Privacy Policy

Effective 2026-04-29 · Last updated 2026-04-29

Plain-English summary: we collect what's needed to run a sealed-bid marketplace — your account info, the jobs you post or bid on, payment metadata Stripe gives us, and basic analytics. We don't sell data. Contractors see job listings; nobody else sees your contact info unless you award them the bid.

1. Who we are

TaskBidder ("we", "us") operates the platform at taskbidder.io. Questions or requests about your data: hello@taskbidder.io.

2. What we collect

Account info (Firebase Authentication)

Email address
Display name and profile photo (when you sign in with Google or Apple — you can edit/clear after sign-up)
Phone number (only if you choose phone sign-in)
Authentication tokens (handled by Firebase; we never see your password)

Profile data

Role (homeowner or contractor) and a short bio
For contractors: state license URL, license state, and verification status
Service-area locations (free-text list of cities/zips/neighborhoods you cover)

Job and bid data

Job titles, categories, descriptions, and the location free-text you provided
Photos you upload to a job
Bid amounts, timelines, and messages
Reviews and ratings — visible to other platform users

Payment metadata

We use Stripe to process payments. We never see or store your full card number; Stripe sends us a customer ID, payment intent ID, and the dollar amount
For paid AI Estimate Reports: the photos and description you submit are sent to Google Gemini's vision API (free tier) to generate the complexity score; results are stored on your account

Analytics and infrastructure

Vercel Analytics — anonymous page views, no IP retention. Captures: clicks on sign-in, estimator interactions, FAQ opens.
Vercel Speed Insights — Core Web Vitals (LCP, INP, CLS) measured on your device; no PII.
Server logs at Fly.io for debugging — automatically rotated.

Cookies / local storage

Firebase auth session (so you stay signed in)
A small "intended role" hint stored in browser localStorage during sign-up (cleared after onboarding)
Vercel Analytics' first-party tracking pixel (no third-party tracking)

3. How we use it

To run the marketplace — match homeowners with bidding contractors, deliver notifications, process payments
To generate fair-price estimates (free and paid tiers) using your category, scope, and (for paid reports) photos
To verify contractor licenses and surface verification status to homeowners
To detect abuse — repeated low-quality bids, fake reviews, fraudulent verification submissions
To improve the product — aggregate usage patterns, never tied to individual identifiable data in our analytics dashboards

4. Who we share it with

Other users on the platform — your name, photo, ratings, and posted jobs are visible to relevant counterparties (a homeowner sees a contractor's profile when they bid; a contractor sees a job's title/description/photos when they bid). Contact information (email, phone) is NOT shared until you award a bid or open a chat thread.
Stripe — for payment processing. Stripe's privacy policy applies to the card info you enter on Stripe Checkout.
Resend — for transactional email (job-won, bidding-ended, etc.). Resend sees your email address and the message body. Resend's privacy policy.
Google Gemini (for paid AI Estimate Reports only) — your category, condition, description, and photos are sent to Google's vision API to generate the complexity score. Google states they don't use Gemini API content to train their models for free-tier and paid users. Gemini API terms.
Firebase (Google) — for authentication. Firebase privacy.
Vercel — for hosting the marketing site and serving the JS bundle. Vercel privacy.
Fly.io — for hosting the API server and database. Fly.io privacy.
Law enforcement — only when legally required, and only the minimum necessary to comply with the request.

We do not sell your data, share it with advertisers, or use it for cross-site tracking.

5. Your rights

You can:

Access — see all data we have on you. Email hello@taskbidder.io.
Correct — update your profile fields directly in the app, or email us.
Delete — request account deletion. We'll remove your profile, jobs, bids, and reviews within 30 days. Stripe payment records are retained as required by U.S. tax law (typically 7 years).
Export — request a JSON dump of your data.

If you're in California (CCPA), the EU/UK (GDPR), or another jurisdiction with similar rights, those apply.

6. Data retention

We retain your account data while your account is active and for 30 days after deletion (so we can reverse accidental deletions). Stripe / accounting records are retained as required by tax authorities (U.S.: 7 years).

7. Security

TLS in transit (HTTPS-only via Fly + Vercel). Auth tokens are short-lived JWTs verified server-side. Database lives on a Fly volume in us-east; backups are taken automatically. No system is unhackable, but we follow standard practice and we don't store payment card details ourselves.

8. Children

TaskBidder is not directed at people under 18. If you're a parent and believe your child created an account, email hello@taskbidder.io and we'll delete it.

9. Changes

If we make material changes (new third-party processors, new data categories), we'll notify active users by email at least 14 days in advance. The "Last updated" date at the top reflects the most recent revision.

10. Contact

Email: hello@taskbidder.io
Or use the in-app help link once you're signed in.