← Back

Privacy Policy

Last updated: June 2026 · Version 3.2 · Maddox Ventures LLC d/b/a doBid

1. Introduction and Scope

This Privacy Policy explains how Maddox Ventures LLC, a Texas limited liability company doing business as “doBid” (“doBid,” “we,” “us,” “our”) collects, uses, shares, and protects your personal information through the doBid platform. It complies with the Texas Data Privacy and Security Act (TDPSA, Tex. Bus. & Com. Code Ch. 541), the Texas Identity Theft Enforcement and Protection Act (Ch. 521), and — where applicable — the California Consumer Privacy Act (CCPA/CPRA) and the EU/UK GDPR. By using doBid, you acknowledge you have read this Policy.

2. Information We Collect

2.1 You Provide Directly

Account: name, email, phone, home/service address, password (hashed), optional profile photo, user role.

Service Providers: business name/structure, service categories, experience, service area, bio, license/permit information you supply, Certificate of Insurance, and a Tax Identification Number (SSN or EIN) collected through Stripe for 1099-NEC reporting.

Clients: payment method (handled by Stripe — we do not see full card numbers), job descriptions, before/after photos.

Communications: in-app messages, support tickets, reviews and ratings, dispute documentation.

Consent records: timestamps of Terms/Policy acceptance and notification preferences.

2.2 Payment Information

We do not collect, store, or access full card numbers, CVV, or bank account numbers. Stripe processes all payment data. We receive only transaction amounts/dates, payout status, Stripe identifiers, and verification flags. Pro identity/banking data is provided directly to Stripe and controlled by Stripe.

2.3 Collected Automatically

Usage: pages/features used, searches, job-browsing and bid history, timestamps.

Device/log: device type, OS/browser, approximate location (city/region from IP — not continuous GPS), IP address, referrer, error logs, and session tokens (managed by Supabase Auth).

2.4 From Third Parties

Google OAuth (if used to sign in): name and email only.

Stripe: identity-verification status and payout capability flags.

3. How We Use Your Information

PurposeLegal Basis (GDPR)
Operate the marketplace; match Clients and ProsContract
Process payments and payouts (via Stripe)Contract; legal obligation
Send transactional notificationsContract
Resolve disputes and investigate misconductContract; legal obligation
Automated content moderation (see 3.1)Legitimate interest (platform safety)
Platform safety, security, and fraud preventionLegitimate interest
Legal/tax compliance (e.g., 1099-NEC)Legal obligation
Product analytics and improvement (aggregated where possible)Legitimate interest
Marketing & advertising (only if you opt in)Consent

3.1 Automated Content Moderation (Anthropic / Claude API)

We send certain user-submitted text (job descriptions, bid text, and messages) to Anthropic's Claude API to automatically screen for prohibited or harmful content. The content is processed to return a moderation result. By default, Anthropic does not use inputs or outputs from its commercial products (including the Anthropic API) to train its models, and it applies a limited retention period to API data, subject to trust-and-safety exceptions. Anthropic acts as our service provider/processor under its Commercial Terms and data processing addendum. If moderation is unavailable, the request is rejected (fail-closed).

4. How We Share Your Information

We do not sell, rent, or trade your personal data. We share data for cross-context behavioral advertising only through the Meta advertising pixel described in §9 (Facebook/Instagram), and only if you opt in to Marketing cookies — which are off by default and which you can withdraw at any time.

4.1 Between Users

Clients see about Pros: business name, ratings/reviews, service area/categories, experience, and whether the Pro has a Certificate of Insurance on file — which doBid collects but does not independently verify — not the Pro's email or full personal contact details.

Pros see about a Client (after the Client accepts the Pro's bid): first name + last initial, the service address (needed to perform the job), job description/photos, and in-app messages — not the Client's payment method or full phone number.

4.2 Service Providers (Data Processors)

We share data only with vendors that process it on our behalf under signed Data Processing Agreements (DPAs):

VendorDataPurposeDPA
StripePayment method, transaction history, Pro identity/bankingPayments, payouts, identity verification
SupabaseAccount, messages, job records (database host/auth)Data storage & authentication
VercelApplication traffic and logsHosting & deployment
ResendEmail address, notification contentTransactional emailConfirm signed
Anthropic (Claude API)Message/bid textAutomated content moderation (not training)
Google Analytics 4Pseudonymous device/usage dataPlatform analytics
TwilioMobile phone number, SMS message contentTransactional SMS delivery
Google OAuthName, email (sign-in)Authentication

Advertising partner (with your consent only): If you opt in to Marketing cookies, we also share a limited set of activity events and a securely hashed (one-way encrypted) version of your email with Meta Platforms, Inc. (Facebook/Instagram) to measure our ads and reach similar audiences (see §9). For this advertising activity Meta acts as an independent controller under its Business Tools terms, not as our processor. It is off by default, and you can withdraw consent at any time via the cookie banner.

4.3 Legal Requests

We may disclose information when required by valid legal process or to protect rights, safety, or property, and where we have a mandatory reporting obligation — including the duty to report suspected child abuse or neglect under Tex. Fam. Code § 261.101, and the obligation of a U.S. online service provider to report apparent child sexual abuse material to NCMEC via its CyberTipline under 18 U.S.C. § 2258A. We will notify you where legally permitted and will not comply with unlawful requests.

4.4 Business Transfers

If doBid is acquired, merged, or reorganized, your information may transfer as part of that transaction; we will notify you.

5. Your Privacy Rights

5.1 Texas (TDPSA)

Texas residents may request access, correction, deletion, portability, and opt out of the sale of personal data and of targeted advertising. We do not sell personal data; we engage in targeted advertising only through the Meta pixel (§9) and only if you opt in to Marketing cookies (off by default; opt out anytime via the cookie banner). To exercise rights, email dpo@dobid.app with the relevant subject line and the email associated with your account. We verify identity before responding and respond within 45 days (extendable once by 45 days with notice). If we deny a request, you may appeal (email dpo@dobid.app), and if the appeal is denied you may complain to the Texas Attorney General (texasattorneygeneral.gov; 512-463-2100).

5.2 California (CCPA/CPRA)

California residents have rights to know, delete, correct, opt out of the “sale” or “sharing” of personal information, and limit use of sensitive personal information. We do not sell personal information; we “share” personal information for cross-context behavioral advertising only through the Meta pixel (§9) and only if you opt in to Marketing cookies (off by default; opt out anytime via the cookie banner). Note: we collect a TIN (SSN/EIN) for Pros, which is sensitive personal information used solely for tax compliance and identity verification. Submit requests to dpo@dobid.app (“CCPA Request”).

5.3 EU/UK (GDPR)

If you are in the EU/UK, you have access, rectification, erasure, restriction, portability, and objection rights, and the right to lodge a complaint with your supervisory authority. Our EU representative/DPO contact is dpo@dobid.app. International transfers to the US rely on Standard Contractual Clauses incorporated in our vendor DPAs.

5.4 Non-Discrimination

We will not discriminate against you for exercising these rights.

6. Data Retention

DataRetentionReason
Active account dataWhile active; personal identifiers removed within 90 days of a verified deletion requestOperations; TDPSA
Payment/transaction records & 1099 data7 yearsIRS recordkeeping (26 U.S.C. § 6001)
Job records & photos3 yearsDispute resolution
Messages3 yearsSupport & evidence
Consent records5 yearsRegulatory compliance
IP/login logs≤ 1 yearSecurity
De-identified/aggregated dataIndefiniteAnalytics

On deletion, profiles are removed, messages anonymized, ratings retained for marketplace integrity, and records required by law (tax, legal holds) retained. Accounts terminated for fraud may be retained longer to prevent re-registration.

7. Notifications and Marketing

We send transactional notifications (job updates, payment, disputes, security) by email and SMS as part of providing the service. Marketing emails are opt-in and you can unsubscribe anytime (footer link or Account Settings); we honor opt-outs within 10 business days.

SMS Messages

By providing your mobile phone number and checking the SMS consent box during registration, you agree to receive transactional SMS messages from doBid about your jobs, bids, and payments. doBid sends only transactional SMS — we do not send marketing or promotional SMS. Consent to receive SMS is not a condition of using doBid; you may use the platform without enabling SMS notifications.

Message frequency varies. Message and data rates may apply. We will not sell, rent, or share your mobile phone number with any third party for their marketing or promotional purposes.

