Privacy Policy
BidLogiQ Privacy Policy
Effective Date: June 12, 2025
Introduction:
BidLogiQ (operated by BidStream, LLC, 418 Broadway, STE N, Albany, NY 12207) is a U.S.-based Software-as- a-Service platform used by public-sector entities (e.g. school districts, municipalities) and their vendors (e.g. contractors, construction managers, attorneys). We are committed to protecting the privacy of our users. This Privacy Policy describes what information we collect from users located within the United States, how we use and safeguard that information, and your rights regarding your data. It also explains how we comply with specific laws and regulations relevant to our public-sector clients, including New York’s Freedom of Information Law (FOIL) and New York State Education Law 2-d. This Policy applies only to our
U.S. users and services. If you do not agree with these practices, please do not use the BidLogiQ platform. By using our platform, you consent to the practices described in this Privacy Policy.
Information We Collect
We only collect information necessary to provide and improve the BidLogiQ service. We do not collect sensitive personal data such as Social Security numbers, driver’s license numbers, financial account or credit card numbers, medical or health information, or biometric identifiers. The types of information we collect include:
• Account Information: When you create an account, we collect personal identifiers and contact details like your name, business email address, phone number, job title, and the organization you represent.
• Profile and Organization Data: Public-sector entity users may provide agency or district name and address; vendor users may provide company name, business address, professional licenses or certifications, and other business profile details.
• Content You Submit: We process and store data and documents you upload or submit on the platform (for example, bid proposals, RFP documents, contracts, or communications). This content may include personal information only to the extent you or your organization include it. We treat all such content as confidential and use it solely to operate the service, except as noted in this Policy (e.g. legal compliance).
• Usage Data: Our system automatically collects technical data about your use of the platform. This includes information like your Internet Protocol (IP) address, browser type, device type, operating system, pages or features accessed, dates/times of access, and other usage logs. We collect this data to monitor system performance, improve user experience, and for security auditing. (For instance, we may log user actions to detect unauthorized access attempts or troubleshoot errors.)
• Cookies and Tracking Technologies: We use cookies and similar technologies (described in detail below) to manage user sessions, remember preferences, and gather analytics data about how users interact with our platform. These cookies collect information such as page response times, download errors, and usage patterns, which help us optimize our services.
No Collection of Sensitive Data: BidLogiQ does not require or seek any sensitive personal information. Please refrain from uploading or submitting sensitive personal data (such as personal financial account numbers, social security numbers, health or medical information, or information about minors) into the platform. In the rare case that you believe our platform has collected sensitive data unintentionally, please contact us so we can remove it.
Children’s Privacy: Our services are intended for use by adults in professional or official capacities. We do not knowingly collect personal information from children under 13 years of age. In particular, BidLogiQ is not directed toward students or minors. If we become aware of any personal information collected from a child under 13, we will promptly delete it. Parents or legal guardians with concerns may contact us as described below. (Note: If our platform is used by K-12 educational agencies, it is only accessed by authorized school officials or their vendors, not by students.)
How We Use Your Information
We use the collected information strictly for purposes of providing, maintaining, and improving the BidLogiQ platform and in support of our public-sector clients’ needs. These uses include:
• Providing and Improving the Service: We use your personal information to create and manage your user account, authenticate you when you log in, and allow you to participate in bidding activities on the platform. We process documents and data you submit in order to facilitate procurement and project management workflows. We also analyze usage data and feedback to understand platform performance and improve features and usability.
• Communications: We use contact information (such as email and phone number) to send you service-related communications. This may include confirmations of account creation, notifications about bid events or status updates, system alerts (e.g. downtime maintenance notices), and responses to customer support inquiries. We may also send administrative emails or announcements about updates to our platform or policies. We will not send you marketing or promotional emails unrelated to the BidLogiQ service unless you explicitly opt-in.
• Analytics and Performance Monitoring: We use cookies and third-party analytics services (like Google Analytics) to collect usage data as described above. This information helps us diagnose technical issues, monitor the health and performance of our infrastructure, and identify usage trends (for example, which features are most used). Analyzing this data enables us to make informed improvements to reliability, speed, and user experience.
