Privacy Policy

BidChemist ("we", "our", "us") operates the BidChemist browser extension and the website at bidchemist.com. This policy describes what information we collect, how we use it, who we share it with, and the controls you have over it.

Information We Collect

Account information

When you sign up, we collect your email address and display name through Amazon Cognito to identify your account and issue authentication tokens. Passwords are stored as Cognito-managed salted hashes; we do not see them.

Content you submit through the browser extension

Each time you click Send to BidChemist inside Gmail, the extension reads and uploads the following from the specific email you selected:

• Attachments (e.g., PDF bid documents) — the complete file contents.
• Email body text — the plain-text and/or HTML body of the selected email and its thread, used to preserve context and to extract the conversation as part of the bid record.
• Email headers — sender address, recipient address, subject, message ID, thread ID, and date.

We only access email content when you explicitly select an email and press the extension's Send or View button. We do not passively scan, monitor, or index your inbox.

Bid data generated from your submissions

When you submit a bid, our AI pipeline extracts structured information (contractor company, contact name, contact phone, contact email, scope, exclusions, bid price, payment terms, expiration date, and confidence scores) and stores it alongside the original attachment.

Google User Data Disclosure

The BidChemist extension requests the Gmail API read-only scope (gmail.readonly) solely to read attachments, bodies, and headers from emails you explicitly choose to send to BidChemist.

• We do not use Google user data for advertising.
• We do not sell Google user data.
• We do not share Google user data with third parties, except with the cloud processing services listed below that are strictly required to provide you with the features of BidChemist.
• Humans do not read your Google user data except (a) with your explicit permission, (b) as necessary for security investigations, or (c) to comply with applicable law.

Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

How We Use Your Information

• Bid analysis. Attachments and email bodies are sent to AWS Bedrock (Anthropic Claude) to extract structured bid data and to produce a cleaned, de-duplicated conversation summary for display in your project.
• Project organization. Extracted bid data is stored under your user and project, grouped by trade and contractor.
• Report generation. You can generate an Excel report that summarizes bids for a project. Reports are delivered as browser downloads and, at your option, as SES email attachments to an address you specify.
• Authentication and account administration. Your email and display name are used for sign-in and for showing who created or modified a record.

Third-Party Services

• Amazon Web Services (AWS) — we host all BidChemist infrastructure (compute, storage, database, email delivery) in AWS, primarily in the US East (Ohio) region. This includes Lambda, Step Functions, DynamoDB, S3, SES, API Gateway, Cognito, and CloudFront.
• Amazon Bedrock / Anthropic Claude — attachments and email bodies are sent to Bedrock to run the AI extraction prompts. Per AWS Bedrock's terms, inputs and outputs are not used to train the underlying models and are not retained by the model provider after processing.
• Google Gmail API — requested with read-only scope, used only when you explicitly initiate a submission from the extension.
• Amazon SES — used to send bid reports to the email addresses you specify.

We do not use advertising networks, analytics SDKs, or trackers.

Data Storage and Security

• Data is encrypted in transit (TLS 1.2+) and at rest (S3 server-side encryption, DynamoDB managed encryption).
• Every record in DynamoDB is scoped by a tenant identifier derived from your account. No cross-tenant reads or writes are possible.
• Access to BidChemist APIs requires a valid Amazon Cognito ID token.
• The BidChemist website is served over HTTPS and protected by AWS WAF against common web attacks.

Data Retention and Deletion

• Retract a single submission. From the browser extension (inbox row or floating button), click Retract on any email you previously submitted. BidChemist permanently deletes the associated attachments, extracted bids, stored email body, and dedup records.
• Delete a single bid. From a project page, click the red ✕ on a contractor card to permanently delete that bid.
• Delete your entire account. Email us at the address below and we will delete all records tied to your user ID, typically within 7 business days.
• Automatic cleanup. When a new Excel report is generated for a project, BidChemist overwrites the previous report file rather than retaining multiple versions.

Your Rights

You may at any time request access to, correction of, export of, or deletion of your personal data by contacting us. If you reside in a jurisdiction that grants additional rights under laws such as the GDPR, CCPA, or CPRA, we will honor those rights in accordance with applicable law.

Children

BidChemist is a B2B tool for construction professionals and is not intended for use by children under 13. We do not knowingly collect data from children.

Changes to This Policy

If we make material changes to this policy, we will update the effective date at the top and, when appropriate, notify account holders by email.

Contact

For privacy questions, data requests, or account deletion, contact: philipvilkama+bidchemist@gmail.com