To opt out at any time, reply STOP to any message we send. You will receive one confirmation message and then no further SMS from doBid. Reply START to re-enable SMS. Reply HELP for assistance, email us at support@dobid.app, or update your notification preferences in your account settings.

SMS messages are delivered via Twilio (see §4.2). doBid is not responsible for messages delayed or undelivered by your mobile carrier. Supported by all major U.S. carriers.

8. Data Security

We use commercially reasonable safeguards: HTTPS/TLS 1.2+ in transit; AES-256 at rest (Supabase); hashed passwords; Row-Level Security policies; least-privilege admin access with MFA; weekly dependency scanning; and an incident response plan. No method is 100% secure.

Data Breach Notification: If a breach affecting your personal data occurs, we will investigate promptly and notify affected users no later than 30 days (consistent with Tex. Bus. & Com. Code § 521.053). For users covered by the GDPR, we will notify the relevant supervisory authority within 72 hours where required. For breaches involving payment data or SSN/TIN, we offer 12 months of free credit monitoring.

9. Cookies and Tracking

CategoryExamplesPurposeCan decline?
EssentialSupabase session token, CSRF tokenLog-in, security, core platform functionNo — required to use the platform
PreferenceTheme, language, notification settingsRemember your settingsYes
AnalyticsGoogle Analytics 4 (_ga, _ga_*)Understand how users navigate the platformYes
MarketingMeta (Facebook/Instagram) pixel (_fbp)Measure ad performance and show doBid ads on MetaYes — opt-in only

On your first visit, doBid shows a cookie banner with options: Accept all, Decline (non-essential cookies), or Customize. Your choice is saved until you change it. You can update preferences anytime in Account Settings → Privacy → Cookies.

Google Analytics 4

We use Google Analytics 4 (GA4) to understand how the platform is used in aggregate. We have enabled IP anonymization, disabled Google Signals and cross-site advertising personalization, set data retention to 14 months, and signed Google's Data Processing Terms. GA4 does not receive your name, email, payment information, or any other directly identifying data. If you decline analytics cookies, no analytics cookies are set; Google may still receive cookieless, non-identifying signals (Google Consent Mode) used only for aggregate measurement.

California users (CCPA): analytics data may constitute a “sale” or “share” under the CPRA if used for cross-context behavioral advertising. We do not use GA4 data for that purpose; if you nonetheless wish to opt out, use the cookie banner or the GA opt-out add-on.

EU/UK users (GDPR): analytics cookies require your consent (GDPR Art. 6(1)(a) and Art. 7). The cookie banner collects and records that consent with a timestamp. You may withdraw consent at any time.

Do Not Track: doBid does not currently respond to browser-level “Do Not Track” signals because there is no uniform standard for interpreting them.

Marketing & Advertising Cookies (Meta Pixel)

With your opt-in consent, doBid uses the Meta Pixel and Conversions API from Meta Platforms, Inc. (Facebook/Instagram) to measure how our ads perform and to show doBid ads to people likely to be interested. These tools load only after you opt in to Marketing cookies (via “Accept all” or the Marketing toggle) and are off by default. When enabled, they send Meta a limited set of events (such as page views, sign-ups, and job posts) and a securely hashed (one-way encrypted) version of your email address, which Meta uses to match the activity to a Meta account for ad measurement and targeting. For this advertising activity Meta acts as an independent controller under its Business Tools terms. You can withdraw consent at any time using the cookie banner (footer → “Manage cookie preferences”) and can control ad personalization in your Facebook and Instagram ad settings. doBid does not send Meta your name, phone number, payment information, or the contents of your messages.

10. Children

doBid is for users 18 and older. We do not knowingly collect data from anyone under 18 (and never from anyone under 13 under COPPA). If we learn a minor has registered, we will delete the account and associated data except records the law requires us to keep.

11. Changes to This Policy

We may update this Policy; material changes will be emailed and posted with at least 30 days' notice. Continued use after the effective date constitutes acceptance.

12. Contact

Maddox Ventures LLC d/b/a doBid — Privacy / Data Protection
5900 Balcones Drive, Suite 100, Austin, Texas 78731
Email: dpo@dobid.app · Legal: legal@dobid.app · Phone: 832-422-7055
Texas Attorney General (complaints): texasattorneygeneral.gov· 512-463-2100

© 2026 Maddox Ventures LLC d/b/a doBid. All rights reserved.