• Security and Fraud Prevention: We may use personal and usage information to protect the security of the platform, our users, and their data. This includes using data to authenticate user identity, detect and prevent malicious activity, prevent unauthorized access, enforce our Terms of Service, and investigate potential fraud, spam, or data breaches. For example, IP addresses and logins may be analyzed to identify unusual account access patterns that could indicate attempted hacking.
• Legal Compliance and Public Responsibilities: We will use and disclose information as necessary to comply with applicable laws, regulations, legal processes or enforceable governmental requests. Because our clients are public-sector entities, we handle data in a manner that facilitates their compliance with laws like New York’s Freedom of Information Law (FOIL) and records retention requirements (see “Freedom of Information Law & Public Records” and “Data Retention” below for details). We may also use your information to fulfill any reporting or notification obligations under privacy or security laws (for instance, notifying you or authorities in the unlikely event of a security breach).
We do not use personal information for any commercial or marketing purpose unrelated to providing the BidLogiQ service. In particular, we do not sell or rent your personal information to data brokers or advertisers. We also do not use any information we collect to profile users for advertising, or to target you with third-party ads. Our use of data is limited to the purposes listed above and other purposes that we disclose to you and get your consent for.
Cookies and Tracking Technologies
What Are Cookies? Cookies are small text files that we and our analytics providers place on your browser or device when you visit the BidLogiQ web application. They serve several functions, like keeping you logged in, remembering your site preferences, and helping us understand how users navigate our platform.
Types of Cookies We Use:
• Session Cookies (Required): These are temporary cookies that are essential for the platform to function. For example, when you log in, a session cookie keeps you authenticated as you move between pages. These cookies contain a unique identifier tied to your session and typically expire when you log out or close your browser. Without session cookies, you would have to re-login on every page.
• Preference Cookies: We may use cookies to remember choices you make on the platform (such as your chosen settings or user interface customizations). This makes your experience more convenient by saving you from re-entering information each time.
• Analytics Cookies: We use third-party analytics tools (such as Google Analytics) that set cookies to collect information about how users interact with our site. This data includes things like which pages are visited, for how long, and any error messages encountered. The analytics cookies help us compile reports and statistics on usage that guide improvements. The information collected is aggregated and not used to identify you personally. For instance, Google Analytics may provide us with general demographic estimates of our user base or which features are most popular, without revealing any individual’s identity.
Cookie Choices: Because our platform is tailored for registered users and requires login, certain cookies (especially session cookies) are necessary for it to work properly. You can set your browser to refuse cookies or alert you when cookies are being sent. However, please note that if you disable or delete cookies, some core features of BidLogiQ may not function correctly (for example, you might not be able to stay logged in). Currently, our site does not respond to “Do Not Track” signals, in part because there is no consistent industry standard for compliance. We do not use cookies for advertising or tracking users across third-party sites.
Other Tracking Technologies: In addition to cookies, we may use web beacons or similar tracking pixels in our email communications. For example, if we send emails, they might contain a tiny clear image or link that tells us whether you have opened the email. This helps us gauge the effectiveness of important communications and ensure you receive critical notifications. You cannot opt out of service-related emails, but if you prefer not to have certain tracking enabled in emails, you can disable images in your email client (though this may affect formatting).
All cookies and tracking technologies we deploy are only used for the purposes outlined in this Policy – primarily to support functionality, measure usage of our service, and improve performance. We do not use tracking technologies to collect sensitive information or to facilitate third-party advertising.
How We Share Your Information
BidLogiQ does not sell your personal information to third parties. We only share or disclose user information in the following circumstances:
• With Service Providers (Third-Party Processors): We use trusted third-party companies to support our platform’s operations and to perform certain services on our behalf. These include:
• Cloud Hosting and Storage: BidLogiQ is hosted on Amazon Web Services (AWS) cloud infrastructure. All platform data, including any personal information and content you upload, is stored on AWS servers located in the United States. AWS acts as our data hosting provider, and it may only access or process our data under our instructions and for the purpose of storing and retrieving it. AWS maintains robust physical and network security and is contractually bound to keep our users’ data confidential.
• Email and Communication Services: We utilize Google (e.g. Google Workspace/Gmail services) to send transactional emails and notifications (such as account invitations, password reset emails, and system alerts). Your name and email address may be processed by Google’s email servers in the course of sending these communications. Google acts as our service provider for delivering email and is not permitted to use your information for any purpose other than assisting us with communication.
