Privacy Policy

This Privacy Policy explains how NamBid collects, uses, stores, and shares information when you visit nambid.com or use the product workspace.

It applies to account creation, billing, dashboard usage, file uploads, support messages, and connected outbound workflow settings, including Google mailbox delivery and Resend delivery when those features are enabled by a user.

We collect information you provide directly and information generated while the service is being used.

• •Account details such as name, email address, organization name, and login identifiers.
• •Workspace data such as analyzed domains, notes, saved reports, buyer maps, outreach drafts, sent outreach history, and sender identities.
• •Billing records such as Stripe customer identifiers, subscription identifiers, plan status, and invoicing metadata.
• •First-party analytics events such as public page views, CTA clicks, and product activation milestones.
• •Technical data such as IP address, device/browser details, request logs, and security signals needed to operate the service.

If you choose to connect a Google mailbox to NamBid, the app requests only the Google data needed to let you send outreach from that mailbox.

The Google OAuth scopes requested by the app are `openid`, `email`, and `https://www.googleapis.com/auth/gmail.send`.

• •Your Google account email address, so NamBid can identify the connected mailbox and show the correct sending address in settings and outreach.
• •A Google refresh token, which NamBid stores in encrypted form so it can obtain short-lived access tokens needed to send mail on your behalf later.
• •Temporary Google access tokens used during mailbox connection and send operations. These are used in memory for the active request and are not stored as long-term workspace records.
• •The recipient address, subject line, and message body for emails you explicitly choose to send or test-send through the product.

NamBid does not request permission to read your Gmail inbox, read existing Gmail messages, access your contacts, access your calendar, or access Google Drive files for the connected-delivery feature.

The Google mailbox integration is limited to verifying the mailbox identity and sending emails you direct the app to send.

We use collected information to operate the service, secure accounts, process billing, deliver requested outputs, respond to support issues, and improve product reliability.

We may also use the information to investigate abuse, enforce our terms, and comply with legal obligations.

When Google mailbox delivery is connected, Google user data is used only to operate that user-requested sending feature.

• •To authenticate the connected Google mailbox and confirm which address is authorized for sending.
• •To refresh a short-lived Google access token when a user sends an outreach email or delivery test.
• •To submit the email content that the user chose to send through the Gmail send API.
• •To store workspace-level send history such as sender, recipient, subject, body, provider message ID, delivery status, and sent timestamp after a send is attempted.
• •To support account security, troubleshooting, and abuse prevention related to connected delivery.

We share information with service providers only to the extent needed to run the product and related operations.

We do not sell Google user data.

• •Google receives the OAuth and Gmail send requests needed to connect a mailbox and send emails that the user instructs NamBid to send.
• •Clerk for authentication and user/session management.
• •Stripe for checkout, subscriptions, invoices, and billing events.
• •Vercel and infrastructure providers for hosting, deployment, and operational logging.
• •OpenAI and configured model providers for AI-assisted workflow output where enabled.
• •Resend for outbound email delivery where email sending is configured.
• •Brave Search or other configured research providers when external evidence gathering is enabled.

We use reasonable administrative, technical, and organizational measures to protect data, but no internet-based system can be guaranteed perfectly secure.

Connected Google delivery credentials are handled with additional limits because they control live sending.

• •The connected Google mailbox email address and Google refresh token are stored in NamBid only as needed to operate the connected delivery feature.
• •Google refresh tokens are encrypted before storage in the application database.
• •Short-lived Google access tokens are obtained only when needed for connection or sending and are not stored as long-term workspace records.
• •Operational access is limited to the systems and providers needed to run the service, secure accounts, and process the requested send actions.
• •You should use strong credentials, keep workspace access limited to authorized users, and notify us promptly if you suspect compromise.

We retain information for as long as needed to provide the service, maintain workspace continuity, resolve disputes, enforce agreements, and comply with legal or accounting obligations.

Retention periods may differ depending on the type of data, subscription status, whether a connected delivery method is still active, and whether deletion has been requested.

If you disconnect a Google mailbox inside NamBid, the stored Google connection record for that mailbox is removed from NamBid systems.

To request deletion of account, workspace, or connected-delivery data, contact contact@nambid.com. We may retain limited records where required for security, fraud prevention, legal compliance, or accounting.

You may review, update, or delete certain account information inside the product. You may also request account-related assistance, data export, or deletion help by contacting us.

You can control billing separately through the Stripe billing portal when that feature is available for your workspace.

NamBid is intended for business users and is not directed to children under 13.

If you access the service from outside the United States, you understand that your information may be processed in the United States or other jurisdictions used by our providers.

We may update this Privacy Policy as product features, providers, or legal requirements evolve. The latest version will be posted here with an updated effective date.