Privacy Policy
KestrelBid — operated by BPRM Holdings LLC
Overview
BPRM Holdings LLC (“we,” “our,” or “us”) operates KestrelBid (“Service”). This Privacy Policy explains what information we collect, how we use it, and your choices. We keep it short and plain because we're contractors too — nobody has time for 40 pages of legalese.
1. Information We Collect
Account Information
When you create an account, we collect your email address, name, company name, and trade type. This is used to set up your account and personalize your proposals.
Proposal Data
We store the job descriptions you enter, the proposals generated, your company branding (logo, colors, payment terms), and any attachments you upload. This data lives in your account and is used to generate and deliver proposals.
Usage Data
We collect information about how you use the Service: pages visited, features used, proposal counts, session duration, and similar analytics. This helps us understand what to build next.
Payment Information
Billing is handled by Stripe, Inc. We do not store your full credit card number or bank account details. Stripe provides us with a payment token and basic billing info (last 4 digits, card type, billing address). See Stripe's Privacy Policy for details on how Stripe handles payment data.
Device and Technical Data
We may collect your IP address, browser type, operating system, and device type for security, performance monitoring, and error tracking purposes.
2. How We Use Your Information
We use collected information to:
- Provide, operate, and improve the Service
- Generate proposals using AI (your job descriptions are sent to Anthropic's API)
- Process billing and manage your subscription
- Send transactional emails (e.g., email verification, proposal delivery notifications)
- Monitor for errors and performance issues
- Understand usage patterns to prioritize product development
- Respond to support requests
- Comply with legal obligations
We do not sell your personal data to third parties. We do not use your proposal content to train AI models without your explicit consent.
3. Data Storage
Your account data, proposals, and user settings are stored in a PostgreSQL database managed by Supabase, Inc. Data is hosted on AWS infrastructure in the United States. Supabase encrypts data at rest and in transit.
See the Supabase Privacy Policy for details on their data practices.
4. Third-Party Services
We use the following third-party services to operate KestrelBid. Each has their own privacy policy:
Processes job descriptions to generate proposals. Your job description text is sent to Anthropic's API to produce proposal content. Anthropic does not use API inputs to train models.
Handles all payment processing, subscription management, and billing portals.
Provides database hosting, authentication, and file storage.
Sends transactional emails (verification, proposal notifications, billing receipts).
Product analytics — we use PostHog to understand feature usage patterns. We configure PostHog to avoid capturing personally identifiable information.
Error and performance monitoring. When the app encounters an error, Sentry captures a stack trace and basic context. We configure Sentry to scrub sensitive fields.
5. Cookies and Tracking
We use session cookies and authentication tokens to keep you logged in. We do not use third-party advertising cookies or tracking pixels. PostHog may set a first-party analytics cookie to track anonymous usage sessions.
You can block cookies in your browser settings, though this may prevent the Service from functioning correctly.
6. Data Retention
We retain your account data and proposals for as long as your account is active. If you cancel your account, we retain your data for 30 days to allow for export. After 30 days, your data is permanently deleted from our systems.
Billing records may be retained longer as required by applicable law or tax regulations.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and associated data
- Portability: Request an export of your proposals and account data
- Opt-out of analytics: Disable PostHog tracking by contacting us
California residents (CCPA):You have the right to know what personal information we collect, to request deletion, and to opt out of any “sale” of personal information. We do not sell personal information as defined by the CCPA.
Other U.S. state laws: We honor substantially similar rights for residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy legislation.
To exercise your rights, email privacy@kestrelbid.com. We will respond within 30 days.
8. Security
We implement reasonable technical and organizational measures to protect your data, including TLS encryption in transit, encrypted database storage, and access controls. No system is 100% secure. If we become aware of a breach affecting your data, we will notify you as required by applicable law.
9. Children's Privacy
KestrelBid is a professional B2B tool intended for adults running contracting businesses. We do not knowingly collect personal information from anyone under 18 years old. If you believe a minor has provided us personal data, contact us at privacy@kestrelbid.com and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. For material changes, we will notify you by email or by posting a notice in the Service at least 14 days before the changes take effect. The “Last updated” date at the top indicates when this policy was last revised.
11. Contact
For privacy-related questions, requests, or concerns:
BPRM Holdings LLC
Operating as KestrelBid
Email: privacy@kestrelbid.com