• Analytics Services: As noted, we use Google Analytics to gather anonymous statistical information about platform usage. Google Analytics may set cookies or collect usage data (like page visits and IP addresses) on our behalf. This information is aggregated and helps us improve the service. We have configured Google Analytics to anonymize IP addresses where applicable, and we do not send Google any personally identifiable information through Analytics. (You can learn more about how Google Analytics handles data in Google’s own privacy disclosures.)
• Other Vendors: We may employ additional third-party tools or services for things like error tracking, customer support ticketing, or data backups. Any such vendors will be vetted for security and privacy and will only be given the minimum information necessary to perform their function. They will be required to protect your information under terms at least as strict as this Privacy Policy.
All third-party service providers working with BidLogiQ are obligated to protect your data and to use it solely for providing services to BidLogiQ. They do not have independent rights to use or share your information. We do not allow our service providers to use your personal data for their own marketing or other purposes. A list of our primary subprocessors (such as AWS and Google) can be provided upon request.
• With Public-Sector Clients and Other Users: By the nature of the platform, some information is shared between public entities and vendors in the context of bids or projects. For example, if you are a vendor submitting a bid proposal, the public agency that posted the opportunity will have access to your submission (including any contact information or qualifications you included in it). Similarly, information entered by a public-sector user (like a solicitation document or Q&A response) will be
visible to intended vendor users. BidLogiQ’s role is to facilitate these interactions as intended by our clients. We do not disclose your information to any user except as directed by your actions or the platform’s functionality. Please note: Content or data you submit to a government entity via our platform may become part of that entity’s public records. That means it could be disclosed to third parties if required by law (see FOIL section below). Only submit information that you are authorized to share in a professional capacity. If you have concerns about what will be visible to other participants, please contact the relevant agency or our support team for guidance.
• For Legal Compliance and Protection: We may disclose information about you if we are required to do so by U.S. law, subpoena, court order, or other legal process. This includes responding to lawful requests by public authorities, including to meet national security or law enforcement requirements. Additionally, if necessary, we may disclose data to protect our rights or the rights, property, or safety of our users or others. For instance, we might share information with law enforcement or regulators if we believe a user is violating the law, committing fraud, or threatening the safety of others. Any such disclosure will be limited to what is permissible and necessary under law.
• In Connection with FOIL or Open Records Requests: If a public-sector client is subject to open records laws like New York’s FOIL, data stored on our platform may be requested by the public. In general, FOIL requests are handled by the client agency, not by BidLogiQ directly. However, we may be legally compelled to assist in retrieving or producing relevant records. Disclosures of information that are required under FOIL or similar public records laws will not be considered a breach of privacy or confidentiality on our part. In other words, if a record must be released by law, we will comply with such law. (See more under FOIL & Public Records below.)
• Business Transfers: If BidStream, LLC (BidLogiQ’s parent company) is involved in a merger, acquisition, sale of assets, or other business transaction, user information, including personal data, may be transferred to the successor or acquiring entity. In such an event, we will ensure that your data remains subject to confidentiality commitments and this Privacy Policy’s protections (unless you are notified otherwise and consent to any new terms). We will provide notice on the platform or via email before any personal information becomes subject to a different privacy policy due to a corporate change.
• With Your Consent: In situations other than those above, we will share your personal information only if you have given us explicit consent to do so. For example, if you request that we integrate a third-party application or service with your BidLogiQ account (where available), we would send your information to that third party at your direction. You may also separately agree to let us share information with a partner for a particular project. In all such cases, we will make it clear to you what information would be shared and with whom, and we will honor your choices.
In all cases of sharing, we endeavor to disclose only the minimum information necessary to fulfill the purpose. We also document and maintain records of any disclosures of personal data as required by law or our internal policies. If you have questions about third parties that may have access to your data, feel free to contact us.
Data Retention
Retention of User Accounts: We retain your personal information for as long as your account remains active or as long as necessary to provide you with our services. Account information such as your name, contact info, and login credentials will be kept until you or your organization requests deletion of the account or if the account is terminated pursuant to our Terms of Service. We may retain certain minimal
information even after account deletion, such as logs of when an account was deleted or records of financial transactions (if any), to fulfill legal or auditing requirements.
