Back to Sign Up

Privacy Policy

Effective Date: February 7, 2026 · Last Updated: February 7, 2026

This Privacy Policy describes how Qubittron, Inc. (“Qubittron,” “we,” “us,” or “our”) collects, uses, stores, and shares information in connection with the MyBids.AI platform (the “Service”). This policy applies to all users of the Service, including Organization Administrators, Members, and visitors.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. This policy is incorporated into and subject to our Terms of Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Full name, email address, password (hashed), organization name, and role within your organization.
  • Organization Data: Company name, logo, team member profiles (names, titles, skills, certifications), and company profile information (service lines, capabilities, certifications, SLA history).
  • RFP Content: RFP documents you upload for analysis, including any attachments, clarification questions, and generated proposal content.
  • Knowledge Base: Documents, case studies, past proposals, technical specifications, and other materials you upload to your organization’s knowledge base.
  • Payment Information: Billing details are collected and processed by our payment processor, Stripe, Inc. We do not directly store credit card numbers or banking information.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, RFP generation counts, API call patterns, and interaction timestamps.
  • Device & Browser Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Device Fingerprint: We use FingerprintJS to generate a unique device identifier for fraud prevention, multi-account abuse detection, and security purposes. This fingerprint is derived from browser and device characteristics.
  • Log Data: Server access logs, error logs, and performance metrics.

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To operate, maintain, and provide the features of the Service, including AI-powered RFP analysis and proposal generation.
  • AI Processing: Your uploaded documents and knowledge base content are processed through our AI pipeline to generate proposal content. This involves transmitting content to third-party AI model providers for processing (see Section 4).
  • Organization Management: To facilitate multi-user collaboration, team management, and organization-wide data sharing within your workspace.
  • Billing & Payments: To process subscription payments, track usage against plan limits, manage overage billing, and prevent payment fraud.
  • Security & Fraud Prevention: To detect and prevent unauthorized access, multi-account abuse, automated bot activity, and other security threats using device fingerprinting and behavioral analysis.
  • Communication: To send transactional emails (account verification, team invitations, password resets, billing notifications) and, with your consent, product updates and announcements.
  • Analytics & Improvement: To analyze usage patterns (in aggregate) to improve the Service, fix bugs, and develop new features.

3. Data Sharing & Multi-Tenant Architecture

3.1 Within Your Organization. The Service is designed as a multi-tenant platform. All content uploaded by any member of your Organization (RFPs, knowledge base documents, team profiles, company information) is visible to and shared with all other members of the same Organization. Organization Administrators control membership and can add or remove members at any time.

3.2 Between Organizations. Data is strictly isolated between Organizations. Row-level security policies in our database ensure that members of one Organization cannot access data belonging to another Organization under any circumstances.

3.3 We do not sell personal information. We do not sell, rent, or trade your personal information or Customer Content to third parties for their marketing purposes.

4. Third-Party Service Providers

We engage the following categories of service providers to operate the Service:

ProviderPurposeData Shared
Supabase (AWS)Database hosting, authentication, file storageAll account and content data
Together.aiAI model inference (DeepSeek-V3, Qwen-72B, QwQ-32B), text embeddingsDocument content submitted for AI processing
Stripe, Inc.Payment processing, subscription managementBilling information, organization name, email
ResendTransactional email deliveryRecipient email addresses, email content
VercelApplication hosting, edge functions, CDNRequest logs, IP addresses
FingerprintJSDevice fingerprinting, fraud preventionBrowser/device characteristics, IP address

All service providers are contractually bound to process data only as necessary to provide their services and in accordance with applicable data protection laws.

5. Data Retention

  • Active Account: We retain your data for as long as your account is active and as needed to provide the Service.
  • Post-Termination: After account termination, Customer Content is available for export for 30 days, after which it is permanently deleted within 90 days.
  • Legal Requirements: We may retain certain data as required by law, regulation, or legitimate business purposes (e.g., billing records for tax compliance).
  • Aggregate Data: Anonymized aggregate data may be retained indefinitely for analytics and product improvement.

6. Data Security

We implement commercially reasonable security measures to protect your information, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256);
  • Row-level security (RLS) policies enforcing multi-tenant data isolation at the database level;
  • Role-based access controls with Admin and Member permissions;
  • Service-role key isolation (elevated database access restricted to server-side operations only);
  • Device fingerprinting for unauthorized access detection;
  • Regular security monitoring, logging, and incident response procedures.

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights & Choices

7.1 All Users

  • Access: You may access your personal information through your account settings.
  • Correction: You may update or correct your account information at any time.
  • Deletion: You may request account deletion by contacting us. Organization Admins may delete their Organization and all associated data.
  • Data Export: You may export your Organization’s data through the Service or by contacting us.
  • Marketing Opt-Out: You may opt out of marketing communications at any time. Transactional emails (billing, security alerts, invitations) cannot be opted out of.

7.2 European Economic Area (EEA) Residents

If you are located in the EEA, you have additional rights under GDPR:

  • Right to data portability (receive your data in a structured, machine-readable format);
  • Right to restrict processing;
  • Right to object to processing based on legitimate interests;
  • Right to lodge a complaint with your local data protection authority.

Our legal basis for processing personal data includes: performance of the contract (Terms of Service), legitimate interests (security, fraud prevention, service improvement), consent (marketing), and legal obligations (tax, compliance).

7.3 California Residents

California residents have additional rights under the CCPA/CPRA:

  • Right to know what personal information is collected, used, shared, and sold;
  • Right to delete personal information;
  • Right to opt-out of the sale of personal information (we do not sell personal information);
  • Right to non-discrimination for exercising your rights.

8. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
  • Functional Cookies: Remember your preferences and settings (theme, sidebar state).
  • Analytics Cookies: Help us understand how users interact with the Service to improve functionality.

We do not use third-party advertising or tracking cookies.

9. Children’s Privacy

The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information.

10. International Data Transfers

Your information may be transferred to and processed in the United States where our service providers are located. If you are located outside the United States, please be aware that your information will be transferred to, stored, and processed in a jurisdiction that may not provide the same level of data protection as your home country. By using the Service, you consent to such transfer.

For EEA users, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission as the legal mechanism for cross-border data transfers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to Organization Administrators at least 30 days before taking effect. The “Last Updated” date at the top of this policy indicates when the most recent revision was made. Continued use of the Service after any changes constitutes acceptance of the updated policy.

12. Contact Information

For privacy-related inquiries, data subject requests, or complaints:

  • Email: privacy@mybids.ai
  • Legal: legal@mybids.ai
  • Mail: Qubittron, Inc., Attn: Privacy Team, [Address]

We will respond to verified data subject requests within 30 days (or as required by applicable law).

This Privacy Policy is incorporated into and subject to our Terms of Service.