terms in your agreement with us.

Self-service deletion. A workspace admin can delete the account from Settings › Account. We use a 30-day grace period: the workspace is marked for deletion and can be restored at any time during those 30 days, after which it and all associated data — projects, bid packages, uploaded documents, submitted bids, and AI/usage records — are permanently and irreversibly deleted, including the underlying files in our storage. If your workspace has multiple members, deleting your own account removes only your access; the shared workspace remains for your teammates.

We retain a minimal administrative audit log of security-relevant actions (including the deletion itself) where required for legal, security, or compliance reasons; this log does not contain your project content.

11 · Your rights & choices

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, or to object to certain processing. To make a request, email alex@bidreasoner.com. If your data was provided to us by a GC (for example, as part of a bid invitation), we may direct your request to that GC, who controls that information.

12 · Children & where data is processed

Bid Reasoner is a workplace tool intended for businesses and is not directed to children under 16. We operate in the United States, and your information is processed and stored on infrastructure located in the United States.

13 · Changes & contact

We may update this policy as the product evolves. Material changes will be reflected by a new "last updated" date, and we'll notify customers where appropriate. Questions or requests: alex@bidreasoner.com.

See also our Terms of Service.