Retention of Platform Records and Content: BidLogiQ recognizes that many of the records stored on our platform by public-sector clients are subject to public records retention laws. For example, New York local government agencies must follow record retention schedules that require certain documents (including procurement records) to be kept for a defined period (often several years). Our policy is to assist our clients in meeting their records retention obligations:
• We will not delete, alter, or purge data that is potentially subject to a public entity’s retention requirements without the express direction of the client or as permitted by law. In practice, this means that if you are using BidLogiQ as a public agency, all data you input or that is submitted to you via our platform will be retained on our servers indefinitely, or until you instruct us in writing to dispose of it in accordance with your retention schedule and applicable law. We can work with your agency to export data for archiving or offline storage if needed.
• If you are a vendor user, please be aware that content you submit (like bid responses or messages) may be retained as part of a government record. Even if you delete a file from your view or request account deletion, the government entity may require us to preserve those records for a legally mandated period. In such cases, we cannot override the agency’s retention obligations.
• Routine system logs and backups maintained by BidLogiQ are also handled in accordance with applicable retention standards. We periodically purge or anonymize system logs that are not needed, but only in a manner consistent with public records laws. For instance, base web server logs or audit logs may be scheduled for secure destruction after a certain time if they are not required for any retention purposes.
• We will retain personal data as long as necessary to fulfill the purposes for which it was collected (as outlined in this Policy), unless a longer retention period is required by law. In particular, if a specific law or contract requires us to keep data for a certain period (e.g., audit or compliance reasons), we will do so. Conversely, if law or policy requires deletion (for example, if an agency instructs us to destroy drafts or confidential data after a project), we will comply with that as well.
Public Records Retention Compliance: We are committed to supporting our public-sector clients’ compliance with records retention and disposition laws. We stay informed about applicable records retention schedules (such as the New York LGS-1 schedule for local governments) and ensure that our data management practices align with them. If you are an agency user and have questions about how BidLogiQ can accommodate specific retention or archiving needs, please contact us. We can provide data export, archiving tools, or other support to make sure you can meet state or local records retention requirements. Nothing in this Privacy Policy is intended to contradict or interfere with a public entity’s legal duty to retain records; if there is any conflict, the lawful records retention requirements will take precedence.
Freedom of Information Law (FOIL) and Public Records Disclosure
Public Records and FOIL Overview: Because BidLogiQ serves public-sector organizations, it is important to address how we handle data in light of public transparency laws. New York’s Freedom of Information Law (FOIL) (Public Officers Law, Article 6) and similar state open records laws grant the public the right to access certain government records. Records stored in BidLogiQ by a government user (such as bid solicitations, vendor submissions, contracts, and related communications) may be considered “public
records” under these laws. As such, they could be subject to disclosure if an appropriate FOIL request (or other public records request) is made to the agency that owns the records.
BidLogiQ’s Role in FOIL Compliance: We consider the government clients who use our platform to be the custodians of their data. When a FOIL request is received by a client (e.g. a school district or city government), that client is responsible for determining which records are responsive and whether any exemptions apply (for example, FOIL exempts records that would result in an unwarranted invasion of personal privacy or reveal trade secrets). If the client needs assistance retrieving data from our platform to respond to a FOIL request, we will assist them as needed. This may involve extracting database records, logs, or documents in a usable format. We will only release data to the public as directed by the client agency or as required by law.
It’s important to note that disclosures required by FOIL are not considered a violation of privacy under this Policy or our agreements. FOIL is a law intended to ensure transparency in government, and BidLogiQ supports that goal. Therefore:
• If you are a vendor or contractor user, be aware that information you submit to a government agency via BidLogiQ (including your company name, the content of your bids/proposals, pricing, correspondence, etc.) might be disclosed to third parties through FOIL or similar laws. Certain personal details (like personal phone numbers or home addresses, if provided) could potentially be redacted under privacy exemptions, but business-related information is often subject to disclosure. We advise vendor users to consult with the public agency if they believe part of their submission is proprietary or should be exempt from disclosure, so that it can be handled appropriately (e.g., marked as trade secret/confidential upon submission as allowed by FOIL). Ultimately, the agency will decide what must be released.
• If you are a public-sector user, understand that any data you input into BidLogiQ (such as RFPs, evaluation notes, awards, messages, etc.) may enter the public domain if requested under FOIL. Our platform is designed to allow you to export or print records to facilitate FOIL responses. We also maintain audit logs that can help show when and by whom actions were taken, which can be useful if a records request requires demonstrating the history of a procurement. We recommend that you follow your organization’s guidelines for recordkeeping on BidLogiQ just as you would for any internal system, to ensure FOIL compliance.
Personal Privacy and FOIL: FOIL recognizes some exemptions to protect personal privacy and sensitive information. BidLogiQ will, when assisting with a FOIL response, flag any data that might be sensitive (for example, if any unexpected personal data is found in a record). However, the final decision on disclosure or redaction lies with the client agency. We encourage all users to avoid putting unnecessary personal data in the system to minimize privacy concerns. For instance, a procurement document typically should use official contact information, not personal phone numbers or emails, where possible.
In summary, BidLogiQ complies with open records laws by enabling government clients to fulfill their FOIL obligations. We will not impede or delay lawful requests for records. If we receive a direct public request for records (which is rare, since usually requests go to the agency), we will either refer the requester to the relevant agency or coordinate with the client to handle it. Any disclosure we make in good-faith compliance with FOIL or other laws will be considered authorized by you as part of using a service geared toward public-sector transparency. If you have further questions about how FOIL affects data on BidLogiQ, please contact us or your agency’s records access officer.
New York State Education Law 2-d Compliance
For our customers in the education sector, particularly New York school districts and BOCES, New York Education Law § 2-d (and its implementing regulations, 8 NYCRR Part 121) imposes specific privacy and security requirements when student, teacher, or principal personally identifiable information (“PII”) is shared with a third-party contractor. BidLogiQ is fully committed to complying with Education Law 2-d. Although our platform is primarily focused on procurement and not directly on student data, there may be instances where, for example, a contract or bid involves student-related information or a teacher’s professional data. In all such cases, we apply the following principles and safeguards in line with the law:
• No Unauthorized Use or Sale of Education Records: We do not sell student data or use any PII from student education records or teacher/principal data for any marketing or commercial purpose
. Any education record PII received by BidLogiQ (intentionally or inadvertently) will be used solely for the purposes explicitly authorized by the educational institution. We will never sell, rent, or trade such information, nor will we use it to target advertising.
• Data Protection and Security Plan: We maintain a comprehensive data security and privacy program that aligns with the NIST Cybersecurity Framework, as required by the NY Education Department. This program includes administrative, technical, and physical safeguards to protect PII. For example, we control access to systems with role-based permissions, we conduct employee training on data privacy, and we have written security policies and incident response plans in place.
• Encryption: In accordance with Education Law 2-d’s requirements for third-party contractors, all personal data we host for educational agencies is encrypted in transit and at rest. We use strong industry-standard encryption protocols (such as HTTPS/TLS for data in transit, and
AES-256 or equivalent for data at rest on our servers). This ensures that PII is protected from unauthorized access both when it is being transmitted over networks and when it is stored on disk. Encryption keys are managed securely, and our cloud infrastructure with AWS adheres to stringent security certifications.
• Disclosure of Subcontractors: If we utilize any subcontractors or sub-processors who may have access to student or teacher PII, we will inform the educational agency and ensure those subcontractors are bound by the same data protection obligations. (As noted, our primary infrastructure providers are AWS and Google, which may indirectly handle data for hosting and email – both are large companies with robust security compliance. We can provide a full list of any subcontractors for Education Law 2-d compliance upon request, as typically required in district vendor agreements.) All such parties must also sign agreements to safeguard PII at least as strictly as we do.
• Data Minimization: We strive to limit the collection of education-related PII to only what is necessary. Generally, BidLogiQ does not ask for student data. If you are a school district using our platform, the users from your district will typically be staff (whose professional contact information is not considered student PII) and vendors. If any document on the platform contains student PII, it should only be because it’s essential for the procurement (for instance, names of students in an individualized education program if procuring special education services). We encourage districts to review any uploaded content for unnecessary student information.
• Parents’ Bill of Rights and Data Access: We acknowledge that under Education Law 2-d, parents (and eligible students) have the right to inspect and review their child’s education records, and that any third-party contractor must facilitate such access when requested through the educational agency. While BidLogiQ itself is not an instructional or student-facing platform, if we do happen to hold any student PII subject to a request, we will coordinate with the school district to provide the
records to the district so they can fulfill the parent’s request. We also affirm the Parents’ Bill of Rights for Data Privacy and Security as applicable, which includes your rights such as the right to have complaints about data privacy breaches addressed (see “Data Breach Notification” below).
