TakeOn
Open app →

Legal · Privacy

Privacy Policy.

Last updated: May 8, 2026

1. About this policy

This Privacy Policy explains what personal information TakeOn (“we”) collects, how we use it, and your choices. It applies to anyone who visits our marketing pages, signs up for an account, or uses the Service.

2. Information we collect

Information you provide

  • Account info: name, email, password (hashed; we never see your plaintext password), workspace details (name, location, phone, country) you supply.
  • Customer Content: the PDFs, takeoff data, annotations, templates, and exports you upload or create.
  • Communications: emails, support tickets, and feedback you send us.

Information we collect automatically

  • Usage: pages visited, features used, errors encountered, and aggregate timing — used to improve the Service and detect problems.
  • Device & connection: IP address, browser, OS, approximate location derived from IP.
  • Cookies: a session cookie to keep you logged in (required for the Service to function), plus a small number of strictly necessary cookies. We don’t use third-party advertising cookies.

Information from third parties

  • OAuth providers (Google, Microsoft): when you sign in with one of these, we receive your name, email, profile picture, and a stable provider-issued user identifier. We don’t receive your password.

3. How we use it

  • Provide, operate, and improve the Service.
  • Authenticate you, secure your account, and detect fraud or abuse.
  • Send transactional emails (verification, password reset, workspace invitations). These are not opt-out; they’re required for the Service.
  • Send occasional product updates and tips to users who opt in during signup. You can unsubscribe at any time in Settings → Account → Notifications.
  • Comply with legal obligations and enforce our Terms.

4. Sub-processors

We rely on a small number of well-known infrastructure providers to run the Service. These providers process your data on our instructions:

  • Amazon Web Services — hosting, file storage (S3), email delivery (SES), DNS (Route 53). Region: US East.
  • MongoDB — primary database for accounts, workspaces, and takeoff metadata.
  • Google — optional sign-in via Google OAuth.
  • Microsoft — optional sign-in via Microsoft Entra (work, school, and personal accounts).

We don’t sell your data, and we don’t share Customer Content with third parties except sub-processors above acting on our behalf, or when required by law (see Section 6).

5. Cookies and similar technologies

The session cookie is essential to keep you signed in. It’s httpOnly, signed, and same-site so it can’t be read by other sites or by JavaScript. Disabling it will prevent you from using the Service.

6. Legal requests

We may disclose information if required by law, subpoena, or court order, or where we believe in good faith that disclosure is necessary to protect rights, safety, or property. Where lawful, we’ll notify the affected user before complying.

7. Data retention

We retain account information and Customer Content as long as your account is active. When you delete your account or a workspace, we delete or anonymize associated data within 30 days, except where retention is required by law or to resolve disputes.

Backups containing deleted data may persist for up to 90 days before being overwritten on rotation.

8. Security

We protect data in transit with TLS, store passwords as argon2 hashes, and apply least-privilege access controls to production systems. No system is perfect — please report suspected vulnerabilities to contact@takeonbid.com.

9. Your choices and rights

  • Access & correction: view and edit your profile in Settings → Profile.
  • Notification preferences: opt out of product update emails in Settings → Account → Notifications.
  • Export: takeoff data is exportable from the Service via the Export feature.
  • Deletion: contact contact@takeonbid.com to request account or workspace deletion. We’ll act on the request within 30 days.
  • Residents of California, the EEA/UK, and other regions: you may have additional rights (such as access, portability, objection, or to lodge a complaint with a supervisory authority). Email contact@takeonbid.com to exercise them.

10. International transfers

The Service is hosted in the United States. If you access it from another country, your information will be transferred to and processed in the US. We rely on appropriate safeguards (such as Standard Contractual Clauses where required) for transfers from regions with cross-border restrictions.

11. Children

The Service is not directed at children under 13 (or under 16 in regions where that’s the relevant age). We don’t knowingly collect personal information from children. If you believe we have, contact us and we’ll delete it.

12. Changes

We may update this policy from time to time. We’ll change the “Last updated” date above and, for material changes, notify you by email or an in-app notice.

13. Contact

For privacy questions or to exercise your rights, email contact@takeonbid.com.