Privacy Policy
Effective July 01, 2026 · HandyBid is a product of Bristol-Jones Group, LLC · Nashville, TN.
This Privacy Policy explains what information HandyBid (the “Service”, “we”, “us”) collects about you, how we use it, exactly who we share it with, what we don’t share, and the controls you have over your data. It applies to the website at handy.bid, our mobile apps, and all related services. By using HandyBid you agree to the terms in this policy.
1. Information We Collect
a) Account information you give us
- All users: full name, email address, phone number (optional), city/state/ZIP, password (stored as a one-way hash — we never see your plaintext password).
- Contractors: business name, services offered, short bio, self-reported licensing / insurance / bonding / certifications, optional verification documents uploaded for our Verified-Pro program.
- Homeowners: the jobs you post (title, description, category, location, budget range, timeline, optional “before” photos and videos).
b) Information generated as you use the platform
- Bids you place, messages you exchange, reviews you write or receive, ratings, dimension surveys.
- Job-completion media (contractor “before” and “after” photos and videos required for completion).
- Notifications, in-app activity, login timestamps, failed-login counters used to prevent abuse.
- Stripe transaction IDs, subscription status, refund records (we never see or store your full card number — see Section 4).
c) Technical and device information
- IP address, user-agent, request logs (security + debugging).
- For SMS reminders only: timestamp + IP of your TCPA opt-in (audit record, retained even after you opt back out).
- Mobile push-notification device tokens (if you grant the OS prompt in our mobile app).
d) Information we derive
- Latitude/longitude coordinates resolved from your ZIP code (used for the alert-radius matcher and local rankings).
- Average rating, review count, ranking percentiles (computed from public reviews on the platform).
- Aggregate “late-selection” ratio used to enforce the homeowner selection-deadline policy.
2. How We Use Your Information
- Operate the marketplace — show your jobs to matching contractors, deliver bids, route in-platform messages, generate the Service Agreement PDF on acceptance.
- Compute local/regional/national rankings on profiles (Section 1d).
- Process payments through Stripe for paid subscriptions ($20/mo Verified Pro, $20/mo paid Alerts) and the $20 emergency-broadcast fee. Posting a job is free for homeowners — there is no per-post or monthly post fee. HandyBid does not hold or transmit funds between homeowners and contractors for the work itself — payment for the job is always direct between the two parties.
- Send transactional notifications (verification, password reset, bid accepted, contract delivery, payment receipts, selection-deadline reminders, suspension notices) via email and in-app.
- Enforce platform policies — rate-limiting, account lockout, fraud detection, anomaly monitoring, and the auto-suspension policies described in our Terms of Service.
- Comply with the law (tax records, lawful process, anti-fraud).
- Improve the product — aggregate, anonymized usage analytics. We do not perform automated decision-making with legal effects on you.
3. What We Share With Other Users on the Platform
The bidding flow is designed so contractors can’t reach you directly until you choose them. Here is exactly what is visible to whom at each stage:
| Stage | Contractor sees | Homeowner sees |
|---|---|---|
| Open job posted | Job title, description, category, location (city/ZIP), timeframe, eligibility flags, “before” media. Homeowner shown only as “First name + last initial.” No email, no phone, no last name, no budget range. | All bids on the job; contractor business name, profile, reviews, credentials, rating, location. |
| Bid submitted | Same as above. Bid amount feedback: accepted / rejected / outside-range (without revealing budget). | New bid + contractor identity + a real-time alert (in-app + email if opted in). |
| Bid clarification Q&A | Public Q&A is posted anonymously — bidder identity is internal-only, surfaced to HandyBid admins for moderation. | The anonymized question only; homeowner’s answer is posted publicly to all bidders. |
| Bid accepted | Homeowner full name, email, phone, location revealed in the Service Agreement PDF emailed to both parties. | Contractor contact info revealed in the same PDF. |
| Job completed | Homeowner’s review (with the homeowner’s first name + last initial) is visible to anyone viewing the contractor’s public profile. | Contractor’s review of the homeowner is visible only on the homeowner’s profile to logged-in users. |
4. Third-Party Service Providers We Share Data With
We use a small number of vendors to deliver the Service. Each only receives what they need to perform their function:
| Provider | Purpose | Data sent |
|---|---|---|
| Stripe, Inc. | Payment processing for HandyBid subscriptions and one-time fees (Verified Pro $20/mo, paid Alerts $20/mo, emergency boost $20). Homeowner posting is free. | Name, email, billing address you enter into Stripe Checkout. HandyBid never receives or stores your full card number — Stripe collects it directly and returns only a customer ID + transaction ID to us. |
| SendGrid (Twilio) | Sends transactional email (verify, reset, contract delivery, bid notifications, suspension notices, digests). | Recipient email address, subject, plaintext + HTML body, optional PDF attachment (the signed Service Agreement). |
| Render, Inc. | Hosts the HandyBid web service, managed Postgres database, and scheduled cron jobs in their US-region data centers. | All HandyBid data at rest and in transit through their infrastructure (encrypted in transit; database encrypted at rest). |
| Cloudflare, Inc. | DNS, edge-SSL termination, and basic DDoS protection for the handy.bid domain. | Connection metadata (IP, user-agent, request URL) for traffic that traverses Cloudflare’s edge. |
| Google LLC | Search-engine indexing of public job postings (sitemap submission + optional Indexing API). Helps homeowners find their own listings and helps contractors discover open work through Google Search and Google Jobs. | Public job URLs and the structured JobPosting schema on each (title, description, location, budget range, timeframe). No private data — only what is already visible on the public job page. |
| pgeocode | Resolves US ZIP codes to latitude/longitude for the alert-radius matcher and local rankings. | Runs locally inside our infrastructure on an offline dataset; no data is sent to a third party for this lookup. |
| Apple App Store / Google Play | Mobile app distribution and OS-level push-notification delivery. | Device push token (anonymous identifier from your OS) when you install the HandyBid mobile app and grant push permission. |
5. What We Never Share
- We never sell your personal information. Period. No data brokers, no “partner” lists, no “monetize-the-graph” arrangements. Our revenue comes from transparent subscription and fee billing through Stripe.