• Data Breach Notification: In the event of a breach or unauthorized release of student PII or teacher/principal data, BidLogiQ will promptly notify the affected educational agency as required by Education Law 2-d and other applicable laws. We will cooperate fully with the district to investigate and mitigate any breach. Notification will include the information required by law (nature of the breach, data elements exposed, etc.) and will be provided without unreasonable delay and no more than the timeframe set by regulation. We understand the importance of timely communication so that districts can, in turn, notify affected parents, students, or staff as needed .
• Data Return and Destruction: Upon the expiration or termination of our contract with an educational agency, or at the agency’s request, we will securely return or destroy any student or teacher PII we have received from that agency. We will do so in compliance with the contract terms and Ed Law 2-d requirements. Typically, “destruction” means we will securely erase electronic data (using methods that ensure data cannot be recovered) and certify such destruction. If the agency prefers data to be returned to them, we will transfer it in a secure format. We will not withhold any student data from the district, and we do not retain copies except as allowed by the agency for legal compliance or backup purposes.
• Ongoing Compliance: We agree to cooperate with our education clients in any compliance assessments or requests from the New York State Education Department relating to Ed Law 2-d. Our employees who handle education sector data receive training on the requirements of FERPA and Ed Law 2-d. We also designate a point of contact for data privacy (effectively a Data Protection Officer role) to address any questions or complaints from the district or parents regarding PII. If you need more details about our Ed Law 2-d compliance measures, please contact us and we can provide our full Data Security and Privacy Plan or sign a separate Data Privacy Agreement as needed.
In summary, BidLogiQ will treat any personally identifiable information from education records with the highest degree of care and in full compliance with New York State Education Law 2-d. We view ourselves as stewards of that data on behalf of the educational agency. We implement required safeguards like encryption, do not commercialize the data, and stand ready to fulfill all obligations (breach notifications, data return, etc.) to help our school district clients protect student privacy.
Data Security Measures
We understand that the security of your information is of utmost importance, especially given the public- sector context and legal requirements. BidLogiQ employs a combination of administrative, technical, and physical security measures to protect your personal information and content from unauthorized access, loss, or alteration:
• Secure Infrastructure: Our platform is hosted on Amazon Web Services (AWS), which maintains high industry standards for security and compliance (including SOC 2, ISO 27001, and FedRAMP certifications). AWS data centers are physically secure and have 24/7 monitoring. We leverage AWS security features such as virtual private cloud (VPC) isolation, firewall protection, and continuous network monitoring to safeguard data.
• Encryption: All communications between your browser and our platform are encrypted using HTTPS/TLS. This prevents eavesdropping on data as it travels over the internet. Additionally, as noted, we encrypt data at rest in the database and storage systems. Encryption keys are stored and
managed securely. For example, we use AWS Key Management Services to handle encryption keys with strict access controls.
• Access Controls: We restrict access to personal information strictly to those employees, contractors, or service providers who need it to operate or support the service. Internally, our staff accounts are protected with strong passwords and multi-factor authentication. Administrative access to the database or servers is limited to authorized personnel and is logged and audited. We follow the principle of least privilege, meaning each team member or system component only has the minimum access necessary for its function.
• Monitoring and Audit: BidLogiQ implements monitoring tools to detect unusual behavior or potential intrusions. We maintain detailed audit logs of administrative actions and access to sensitive data. Any access to production systems is logged. We also utilize intrusion detection systems and regularly review security alerts from our infrastructure. If our monitoring ever indicates a problem (such as a potential security incident or performance issue), we respond immediately to investigate and remediate.
• Testing and Assessments: We conduct periodic security assessments, which may include vulnerability scanning, penetration testing by third-party experts, and code reviews, to identify and fix potential weaknesses in our application and infrastructure. Our software development lifecycle includes security checkpoints and testing of new features for security impact.
• Employee Training and Policies: All BidLogiQ (BidStream) employees with access to user data undergo background checks and receive training on confidentiality, data privacy, and security best practices. We have internal policies in place governing how data is handled (for example, no data is to be downloaded to unsecured personal devices, and all company laptops are encrypted). Employees are required to report any security incidents or potential vulnerabilities immediately.
