Privacy Policy
Who we are
Gritbid is operated by Gritbid LLC, a Florida limited liability company (formation effective 2026-05-17). We make estimating and quoting software for spray foam insulation contractors. This policy explains what we collect, how we use it, and the choices you have.
"Gritbid", "we", "us", and "our" refer to Gritbid LLC and the Gritbid product. "You" and "your" refer to the person using Gritbid and any business they represent.
What we collect
We collect only what's needed to run the product.
- Account information. Email and a hashed password (never the plaintext password — authentication is handled by our database provider, Supabase).
- Business profile. Information you enter on the Settings page — business name, license details, insurance, address, contact information, default terms, branding.
- Customer and job data you enter. Names, addresses, contact info, and job details for the contractors and projects you quote. This is YOUR customers' data; you control it.
- Quote and line-item data. Pricing, board-feet, descriptions, version history, generated PDFs.
- QuickBooks Online connection (optional). If you connect your QBO account, we store encrypted OAuth tokens server-side so we can sync on your behalf. Tokens are never sent to your browser or visible to us as cleartext after exchange.
- Basic operational logs. Login times, error events, and usage counters needed to keep the service running and debug problems.
We do not use third-party analytics, advertising trackers, or session-replay tools.
How we use it
- To provide the service — generate quotes, render PDFs, sync to QuickBooks.
- To support you when you contact us.
- To diagnose and fix bugs.
- To improve the product. We may look at aggregate, de-identified usage patterns (e.g., "what percentage of users connect QBO in their first week") to inform what we build next.
We do not sell your data, your customers' data, or your business data. We do not share it with anyone except the service providers below.
Text messages (SMS)
If a contractor using Gritbid texts you about a quote you requested, it is because you gave that contractor your mobile number and agreed to receive quote updates. These texts are transactional (quote ready, reminders, expiration notices) and are sent by Gritbid on the contractor's behalf.
- You can opt out anytime by replying STOP. Reply HELP for help.
- Message and data rates may apply. Message frequency varies.
- We do not sell or share your mobile number or your SMS consent with anyone for their own marketing. Your SMS consent is used only to send you messages about your quote.
Service providers we use
Gritbid runs on a small set of well-known infrastructure providers. Each receives the minimum data needed to perform their function:
- Supabase (hosted Postgres + auth) — stores your account, business profile, customers, jobs, quotes, line items, and encrypted QBO tokens. US-hosted.
- Vercel (hosting) — serves the web application and runs the backend functions that talk to QBO and PDF generation.
- Intuit / QuickBooks Online (only if you connect QBO) — receives the specific customer, job, quote, and invoice data that you authorize Gritbid to push. You can disconnect at any time on the Settings page.
- PDFShift (PDF rendering) — receives the rendered HTML for a specific quote/invoice when you generate the PDF, returns the PDF binary. Not used for storage.
Your rights
You can:
- Access and edit your data inside the application.
- Export your data — email support@gritbid.io and we'll send a structured export.
- Delete your account — email support@gritbid.io and we'll permanently delete your account, business profile, and all customer/job/quote data within 30 days. Backups age out within 30 additional days.
- Disconnect QBO at any time on the Settings page.
If you live in California or another US state with specific consumer privacy rights (CCPA, CPRA, VCDPA, etc.), the rights above apply. We're a small operation; please email us and we'll handle requests directly.
Security
- All data in transit is encrypted via HTTPS.
- Database row-level security ensures one user's account cannot read or write another user's data, ever.
- Engine tables (per-brand SKU yields, system configuration) are server-side-only; they never reach your browser.
- QBO tokens are encrypted at rest and accessed only by server-side functions running on Vercel.
- Passwords are hashed using industry-standard algorithms by Supabase Auth — Gritbid never sees your plaintext password.
Data retention
We keep your data while your account is active. When you delete your account or stop using the service for an extended period, we'll permanently delete your data within 30 days of your request (or after a reasonable inactivity window). Backups age out within an additional 30 days.
Some records may be retained longer if required by law (e.g., tax records, legal holds). We'll only keep what's necessary.
Children
Gritbid is a tool for licensed contractors. The service is not intended for anyone under 18, and we don't knowingly collect data from minors.
Where we operate
Gritbid is currently US-only. We don't market the service outside the United States, and our data processors are US-hosted. If we expand internationally, we'll update this policy.
Cookies and tracking
We use only the cookies and local storage needed to keep you signed in and remember basic preferences. No third-party advertising trackers, no cross-site analytics, no session-replay.
Changes to this policy
If we change this policy in a way that affects your rights or how we use your data, we'll notify you via email or an in-app notice before the change takes effect. Routine edits (clarifying language, adding service providers) will be posted here with an updated revision date.
Contact
Privacy questions: privacy@gritbid.io
Support: support@gritbid.io