- We never share your contact info with contractors before you accept their bid. Pre-acceptance, bidders see only your first name and last initial — no email, phone, full name, or budget. This is hard-coded into the platform.
- We never share your bid range with bidders. Budget min/max is used internally to filter or reject bids; the number is never displayed to or revealed to contractors.
- We never share clarification-question askers’ identity with the homeowner or other bidders. Questions are visible publicly as “Anonymous bidder.”
- We never share your password, hashed or otherwise, with anyone for any reason.
- We do not engage in cross-context behavioral advertising as defined by CPRA. We do not place advertising trackers.
6. Disclosures Required by Law
We may disclose information when we have a good-faith belief it is required to: (a) comply with a valid subpoena, court order, or other legal process; (b) protect the rights, property, or safety of HandyBid, our users, or the public; (c) investigate fraud, abuse, or violations of our Terms of Service; or (d) cooperate with law enforcement to the extent the law requires. Where the law permits, we will notify you before disclosing your data.
7. International Data Transfers
HandyBid is operated from and stores data in the United States. If you access HandyBid from outside the US, your data is transferred to the United States for processing. We rely on Standard Contractual Clauses (SCCs) with our processors where applicable for transfers from the EU/UK/EEA.
8. Your Rights and Choices
- Access and correction — edit your profile at any time in Settings.
- Deletion — delete your account from Settings → Delete account. We remove your personal data; anonymized transaction records may be retained where law requires.
- Notification preferences — toggle email vs. in-app per event in Settings.
- Alert delivery — contractors can toggle email vs. in-app vs. both on the Alerts page.
- GDPR/UK-GDPR (EU/UK residents) — rights to access, rectify, erase, restrict, port, and object; the right to lodge a complaint with your supervisory authority. Email support@handy.bid with “GDPR request” in the subject.
- CCPA/CPRA (California residents) — rights to know, delete, correct, opt-out of sale/sharing (we do not sell or share for cross-context behavioral advertising), and limit use of sensitive personal information. Submit a verifiable request to support@handy.bid. We do not discriminate against you for exercising these rights.
- Other US state laws — residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have similar rights; contact us as above.
9. Data Retention
We retain your data only as long as your account is active or as needed to provide the Service. After account deletion we remove personal data within 30 days, except: (a) transaction records we are legally required to keep (typically 7 years for tax); (b) review content you wrote (the review remains visible on the counterparty’s profile, with author attribution removed); (c) anonymized records used for fraud prevention and platform analytics.
10. Security
All traffic to HandyBid is served over HTTPS. Passwords are stored as one-way hashes (Werkzeug PBKDF2). Sensitive routes are CSRF-protected. We enforce rate limiting, account lockout after repeated failed logins, security headers (CSP, HSTS, X-Frame-Options), and least-privilege database access. The Render-managed Postgres database is encrypted at rest. No system is perfectly secure, and we cannot guarantee absolute security; if we become aware of a data breach affecting your personal data, we will notify you and the relevant authorities as required by law.
11. Children
HandyBid is not directed to children under 13 and we do not knowingly collect personal information from anyone under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.
12. Changes to This Policy
We may update this policy. Material changes will be communicated by email and announced in-app at least 7 days before they take effect. Continued use of HandyBid after the effective date constitutes acceptance.
13. Contact
Privacy questions, data requests, or breach notifications:
Bristol-Jones Group, LLC — operator of HandyBid
Nashville, TN, USA
Email: support@handy.bid
This Privacy Policy reflects HandyBid’s current practices. It is not legal advice. Have it reviewed by counsel for the jurisdictions you operate in (especially GDPR, CCPA/CPRA, and other US state-law equivalents) before relying on it for compliance audits.