Privacy Policy

Last updated: March 18, 2026

Introduction

BidScout (“we,” “our,” or “us”) provides an AI-powered Upwork monitoring and proposal drafting desktop application (“Service”) available at bidscout.co (“Website”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service or visit our Website. By using BidScout, you consent to the practices described in this policy.

Information We Collect

Information You Provide

• Account information: Email address when you join the waitlist or create an account.
• Upwork credentials:Your Upwork login session is stored locally on your Mac in Chrome's user data directory and in macOS Keychain via safeStorage. We do not transmit your Upwork password to our servers.
• API keys: Your Anthropic API key is stored locally in macOS Keychain via safeStorage encryption. We do not store or transmit API keys to our servers.
• Profile data: Freelancer bio, skills, and proposal style preferences you configure within the app.
• Supabase credentials: Database connection details stored locally in macOS Keychain.

Information Collected Automatically

• Usage data: Monitor configurations, opportunity counts, and proposal statistics stored in your Supabase database.
• Website analytics: Standard web analytics on bidscout.co including page views, referral source, browser type, device type, and approximate geographic location.

Information We Do NOT Collect

• We do not collect or store your Upwork password on our servers.
• We do not access your Upwork account from cloud infrastructure.
• We do not collect your browsing history or Upwork activity beyond what you configure in monitors.
• We do not sell, rent, or share your personal information with third parties for marketing purposes.
• We do not use tracking pixels, fingerprinting, or cross-site tracking technologies.

Local-First Architecture

BidScout is a desktop application that runs entirely on your Mac. Your Upwork browsing session operates through your own Chrome browser using Chrome DevTools Protocol (CDP). This means:

• Your Upwork session cookies remain on your local machine.
• Browser automation uses your own Chrome profile and IP address.
• Sensitive credentials (API keys, service role keys) are encrypted via macOS Keychain and never leave your device.
• Job data and proposals are stored in your own Supabase database instance.
• No telemetry, crash reports, or usage data is sent to BidScout servers from the desktop application.

Data Processing

BidScout uses artificial intelligence to score job opportunities and draft proposals. When AI processing is triggered:

• Job descriptionsare sent to Anthropic's API (Claude) for scoring, evaluation, and proposal drafting. This transmission uses your own Anthropic API key and is subject to Anthropic's Privacy Policy.
• Your freelancer profile (bio, skills, proposal style guide) is included in AI prompts to personalize scoring and drafts.
• Screening questions extracted from Upwork job applications are sent to Anthropic's API for answer generation.
• AI requests are made directly from your Mac to Anthropic's servers. BidScout does not proxy, log, or store any data that passes through the AI pipeline on our infrastructure.
• Anthropic's API usage policy states that data sent via the API is not used to train their models. Refer to Anthropic's current terms for the latest information.

How We Use Your Information

• To provide and maintain the Service.
• To communicate with you about your account, the waitlist, or service updates.
• To improve the Service based on aggregated, anonymized usage patterns.
• To respond to your support requests.
• To detect and prevent fraud, abuse, or security incidents.
• To comply with legal obligations.

Data Storage and Security

Your application data is stored in your configured Supabase database. Sensitive credentials are encrypted using macOS Keychain (safeStorage API). We implement industry-standard security practices including encryption in transit (TLS) and at rest, but cannot guarantee absolute security of any system.

Website data (waitlist emails, analytics) is stored on secured servers with access restricted to authorized personnel only.

Data Retention

• Waitlist emails: Retained until you request removal or the waitlist is closed. You may unsubscribe at any time.
• Account data: Retained for the duration of your account. Upon account deletion, we will remove your data from our systems within 30 days, except where retention is required by law.
• Local application data: Job data, proposals, and credentials stored on your Mac and in your Supabase database are under your control. We have no ability to delete data from your local machine or your database.
• Website analytics: Aggregated analytics data is retained for up to 24 months. Individual session data is anonymized after 90 days.
• Support communications: Retained for up to 3 years after the last interaction for quality assurance and legal compliance.

Cookies and Tracking Technologies

The BidScout desktop application does not use cookies or tracking technologies. The following applies to our Website (bidscout.co) only:

Essential Cookies

Required for basic site functionality such as form submissions and security. These cannot be disabled.

Analytics Cookies

We use privacy-focused analytics to understand traffic patterns and improve the Website. Analytics data is aggregated and does not include personally identifiable information.

No Third-Party Advertising Cookies

We do not use advertising cookies, retargeting pixels, or any third-party ad tracking on our Website.

Third-Party Services

BidScout integrates with the following third-party services, each governed by their own privacy policies:

• Upwork:Job data is scraped from Upwork's public job listings using your authenticated browser session. Subject to Upwork's Privacy Policy.
• Anthropic:Job descriptions and profile data are sent to Anthropic's API for AI scoring and proposal drafting, using your own API key. Subject to Anthropic's Privacy Policy.
• Supabase: Your data is stored in your own Supabase project. Subject to Supabase's Privacy Policy.
• Resend: We use Resend for transactional emails (waitlist confirmation, service updates). Subject to Resend's Privacy Policy.

Your Data Rights

You have the right to:

• Access your personal information we hold.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data at any time.
• Disconnect your Upwork session and delete stored credentials.
• Object to processing of your personal data.
• Lodge a complaint with a supervisory authority.

Since BidScout runs locally, you can delete all application data by removing ~/Library/Application Support/BidScout/ and your Supabase project data. To request deletion of data held on our servers (e.g., waitlist email), contact us at hello@bidscout.co.

Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach.
• Provide details about the nature of the breach, the data affected, and steps we are taking to address it.
• Report the breach to relevant supervisory authorities as required by applicable law.
• Recommend protective measures you can take (e.g., rotating API keys, changing passwords).

Because BidScout's local-first architecture means most sensitive data never reaches our servers, the scope of any server-side breach would be limited to data we hold (e.g., email addresses, account metadata).

International Users

BidScout is operated from the United States. If you access our Service or Website from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions that may not provide the same level of data protection as your home country. We take appropriate safeguards to ensure your data is treated securely and in accordance with this Privacy Policy.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you may have additional rights under the General Data Protection Regulation (GDPR) or equivalent local legislation. Contact us at hello@bidscout.co to exercise these rights.

Do Not Track

Some web browsers transmit “Do Not Track” (DNT) signals. Because there is no universally accepted standard for how to respond to DNT signals, our Website does not currently respond to DNT browser signals or headers. We will continue to monitor developments around DNT technology and may adopt a standard once one is established.

Children's Privacy

BidScout is not directed to individuals under 18. We do not knowingly collect information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what information we collect, request deletion, and opt out of data sales. We do not sell personal information. California residents may submit requests by contacting us at hello@bidscout.co.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “Last updated” date at the top of this page reflects the most recent revision. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact

For privacy-related questions, data access requests, or concerns, contact us at hello@bidscout.co.