Struvia

STRUVIA

Privacy Policy

Last updated: April 16, 2026

1. Introduction

Struvia, Inc. ("Struvia", "Company", "we", "us", or "our") is committed to protecting your privacy and the security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your information when you use our AI-powered construction estimating and bid management platform, website, mobile applications, and related services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use the Service.

This Privacy Policy should be read in conjunction with our Terms of Service, which govern your use of the Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, phone number, company name, job title, and password when you create an account
  • Profile Information: Business address, license numbers, specialties, service areas, and other professional details
  • Project Data: Construction plans, blueprints, specifications, project details, estimates, bids, proposals, and related documents you upload
  • Subcontractor Information: Contact details, trade specialties, certifications, insurance information, and performance data
  • Payment Information: Billing name, billing address, and payment card details (note: payment card information is processed directly by our payment processor, Stripe, and is not stored on our servers)
  • Communications: Messages, emails, notes, and other communications sent through our platform
  • Support Requests: Information you provide when contacting customer support
  • Survey Responses: Information you provide in response to surveys or feedback requests

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Pages visited, features used, actions taken, time spent on pages, search queries, and interaction patterns
  • Device Information: IP address, browser type and version, operating system, device type, device identifiers, screen resolution, and language settings
  • Log Data: Access times, error logs, referring/exit pages, clickstream data, and system activity
  • Location Information: Approximate geographic location based on IP address
  • Performance Data: Page load times, errors, and other performance metrics

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Social Login Providers: If you sign in using Google or other social login providers, we receive your name, email address, and profile picture
  • Business Partners: Information from partners who help us provide services
  • Public Sources: Publicly available business information such as company registrations and professional licenses

2.4 Google User Data

Sign in with Google. If you choose to sign in using Google OAuth, we access basic profile information from your Google account:

  • Basic Profile Information: Your name and email address
  • Profile Picture: Your Google profile picture (if available)

Optional Gmail integration. Separately, you may choose to connect your Gmail account so that bid-package correspondence is sent from, and synced to, your own mailbox. This integration is entirely optional, is never enabled by default, and is only activated when you explicitly connect Gmail in your account settings. When connected, you grant the following Google API scopes:

  • Send email (gmail.send): Send bid invitations and replies to subcontractors from your email address, on your behalf.
  • Read and modify (gmail.modify): Read incoming subcontractor replies and the related messages you send, so they appear in your Struvia communications thread, and apply a “Struvia/Filed” label to organize processed messages. We do not delete your email.
  • Mailbox identity (openid, email): Identify which mailbox was connected.

How we use Gmail data. We use access to your Gmail solely to provide the bid-communication features described above: sending messages you initiate, and reading and storing the subject, body, and attachments of bid-related messages so the conversation appears in your Struvia inbox and can be matched to the correct bid package. We do not access or store unrelated personal email beyond what is necessary to identify and sync bid-package conversations.

Limited Use. Struvia’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not use Gmail data for advertising, we do not sell it, we do not transfer it except as needed to provide the service or as required by law, and we do not use it to develop, improve, or train generalized or non-personalized AI/ML models. Any automated processing (such as classifying a reply or extracting bid details) is performed only to deliver this feature to you. Human access to Gmail data is restricted to the narrow cases permitted by that policy (e.g., with your consent, for security, to comply with law, or for internal operations with de-identified/aggregated data).

Your control.OAuth tokens are stored encrypted, and you can disconnect Gmail at any time from your account settings, which revokes Struvia’s access. If you do not connect Gmail, all email is sent through Resend, our third-party email provider, and we access no Gmail data.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving the Service

  • Create and manage your account
  • Process and analyze construction plans using AI technology
  • Generate estimates, takeoffs, and cost calculations
  • Facilitate communications between users (general contractors, subcontractors)
  • Process transactions and send related billing information
  • Provide customer support and respond to inquiries
  • Improve, personalize, and expand the Service
  • Develop new products, services, features, and functionality

3.2 AI Processing and Machine Learning

  • Process your construction plans through AI systems to generate estimates and analysis
  • Use aggregated and anonymized data to train and improve our AI models
  • Send your data to third-party AI providers (such as OpenAI, Anthropic, Google) for processing
  • We do not use your identifiable uploaded files or project documents to train public or third-party foundation models except where you expressly direct us to do so or we separately disclose and obtain any required consent
  • Generate insights and recommendations based on your data

