Privacy Policy

This policy explains what data UpBidAI collects, how it is used, and your rights. We collect only what is necessary to deliver the service.

• Email address — login, verification, transactional communications
• Full name — display within the platform
• Password — stored as a bcrypt hash; never stored in plaintext
• Account type — Individual or Agency

• Professional title and services list (Individual users)
• Agency name, website, and services (Agency users)
• Portfolio items: title, description, tags, URLs, NDA flag, priority order
• Upwork profile URLs and display names

When using the extension on Upwork, the following is extracted and sent to our servers:

• Job data: Title, description, skills, budget, URL, UID
• Profile data: Name, title, overview, hourly rate, skills, work history, education, verified badge, Upwork UID
• Submission data: Proposal text submitted on apply pages (for your proposal history)

• Proposals generated, submitted, and recorded outcomes
• Token usage per AI operation
• Job match records and Win Chance scores
• Prompt presets, user ratings, and notes

All payment processing is handled by Paddle (Merchant of Record). UpBidAI does not receive or store your credit card or billing details.

• To provide the service: Portfolio content is vectorized to power AI proposal generation. Job data is processed for Win Chance scores.
• To personalize AI generation: Portfolio, profile title, and services are injected into proposal prompts.
• To send transactional emails: Verification, password reset, invitations, subscription updates.
• To improve the platform: Aggregated, anonymized usage patterns reviewed for AI and feature improvements.
• To enforce limits: Token quotas and plan limits enforced using usage data.

• OpenAI: Portfolio and job data sent for embedding and generation.
• Weaviate: Vector embeddings stored in our vector database.
• Paddle: Payment processing and billing. Merchant of Record.
• Redis / BullMQ: Internal job queues. No personal data permanently stored.
• SMTP / Email Provider: Transactional email delivery. Only name and email passed.

We do not sell your data. We do not use your data for advertising.

• Active accounts: data retained while account is active
• Deleted accounts: 30-day recovery window, then permanent deletion
• Vector embeddings: deleted when portfolio item is removed or account closed
• LLM usage logs: sanitized records (no proposal content) retained up to 12 months

You may have the right to access, correct, delete, or export your data, and to object to certain processing. Email support@upbidai.com. We respond within 30 days.

• Passwords hashed with bcrypt — never stored in plaintext
• All data in transit encrypted via HTTPS/TLS
• Extension API tokens in Chrome's encrypted local storage, not cookies
• Session tokens short-lived and revoked on logout
• Production access restricted to authorized UpBidAI personnel

UpBidAI is not directed at users under 18. We do not knowingly collect data from minors. Contact us if you believe a minor has registered and we will delete it promptly.

We may update this policy and will notify you of significant changes via email or platform notice. The effective date reflects the most recent version.