• Third-Party Risk Management: As described, we carefully select third-party service providers and ensure they have strong security measures. We review their security documentation and compliance reports. Our contracts with them include data protection terms. We also limit what data they can access (for instance, Google Analytics only sees anonymized usage data; AWS staff do not access our stored content).
• Backups and Recovery: We perform regular backups of critical data to guard against accidental loss or corruption. Backup data is encrypted and stored in secure, geographically distributed locations (within the U.S.) to ensure that even in the event of a disaster affecting one data center, we can restore information. We periodically test our backup restoration procedures to verify data can be recovered.
• Incident Response: We have a documented incident response plan. In the event of a security breach or data incident, we will promptly contain and investigate the issue, mitigate any vulnerabilities, and notify affected parties as required (as noted in the FOIL and Ed Law 2-d sections for specific obligations). Our plan includes steps for communicating with customers and authorities, and providing timely information and guidance to users on protective measures, if needed.
While we strive to protect your information, it is important to note that no system can be 100% secure. We cannot guarantee absolute security of data. However, we are continuously working to update and improve our safeguards. We also encourage users to take steps on their end, such as choosing a strong, unique password for BidLogiQ and not sharing login credentials. If you suspect any unauthorized access to your account or any security vulnerabilities, please notify us immediately so we can assist.
By using BidLogiQ, you acknowledge and accept that we implement the above security measures and that, despite our best efforts, no security measure is infallible. Rest assured, any breach of security will be handled with the utmost urgency and transparency.
Your Rights and Choices
We believe in transparency and giving users reasonable control over their personal information. Although
U.S. privacy laws can vary by state and context, we extend the following rights and choices to all registered users of BidLogiQ:
• Access and Correction: You have the ability to access and update much of your account information directly by logging into BidLogiQ and visiting your account profile settings. Here, you can edit information such as your name, title, contact information, and password. If any personal information we have about you is incorrect or has changed, we encourage you to correct it promptly via the self- service tools. For any information not editable through the platform (for example, if you cannot change your organization name or an old email address after leaving a company), you may contact us to request an update or correction. We may need to verify your identity before making changes to ensure we do not modify or release data to an unauthorized person.
• Data Portability: You may request a copy of the personal data we hold about you in a common electronic format. For example, vendor users can request their profile information and any bid submissions be exported. Agency clients can export records from the system at any time through built-in features, but we can assist if a more comprehensive export is required. We will provide the data in a reasonable format (such as CSV, PDF, or JSON files) that you can use or transfer as you see fit.
• Account Deactivation and Deletion: If you wish to deactivate or delete your BidLogiQ account, you (or your organization’s administrator) can contact us with such a request. We will process account deletion requests provided that the data is not required to be retained for legal or contractual reasons. For example, if you are an individual vendor user with no outstanding obligations, we can delete or anonymize your personal information at your request. However, as noted in the Data Retention section, data that forms part of a public record (such as a bid you submitted to a public agency) may need to be retained by that agency. In such cases, we may anonymize your account (so your profile information is erased or scrambled) but preserve the content of your submissions in the agency’s records. We will inform you of the outcome of any deletion request. Note that once deleted, your account credentials will no longer work, and you will lose access to any services that require login.
• Opt-Out of Communications: We may send you certain communications about the BidLogiQ service. You cannot opt out of transactional or administrative emails that are important for providing our service (e.g., notifications of a winning bid, system maintenance notices, security alerts, etc.). However, if we ever send optional newsletters or promotional communications, you will be given the opportunity to unsubscribe or opt out from those. We will honor all opt-out requests promptly. Also, we do not engage in third-party marketing, so you will not receive marketing emails from external companies through us.
• Cookie Preferences: As discussed earlier, you can control cookies through your browser settings. If you wish to disable analytics tracking (e.g., Google Analytics), you can install the Google Analytics Opt-Out Browser Add-on or use browser settings to block third-party cookies. Keep in mind disabling certain cookies may affect functionality. We currently do not offer an in-app cookie management tool, but we only use cookies as described (with no advertising cookies).