3.3 Communications

  • Send technical notices, updates, security alerts, and administrative messages
  • Send transactional communications (bid notifications, project updates, etc.)
  • Send marketing communications (with your consent, where required)
  • Respond to your comments, questions, and requests

3.4 SMS and Automated Outreach

  • Send SMS messages and other automated outreach in connection with bid invitations, project communications, reminders, and related transactional workflows
  • If you provide a recipient's phone number or initiate SMS outreach through the Service, you represent that you have the right to contact that recipient for the relevant business purpose and that any legally required notice or consent has been obtained
  • Recipients may opt out of non-essential SMS messages by following the instructions in the message, including replying STOP where available
  • Message frequency varies by project activity and message and data rates may apply depending on the recipient's mobile carrier plan

3.5 Analytics and Research

  • Monitor and analyze usage patterns, trends, and activities
  • Measure the effectiveness of our Service and marketing campaigns
  • Conduct research and analysis to improve our products

3.6 Security and Compliance

  • Detect, prevent, and address technical issues, fraud, and security threats
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations and respond to legal requests
  • Protect the rights, property, and safety of Struvia, our users, and others

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service and fulfill our contractual obligations to you
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service, preventing fraud, and marketing (where your interests and rights do not override)
  • Consent: Processing based on your explicit consent (e.g., for certain marketing communications or optional features)
  • Legal Obligation: Processing necessary to comply with applicable laws and regulations

5. How We Share Your Information

We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

  • Cloud Infrastructure: Vercel (hosting), Supabase (database and authentication)
  • Payment Processing: Stripe (payment processing and billing)
  • AI Providers: OpenAI, Anthropic, Google (AI processing and analysis under vendor terms and service-provider restrictions applicable to those providers)
  • Email Services: Resend (transactional and marketing emails)
  • SMS Services: Surge (text message delivery for bid outreach, notifications, and related project communications)
  • Analytics: PostHog, Vercel Analytics (usage analytics and performance monitoring)
  • Customer Support: Tools to manage customer inquiries

These service providers are contractually obligated to protect your information and may only use it to provide services to us.

5.2 Other Users

When you use the Service, certain information may be shared with other users:

  • Project information you share with subcontractors or general contractors
  • Your business profile information visible to other users on the platform
  • Bids, proposals, and communications you send to other users

5.3 Business Transfers

If Struvia is involved in a merger, acquisition, reorganization, bankruptcy, asset sale, or other business transaction, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

5.4 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal requests, including:

  • Subpoenas, court orders, or other legal process
  • Requests from law enforcement or government agencies
  • To protect the rights, property, or safety of Struvia, our users, or others
  • To enforce our Terms of Service and other agreements

5.5 With Your Consent

We may share your information with your consent or at your direction.

5.6 Aggregated or De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for any purpose, including research, analytics, and improving our AI models.

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

We use cookies and similar tracking technologies to collect and store information:

  • Essential Cookies: Required for the Service to function properly (authentication, security, preferences)
  • Performance Cookies: Help us understand how visitors interact with the Service by collecting anonymous information
  • Functionality Cookies: Remember your preferences and personalize your experience
  • Analytics Cookies: Allow us to measure and analyze how you use the Service

6.2 Third-Party Cookies

Some cookies are placed by third-party services on our pages, including analytics providers and other service providers.

6.3 Managing Cookies

Most web browsers allow you to control cookies through their settings. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you disable cookies, some features of the Service may not function properly.

6.4 Do Not Track

Some browsers have a "Do Not Track" (DNT) feature that sends a signal to websites requesting that they not track the user. We do not currently respond to DNT signals because there is no industry-wide standard for compliance.

7. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encrypted in transit (TLS/SSL) and at rest
  • Access Controls: Role-based access controls and authentication mechanisms
  • Infrastructure Security: Secure cloud infrastructure with regular security assessments
  • Monitoring: Continuous monitoring for security threats and vulnerabilities
  • Employee Training: Regular security awareness training for our team
  • Vendor Security: Security assessments of third-party service providers

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

8. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  • Investigate the incident and take steps to contain and remediate the breach
  • Notify affected users without undue delay (and within 72 hours where required by law)
  • Notify relevant supervisory authorities as required by applicable law
  • Provide information about the nature of the breach, the data affected, and steps we are taking
  • Provide guidance on steps you can take to protect yourself

9. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service and maintain your account
  • Comply with legal obligations (e.g., tax, accounting, legal hold requirements)
  • Resolve disputes and enforce our agreements
  • For legitimate business purposes (e.g., analytics, fraud prevention)

Specific Retention Periods:

  • Account Data: Retained while your account is active and for up to 3 years after account deletion
  • Project Data: Retained while your account is active and for up to 7 years for tax and legal compliance
  • Transaction Records: Retained for 7 years for tax and accounting purposes
  • Support Communications: Retained for 3 years after resolution
  • Log Data: Retained for up to 1 year
  • Aggregated/Anonymized Data: May be retained indefinitely

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention policies and applicable law.

10. Your Rights and Choices

10.1 General Rights

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal retention requirements)
  • Portability: Request transfer of your data in a structured, commonly used format
  • Restriction: Request restriction of processing in certain circumstances
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent where processing is based on consent

10.2 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by contacting us. Note that you may still receive transactional communications related to your account and the Service.

If you receive SMS messages from us, you may opt out of non-essential text messages by following the instructions in the message, including replying STOP where supported. Even if you opt out of marketing or optional SMS, we may still send service-related or legally required communications.

10.3 Account Deletion

You may request deletion of your account at any time by contacting us through the account settings page or by emailing support@bidicontracting.com. Upon account deletion, we will delete or anonymize your personal information, except as required for legal compliance or legitimate business purposes.

10.4 How to Exercise Your Rights

You may exercise these rights by using available self-service tools in the Service, such as the data export feature in account settings, or by emailing support@bidicontracting.com. We will respond to your request within the timeframe required by applicable law (generally within 30 days). We may need to verify your identity before processing your request.

If we decline your request, where permitted by applicable law you may appeal that decision by replying to our response or emailing support@bidicontracting.com with the subject line "Privacy Appeal" within thirty (30) days of our decision.

11. International Data Transfers

Struvia is based in the United States, and your information is processed and stored in the United States and potentially other countries where our service providers operate.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, your information may be transferred to countries that may not have the same data protection laws as your country. When we transfer personal data outside the EEA, we implement appropriate safeguards, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries deemed to have adequate data protection by the European Commission
  • Other legal mechanisms as permitted by applicable law

By using the Service, you consent to the transfer of your information to the United States and other countries as described in this Privacy Policy.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request information about the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it
  • Right to Delete: Request deletion of personal information we have collected (subject to exceptions)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Opt-Out of Sale/Sharing: We do not sell personal information and do not share personal information for cross-context behavioral advertising
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
  • Sensitive Personal Information: We do not use or disclose sensitive personal information for purposes that would generally require a separate California right-to-limit mechanism beyond the uses described in this Privacy Policy

Categories of Personal Information Collected: We collect identifiers, commercial information, internet activity, professional information, and geolocation data as described in Section 2.

To exercise your California privacy rights, please email support@bidicontracting.com. You may also designate an authorized agent to make a request on your behalf.

13. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have certain rights under the General Data Protection Regulation (GDPR):

  • Right of Access (Article 15): Obtain confirmation and access to your personal data
  • Right to Rectification (Article 16): Correct inaccurate personal data
  • Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Article 18): Restrict processing of your personal data
  • Right to Data Portability (Article 20): Receive your data in a structured format and transfer to another controller
  • Right to Object (Article 21): Object to processing based on legitimate interests or direct marketing
  • Rights Related to Automated Decision-Making (Article 22): Not be subject to decisions based solely on automated processing

Data Controller: Struvia is the data controller for personal data collected through the Service.

Supervisory Authority: If you are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.

14. Children's Privacy

The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from children under 18. If you are under 18, please do not use the Service or provide any information to us.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 18, please contact us immediately at support@bidicontracting.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated Privacy Policy on our website
  • Update the "Last updated" date at the top of this page
  • Send an email notification to registered users (for material changes)
  • Obtain consent where required by applicable law

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Struvia
Privacy Requests: support@bidicontracting.com
Legal Notices: weston@bidicontracting.com
Phone: 385-216-9587
Address: Salt Lake City, Utah, United States

For privacy-related inquiries, you may also contact our Data Protection Contact at the email address above with the subject line "Privacy Inquiry."