Privacy Policy

This Privacy Policy describes how Leads Group LLC, doing business as Biid ("Biid," "we," "us," or "our"), a Florida limited liability company, collects, uses, shares, and protects your personal information when you use the Biid mobile application and related services (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

We collect the following categories of information:

Account Information When you create an account, we collect your phone number or email address (depending on your chosen sign-in method), and optionally your display name and profile photo.

Customer Profile Information If you use the Service as a Customer, you may provide: display name, bio, preferred contact method (phone or email), and address.

Contractor Profile Information If you use the Service as a Contractor, you may provide: company name, license number, insurance status, background check status, years of experience, specialties, bio, service area location (including city/area name and geographic coordinates), hourly rate, pricing ranges, and company logo.

Project Information When you create a project, we collect: project title, description, location (including address or area name and geographic coordinates), budget range, material requirements, category information, scheduling preferences, and project photographs.

Messaging Data When you use the messaging feature, we store the text content of messages, image attachments, message timestamps, and read receipt status.

Bid and Review Data We collect bid amounts, proposal descriptions, available dates, ratings (1-5 scale), and review text.

Device and Technical Information We automatically collect: a device identifier (vendor ID on iOS, Android ID on Android, or a randomly generated ID), your IP address and browser/app User-Agent string (recorded when you sign in), your Expo push notification token, and your device platform (iOS or Android).

Usage Information We record your account creation date, last active timestamp, and login events.

We collect information in the following ways:

Directly from you: When you register, create or edit a profile, post a project, submit a bid, send messages, leave reviews, or upload images.

Automatically: Your IP address and User-Agent string are recorded each time you sign in, for security and abuse prevention. A device identifier is generated locally on your device and sent with authentication requests for session management and rate limiting.

We do not use third-party analytics SDKs, crash reporting services, or advertising trackers. We have explicitly disabled email open and click tracking in our email service provider.

We use the information we collect for the following purposes:

Providing the Service: Matching Homeowners with Contractors, displaying project listings and profiles, facilitating messaging, and delivering push notifications about project updates, new bids, and messages.

Authentication and Security: Verifying your identity through SMS one-time passcodes or email magic links, managing login sessions with secure tokens, and applying rate limiting to prevent abuse.

Service Communications: Sending SMS messages for phone verification, email messages for account verification and magic link authentication, and push notifications for Service-related alerts.

Displaying User Content: Showing project listings, Contractor profiles, bids, proposals, and reviews to relevant users of the platform.

Background Processing: Automatically transitioning scheduled projects to active status, cleaning up expired authentication tokens, and removing abandoned draft projects.

With Other Users Certain information is shared with other users as part of the Service's core functionality: - Homeowners can see Contractor profiles, including company name, specialties, location, experience, ratings, and reviews. - Contractors can see project details, including title, description, location, budget range, and project photos. - Both parties in a conversation can see each other's messages and display names.

With Service Providers We share limited information with the following third-party service providers who help us operate the Service: - Twilio: Receives your phone number to deliver SMS verification codes. - Mailgun: Receives your email address to deliver authentication emails and service communications. We maintain mailing lists for service updates; you may unsubscribe at any time. - Google Cloud Storage: Stores images you upload (project photos, profile photos, chat images). Images are accessed via time-limited signed URLs. - Expo (React Native): Receives your push notification token and notification content (including message previews up to 120 characters) to deliver push notifications to your device.

We Do Not Sell Your Personal Information We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share your data with advertisers.

Legal Requirements We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

Your data is stored in a PostgreSQL database hosted on Google Cloud Platform. Uploaded images are stored in Google Cloud Storage and accessed through time-limited signed URLs that expire after a set period.

We implement the following security measures: - Authentication tokens are stored as SHA-256 cryptographic hashes on our servers; we never store raw tokens. - On mobile devices, authentication tokens are stored in Expo SecureStore, which uses the iOS Keychain and Android Keystore for encrypted storage. - For browser-based access, we use HttpOnly secure cookies with SameSite protections. - Rate limiting is applied to authentication endpoints to prevent brute-force attacks. - Refresh tokens use a rotation mechanism: each time a token is used, it is revoked and replaced with a new one.

While we take reasonable measures to protect your information, no method of electronic storage or transmission over the Internet is completely secure. We cannot guarantee absolute security.

We retain your information as follows:

Account Data: Retained for as long as your account is active. When you delete your account, your personal data is removed.

Contractor Profiles: When deleted, profiles are deactivated (soft-deleted) rather than permanently removed, to preserve the integrity of historical project and bid records. Deactivated profiles are not visible to other users.

Draft Projects: Abandoned drafts are periodically cleaned up.

Authentication Tokens: Expired and revoked refresh tokens are automatically deleted daily.

IP Address and Login History: Retained for security and abuse prevention purposes for the duration of your account.

Mailing List Subscriptions: Retained until you unsubscribe or request removal.

Messages: Retained while the conversation exists. When all participants leave a conversation, the conversation and all associated messages are permanently deleted.

You have the following rights and choices regarding your information:

Push Notifications: You can enable or disable push notifications at any time through the app settings.

Account Deletion: You can request deletion of your account through the app settings.

Profile Management: You can edit or update your profile information at any time.

Communication Preferences: You can control notification preferences within the app and unsubscribe from mailing lists via the unsubscribe link in any email.

California Residents (CCPA): If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale of your personal information (we do not sell your information); and (d) not be discriminated against for exercising your rights.

To exercise any of these rights, please contact us at leadership@biid.app.

We collect location information only when you voluntarily provide it:

- When you create a project, you provide the project location (address or area name, and optionally geographic coordinates). - When you set up a Contractor profile, you provide your service area location.

We may request access to your device's location services to help you fill in your location, but this is always initiated by you and requires your explicit permission.

We do not perform continuous, background, or passive location tracking. Your geographic coordinates are stored solely to display project and contractor locations and to calculate distances between them.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information. If you believe we have inadvertently collected information from a child under 18, please contact us at leadership@biid.app.

Browser Access: If you access the Service through a web browser, we use HttpOnly secure cookies solely for authentication session management. We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

Mobile App: The mobile app uses Expo SecureStore (encrypted device keychain) to store authentication tokens and AsyncStorage for non-sensitive preferences such as theme settings and notification preferences. These are stored locally on your device only.

We have provisioned the capability to use artificial intelligence services but do not currently use AI to process your personal data or make decisions that affect you. If we introduce AI-powered features in the future, we will update this Privacy Policy and notify you before any such features go into effect.

The Service does not currently use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this policy and notify you through the Service or by other reasonable means.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should stop using the Service and contact us to delete your account.

If you have any questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us at:

Leads Group LLC Email: leadership@biid.app