Privacy Policy
How Bidspot collects, uses, and protects your information.
Last updated: May 2026
Overview
Bidspot ("we", "us", or "our") operates an AI-powered procurement service accessible via WhatsApp and our web application at app.usebidspot.com. This Privacy Policy explains what data we collect, why we collect it, and how we handle it.
By using Bidspot you agree to the practices described here. If you do not agree, please stop using the service.
Data We Collect
Account & contact data
- — Email address (used for sign-in via OTP)
- — WhatsApp phone number (when you link it to your account)
- — Display name, job title, company (optional, for supplier outreach profiles)
Usage & search data
- — Product search queries and chat messages you send
- — Search results, generated reports, and offer selections
- — Usage counts against your plan limits
Browser Connector data (optional)
- — A secure authentication token stored locally in chrome.storage.local
- — Marketplace page HTML fetched on your behalf and transmitted in memory — never stored
Technical data
- — Standard server logs (IP address, timestamps, HTTP status codes)
- — Error and performance telemetry to operate the service reliably
What We Do Not Collect
- — We do not access, read, or store your personal browsing history.
- — We do not access cookies, passwords, or form data from your personal sessions.
- — We do not sell your data to third parties.
- — We do not use your data to train our own models. Third-party AI providers process data under their own terms and privacy commitments.
- — We do not store marketplace page HTML — it is passed through memory and immediately discarded.
How We Use Your Data
- — To authenticate your account and manage your session
- — To run product searches and generate procurement reports on your behalf
- — To track your usage against your subscription plan limits
- — To send transactional messages (OTP codes, search results, notifications via WhatsApp)
- — To improve service reliability and debug errors
Data Storage & Security
Our primary application database is hosted in the European Union. We apply row-level security so each user can only access their own records.
— All data in transit is encrypted via HTTPS / WSS.
— Browser Connector tokens expire after 1 year and can be revoked instantly from your account settings.
— Generated reports expire automatically after a configurable TTL and become inaccessible.
Third-Party Services
We use the following sub-processors to operate the service:
Each sub-processor operates under its own privacy policy. Some providers may process data outside the EU/EEA under applicable transfer safeguards. We do not share your data with unrelated third parties.
Data Retention
- — Account data is retained while your account is active.
- — Chat messages and search history are retained to maintain conversation context.
- — Public reports expire after their configured TTL (typically 30 days).
- — You may request deletion of your account and all associated data at any time by emailing privacy@usebidspot.com.
Your Rights
Depending on your jurisdiction you may have the right to:
- — Access the personal data we hold about you
- — Correct inaccurate data
- — Request deletion of your data
- — Object to or restrict certain processing
- — Export your data in a portable format
To exercise any of these rights, contact us at privacy@usebidspot.com.
Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify you via email or in-app message. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
Questions about this policy? Reach us at privacy@usebidspot.com.