Privacy Policy

Solhunde AI Consulting Inc. (“Company,” “we,” “us,” or “our”) operates MudBid (the “Service”), a cloud-based field service management platform for drywall contractors. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use the Service.

This Privacy Policy is designed to comply with the Personal Information Protection Act (PIPA) of Alberta (SA 2003, c. P-6.5) and the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada. Where both apply, we follow the stricter standard.

By using the Service, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

We have designated a Privacy Officer responsible for our compliance with privacy legislation and for responding to your privacy-related inquiries and complaints.

You may contact our Privacy Officer at any time with questions, concerns, or requests regarding your personal information.

3.1 Information You Provide Directly

Account Information: When you create an account, we collect your name, email address, password, company name, phone number, and business address.

Customer Data: You enter information about your customers into the Service, including their names, email addresses, phone numbers, physical addresses, and job-related notes. You are responsible for ensuring you have the right to enter this information and that your customers are aware of how their information is used.

Job and Financial Data: Job descriptions, photographs, quotes, invoices, payment records, and scheduling information you create within the Service.

Communications: Information you provide when contacting our support team or providing feedback.

3.2 Information Collected Automatically

Usage Data: We collect information about how you use the Service, including pages visited, features used, actions taken, and time spent.

Device and Browser Information: Browser type, operating system, device type, screen resolution, and language preferences.

Log Data: IP address, access times, referring URLs, and error logs.

Cookies: We use essential cookies for authentication and session management. We do not use advertising cookies or third-party tracking cookies. See Section 10 for details.

3.3 Information from Third-Party Services

Stripe: Payment confirmation data, transaction status, and payment method type (we do not receive or store full credit card numbers).

Supabase: Authentication tokens and session data for secure access to the Service.

We use your personal information for the following purposes, and we limit our use to what is necessary for each purpose:

Providing the Service: To operate, maintain, and deliver the features of the Service, including job management, quoting, scheduling, invoicing, and payment processing.

Communications: To send you transactional emails related to your account and use of the Service, including quote and invoice delivery, payment confirmations, and system notifications.

Improvement: To analyze usage patterns and improve the Service. When we use your data for improvement purposes, we anonymize and aggregate it so it cannot identify you or your customers.

Security: To detect, prevent, and respond to fraud, abuse, or security incidents.

Legal Compliance: To comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We share your personal information only in the following circumstances:

Service Providers: We share data with third-party service providers who help us operate the Service. These providers are contractually required to protect your information and use it only for the purposes we specify. Our current service providers include: Stripe (payment processing, United States), Resend (email delivery, United States), Supabase (database and authentication, United States), and Sentry (error monitoring, United States).

Your Customers: When you send a quote or invoice through the Service, we deliver it to your customer's email address. The quote or invoice contains the information you included (your business name, line items, pricing, and payment link).

Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, property, or safety of the Company, our users, or the public.

Business Transfer: In the event of a merger, acquisition, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

Your personal information may be transferred to and processed in the United States by our service providers (Stripe, Resend, Supabase, Sentry). By using the Service, you consent to this transfer.

We ensure that our service providers maintain appropriate safeguards for the protection of your personal information through contractual obligations, including data processing agreements where applicable.

You should be aware that personal information transferred outside Canada may be subject to the laws of the jurisdiction in which it is held, including lawful requirements to disclose personal information to government authorities in those jurisdictions.

We retain your personal information for as long as your account is active or as needed to provide the Service. After account termination, we retain your data as follows:

• Customer Data: Available for export for 30 days after termination. After the export period, Customer Data is deleted within 90 days.
• Account Information: Retained for 7 years after termination for tax and accounting compliance (CRA requirements).
• Invoice and Payment Records: Retained for 7 years for tax and accounting compliance.
• Usage Logs: Retained for 12 months, then anonymized or deleted.

You may request deletion of your personal information at any time, subject to our legal retention obligations. See Section 8 for details.

Under PIPA and PIPEDA, you have the following rights regarding your personal information:

Right of Access: You may request access to the personal information we hold about you. We will respond within 45 days of receiving your request (PIPA requirement).

Right to Correction: You may request correction of inaccurate or incomplete personal information. You can also update most information directly through the Service.

Right to Withdraw Consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions. Withdrawing consent may limit your ability to use certain features of the Service.

Right to Complain: If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Office of the Information and Privacy Commissioner of Alberta (OIPC) at www.oipc.ab.ca.

To exercise any of these rights, contact our Privacy Officer at privacy@mudbid.ca. We may require verification of your identity before processing your request.

We implement technical, administrative, and physical safeguards to protect your personal information, including:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest.
• Access Controls: Role-based access controls and row-level security policies ensure that users can only access data belonging to their organization.
• Authentication: Secure password hashing, session management, and optional multi-factor authentication.
• Infrastructure: Our hosting providers (Supabase) maintain SOC 2 Type II certifications and implement physical security measures at their data centers.
• Monitoring: We use error tracking and monitoring tools to detect and respond to security incidents.

No security system is impenetrable. While we take reasonable measures to protect your information, we cannot guarantee absolute security. If we become aware of a security breach that creates a real risk of significant harm, we will notify the OIPC and affected individuals as required by PIPA.

We use only essential cookies necessary for the operation of the Service:

Authentication Cookies: To maintain your login session and verify your identity.

Security Cookies: To prevent cross-site request forgery and other security threats.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not participate in ad networks or sell data to advertisers.

The Service is designed for business use by drywall contractors and is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the updated policy on the Service and update the “Effective Date.”

For material changes, we will notify you by email at least 30 days before the changes take effect. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

We comply with Canada's Anti-Spam Legislation (CASL) in all electronic communications.

Transactional Messages: Emails related to your account, Service operations, quotes, invoices, and payment confirmations are service messages exempt from CASL consent requirements.

Commercial Messages: We will only send you commercial electronic messages (product announcements, promotional offers) with your express consent. Every commercial message includes: our identity and contact information, a functioning unsubscribe mechanism, and processing of unsubscribe requests within 10 business days.

You may withdraw consent to receive commercial messages at any time by clicking the unsubscribe link in any email or by contacting us at privacy@mudbid.ca.

In the event of a breach of security safeguards involving personal information under our control, we will:

1. Contain the breach and preserve evidence.
2. Assess the breach to determine whether it creates a real risk of significant harm to affected individuals.
3. If the threshold is met: notify the Office of the Information and Privacy Commissioner of Alberta (OIPC) and notify affected individuals as soon as reasonably practicable, including the nature of the breach, the information involved, steps we have taken, steps individuals can take to protect themselves, and our contact information.
4. Maintain a record of all breaches, regardless of whether the notification threshold is met, as required by PIPA.

If you have questions about this Privacy Policy, want to exercise your privacy rights, or have a privacy concern, contact us at:

If you are not satisfied with our response, you may contact: