Privacy Policy
Last updated: July 8, 2026
This policy describes how Nexbid Systems (“we”, “us”) collects, uses, and shares information
in connection with Nexbid websites and services, including the Nexbid application at
app.nexbidsystems.com.
1. Information we collect
- Account data: name, email, organization, and credentials you provide when you sign up or are invited.
- Usage data: product interactions, device and log data, and diagnostics needed to operate and secure the service.
- Communications: messages you send to support or sales (for example via email).
- Invitation-to-bid (ITB) intake data: when you forward or BCC bid emails to Nexbid, or connect a mailbox (see Section 2), we process email content—including subject, sender, recipients, message body, and attachment metadata—to create and manage ITB records in your organization’s workspace.
-
Marketing site analytics: on
nexbidsystems.com, we use self-hosted Umami (not Google Analytics) to collect pages viewed, referrer, browser/device type, and approximate location (country derived from IP). We do not use advertising cookies for this; Umami uses a privacy-oriented identifier to distinguish visits.
2. Connected mailboxes (Google and Microsoft)
If you choose to connect Gmail or Microsoft 365 / Outlook in Nexbid Settings, you authorize Nexbid to access your mailbox on a read-only basis. This section describes how we handle that data. Nexbid’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What we access
-
Google (Gmail): with your consent, Nexbid requests the
https://www.googleapis.com/auth/gmail.readonlyscope. We read messages only from the single folder or label you select in Settings—not your entire Inbox or other mail you have not routed there. -
Microsoft (Outlook / Microsoft 365): with your consent, Nexbid requests
delegated
Mail.Readpermission and reads messages only from the single folder you select in Settings—not your Inbox or other folders you have not chosen. - For messages in your selected folder, we access headers (including Message-ID), subject, sender and recipient addresses, received date, message body (plain text and HTML where available), and whether attachments are present. We do not request broader mailbox permissions than needed for ITB intake.
- During connect, we also receive your account email address from the provider to display connection status and tie the mailbox to your Nexbid user.
How we use mailbox data
We use mailbox data solely to provide ITB intake features you can see and use in Nexbid:
- Detect invitation-to-bid and related emails in your selected folder or label.
- Extract project details (for example general contractor, project name, due dates, and links) into structured ITB records.
- Show inbound email context on ITB records for your organization’s users.
- Operate, secure, and troubleshoot the connected-mailbox sync service.
We do not use Google or Microsoft mailbox data to serve advertisements, sell data to data brokers, determine creditworthiness, or train generalized AI models unrelated to providing Nexbid’s ITB intake features.
How we store and protect mailbox data
- OAuth access and refresh tokens are stored encrypted at rest. Tokens are used only to maintain the mailbox connection you authorized.
- Message content needed for ITB processing is transmitted to Nexbid’s intake pipeline and stored in your organization’s workspace according to normal ITB retention. Raw mailbox copies in our intake infrastructure are retained only as long as needed to process messages and operate the service.
- Access to production data is restricted to authorized personnel and subprocessors under contractual safeguards.
Sharing of mailbox data
We do not sell or rent Google or Microsoft user data. We share mailbox-derived information only with subprocessors that help us host, operate, and support Nexbid (for example cloud infrastructure), subject to confidentiality and security obligations, or when required by law or to protect rights and safety. We do not transfer mailbox data to advertising platforms or information resellers.
Human access
Our employees, contractors, and agents do not read your mailbox messages except: (a) when you ask us to and give affirmative consent for a specific message or issue; (b) when necessary for security purposes (for example investigating abuse or a bug); (c) when required to comply with applicable law; or (d) when data is aggregated and used for internal operations in accordance with applicable legal requirements.
Your choices
Connecting a mailbox is optional. You can disconnect at any time in Nexbid Settings, which stops further sync and removes the connection from our systems. You may also revoke Nexbid’s access in your Google Account permissions or Microsoft account settings. Disconnecting does not automatically delete ITB records already created from prior messages; contact us if you need data removed.
3. How we use information
We use information to provide and improve the service, authenticate, communicate with you, secure our systems, comply with law, and fulfill the purposes described when we collect it.
4. Sharing
We share information with subprocessors that help us host, operate, and support the product (for example cloud infrastructure and email delivery), subject to contractual safeguards. We may disclose information if required by law or to protect rights and safety. We do not sell personal information.
5. Retention
We retain information as long as needed for the purposes above, including legal, accounting, and security requirements. Mailbox OAuth tokens are deleted when you disconnect. ITB and related intake records follow your organization’s use of the product and our data-retention practices for the service.
6. Your choices and rights
Depending on your location, you may have rights to access, correct, delete, or export certain data, or to object to or restrict certain processing. Contact us to exercise those rights.
7. Contact
Questions about this policy: [email protected].