• California Privacy Rights: While BidLogiQ is focused on public-sector and B2B use (and not typically subject to consumer privacy laws like the California Consumer Privacy Act “CCPA”), if you are a California resident and believe that CCPA or similar state laws apply to your data with us, you can contact us to exercise your rights. To the extent those laws apply, you may have the right to request
details about what personal information we have collected, to request deletion of your personal information, or to opt out of any “sale” of personal information (though we do not sell data). We will treat all such requests in accordance with applicable law. Similarly, if you are in a state with a specific privacy law (e.g. Virginia, Colorado), you can reach out and we will facilitate your rights as required.
• Government Agency Users: If you are using BidLogiQ on behalf of a government agency, your rights may also be governed by your agency’s policies. For instance, if you are an employee of a public agency, your ability to delete or modify certain data might require approval by your agency, since the data might be an official record. We recommend coordinating with your agency’s IT or records management department for any significant data changes. We will of course cooperate with official requests from your agency regarding addition, deletion, or disclosure of data in your accounts.
How to Exercise Your Rights: To exercise any of your rights that cannot be done directly through the platform, please contact us using the information in the “Contact Us” section below. Provide sufficient information for us to verify your identity (for example, emailing from the address associated with your account and telling us your organization). For certain requests, we may ask for additional verification or have you go through your organization for approval, if applicable. We will respond to requests as soon as practicable and no later than any timeframe required by law. If we need more time or cannot fulfill a request (e.g., due to a legal exception), we will inform you of that and the reason.
We will not retaliate against you for exercising any privacy rights. We also will not charge you a fee for requests, unless they are excessive or unfounded (in which case we will explain the reasoning). Our goal is to be as transparent and helpful as possible in giving you control over your personal data.
Changes to This Privacy Policy
We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. If we make changes, we will post the revised policy on our website and update the “Effective Date” at the top. Material changes will be highlighted or communicated to users via email or an in-app notification. For example, if we were to start collecting new types of data or use your information for new purposes not previously disclosed, we would inform you in advance and, if required, seek your consent.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of the BidLogiQ platform after any changes to the Policy constitutes your acceptance of the updated terms, to the extent permitted by law. If you do not agree with a change, you should discontinue use of the service and may request deletion of your data as described above.
Please note that this Privacy Policy is not a contract and does not create any legal rights or obligations beyond those that already exist under applicable law. It is a statement of our practices and your rights. We strive for clarity and fairness in our privacy communications, and we welcome feedback from our users on any Policy changes.
Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or how BidLogiQ handles your information, please contact us using the details below. We will do our best to address and resolve your inquiry in a timely manner.
Contact Information:
• By Email: You can reach our privacy team at privacy@bidlogiq.com (or an alternative email if provided on our website). Please include “Privacy Inquiry” in the subject line and detail your question or request.
• By Mail: You may also contact us in writing at:
BidStream, LLC (BidLogiQ) – Privacy Officer 418 Broadway, STE N
Albany, NY 12207 United States
• For Education Clients (Ed Law 2-d): If you are a parent, eligible student, or district official inquiring specifically about Education Law 2-d or student data privacy, you can contact us through the above channels. Please indicate that your request is related to “NY Ed Law 2-d” so we can route it appropriately. You may also contact the relevant school district’s Data Protection Officer, who can liaise with us.
• For FOIL/Public Records: If you are a member of the public or an official seeking records from a BidLogiQ client, please direct your request to the relevant government agency’s records access officer or FOIL officer. BidLogiQ cannot directly process FOIL requests from the public, but we will assist our client agencies in responding. If you have questions about how to obtain records, you may contact us for guidance and we can help connect you with the right agency contact.
Complaints: If you believe we have handled your personal information in violation of this Policy or applicable law, we urge you to contact us so we can address the issue. For residents of certain states, you may also have the right to contact your state Attorney General or privacy regulator. Public-sector users may additionally raise concerns with oversight bodies like the NYS Committee on Open Government (for FOIL issues) or NYSED’s Chief Privacy Officer (for Education Law 2-d issues). We will fully cooperate with any official investigations and work in good faith to resolve any privacy or security issues.
Thank you for trusting BidLogiQ with your information. We are dedicated to maintaining that trust through our commitment to privacy, security, and compliance.
Effective Date: This Privacy Policy is effective as of June 12, 2025. It supersedes any prior privacy policy for BidLogiQ. We will archive previous versions of this Policy and make them available upon request for reference.