Privacy Policy
Last updated: February 2026
BID Partners LLC d/b/a FieldTap ("we," "our," or "us") is committed to protecting the privacy of our users. This Privacy Policy describes how we collect, use, store, and share information when you use our web application, mobile application, and related services (collectively, the "Service").
1. Information We Collect
Information You Provide
- Account Information: When you create an account, we collect your name, email address, organization name, and password.
- Field Data: Archaeological field data you enter into the platform, including form entries, photographs, GPS coordinates, notes, and associated metadata.
- Payment Information: If you subscribe to a paid plan, payment details are processed by our third-party payment processor (Stripe). We do not store your full credit card number.
- Communications: When you contact us for support or other inquiries, we collect the content of your messages.
Information Collected Automatically
- Usage Data: We collect information about how you interact with the Service, including pages viewed, features used, and timestamps.
- Device Information: Browser type, operating system, device type, and screen resolution.
- Log Data: IP address, access times, and referring URLs.
- Location Data: GPS coordinates are collected only when you actively use location features within the app, and only with your explicit permission.
2. How We Use Your Information
- Providing, maintaining, and improving the Service
- Processing transactions and sending related information
- Sending technical notices, updates, and security alerts
- Responding to your comments, questions, and support requests
- Monitoring and analyzing usage trends to improve user experience
- Detecting, investigating, and preventing fraudulent transactions and other illegal activities
- Complying with legal obligations
3. Data Storage & Security
Your data is stored securely using Supabase, a managed PostgreSQL database platform with enterprise-grade security. All data is encrypted at rest using AES-256 encryption. Data in transit is protected using TLS 1.3.
Our frontend application is hosted on Vercel, which provides automatic HTTPS, DDoS protection, and a global CDN.
We implement row-level security (RLS) policies on all database tables to ensure that users can only access data belonging to their organization. We regularly review and update our security practices to protect your information.
While we take reasonable measures to protect your data, no method of transmission or storage is 100% secure. If you have concerns about security, please contact us at .
4. Third-Party Services
We use the following third-party services to operate FieldTap:
- Supabase: Database hosting, authentication, and file storage
- Vercel: Frontend hosting and deployment
- Stripe: Payment processing
- Analytics: We use standard web analytics tools to understand aggregate usage patterns. These tools may collect anonymized usage data.
Each third-party service has its own privacy policy governing their use of your data. We encourage you to review their policies.
5. Cookies
We use cookies and similar technologies to maintain your session, remember your preferences, and understand how you use the Service.
- Essential Cookies: Required for the Service to function (authentication, session management).
- Analytics Cookies: Help us understand usage patterns and improve the Service. These can be disabled in your browser settings.
We do not use advertising cookies or sell data to advertisers.
6. Data Retention
We retain your account information and field data for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete your personal information within 30 days, except where we are required to retain data for legal or regulatory purposes.
You can export all of your field data at any time through the platform's export features before deleting your account.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
GDPR Rights (European Economic Area)
- Right to access your personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent at any time where processing is based on consent
CCPA Rights (California Residents)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt out of the sale of personal information
- Right to non-discrimination for exercising your rights
We do not sell your personal information to third parties.
To exercise any of these rights, please contact us at . We will respond to your request within 30 days.
8. Children's Privacy
The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you believe a child has provided us with personal data, please contact us at .
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We may also send you an email notification for significant changes. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.