BidMySmile Privacy Policy

1. Introduction.

This Privacy Policy has been developed by Company to better serve those Users who are concerned with how their Personally Identifiable Information (“PII”) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read this Privacy Policy carefully to gain a clear understanding of how Company collects, uses, protects or otherwise handles your Personally Identifiable Information in accordance with use of www.bidmysmile.com.

2. Personal Information Collected from Users of the Website.

When ordering services or registering on the Website, as appropriate, Consumer Users may be asked to enter or provide information such as (but not limited to) name, e-mail address, mailing address, phone number, and dental photographs. Provider Users may be asked to provide information such as (but not limited to) practice profile and credit card information. Other data may be requested in order to help all Users enjoy an improved experience in using the Website or Company’s services.

3. When Information is Collected.

Information is collected from Users upon entry into forms on the Website.

4. Use of User Information.

Company may use the information collected from Users in the following ways:

To process transactions

To ask for ratings and reviews of services, or of other Users

To follow-up with correspondence related to the service

Furthermore, when Users select a Bid Offer by clicking within the Website, User profile information described in Section 2 of this Privacy Policy will be transmitted to the Orthodontic Specialist Provider associated with the Bid Offer selected. The Company works with the Provider to arrange an in-person consultation appointment between the User and the Provider, however, all financial arrangements related to clinical treatment are made directly between the User and the Provider. UNDER NO CIRCUMSTANCES IS THE COMPANY INVOLVED IN FINANCIAL ARRANGEMENTS BETWEEN THE USER AND THE PROVIDER.

5. Protection of User Information.

The Website is scanned on a regular basis for security holes and known vulnerabilities in order to make visiting and use of the Website as safe as possible. The Company uses an outsourced server back end in a complete cloud environment. Code repository is stored with an outsourced, cloud-based maintenance system.

User personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information supplied is encrypted via Secure Socket Layer (SSL) technology, which is provided to the Company by its DNS provider.

A variety of security measures are implemented when Users enter, submit, or access information in order to maintain the safety of all personal data. Passwords are encrypted using industry standard best practices. Credit card handling is completely outsourced to a vendor, and Company’s communication between its server and the vendor’s server is server-to-server. When Users submit a credit card on the Website, it is submitted over full SSL and encrypted to the server, where it is immediately sent to the credit card processing vendor, then discarded. The Company only maintains a pointer to the credit card data , not the actual credit card data itself.

6. Cookies.

The Company does plan to use cookies. Currently, it uses web local storage, which is very similar to cookies. There are plans to use cookies in the future.

Company is required to inform Users that computers can be configured to warn each time a cookie is being sent, or all cookies can be turned off. This step is done through the computer’s or device’s browser settings. Since each browser is slightly different, reference the browser's Help Menu to learn the correct way to modify cookies.

If cookies are turned off, some of the features that make a website experience more efficient may not function properly.

7. Third-Party Disclosure and Third-Party Links.

Company does not sell, trade, or otherwise transfer to outside parties any Personally Identifiable Information. Company does not include or offer third-party products or services on the Website.

Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for Users. Company has not enabled Google AdSense on the Website, but may do so in the future.

8. California Online Privacy Protection Act (“CalOPPA”).

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting Personally Identifiable Information from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. More information can be found here .


According to CalOPPA, Company agrees to the following:

- Users can visit the Website anonymously.

- A link to this Privacy Policy will exist on the Website home page or on the first significant page after entering the Website.

- Privacy Policy and links to Privacy Policy will include the word, 'Privacy,' and can easily be identified.

- Users will be notified of any Privacy Policy changes via the Privacy Policy on the Website.

- User personal information can be changed by logging in to the User account


9. ‘Do Not Track’ Signals.

Company honors Do Not Track signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. Company also does not allow third-party behavioral tracking.

10. Children Online Privacy Protection Act (“COPPA”).

When it comes to the collection of personal information from children under the age of 13 years old, COPPA puts parents in control. The Federal Trade Commission enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.

Company does not specifically target-market to children under the age of thirteen (13) years old.

11. Fair Information Practices.

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts that they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be compliant with Fair Information Practices, Company will take the following responsive action, should a data breach occur:

- Notify the Users via in-site notification within seven (7) business days

- Agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

12. CAN SPAM Act.

The CAN SPAM Act is a law that sets the rules for commercial e-mail, establishes requirements for commercial messages, gives recipients the right to have e-mails stopped from being sent to them, and spells out penalties for violations.

Company collects your e-mail address to p rocess service orders and to send information and updates pertaining to service orders.


To be in accordance with CANSPAM, Company agrees to the following:

Not use false or misleading subjects or e-mail addresses.

Identify promotional messages as an advertisement in some reasonable way.

Include the physical address of Company’s business or site headquarters.

Monitor third-party e-mail marketing services for compliance, as applicable.

Honor opt-out/unsubscribe requests quickly.

Allow users to unsubscribe by using the link at the bottom of each e-mail.


If at any time Users would like to unsubscribe from receiving future e-mails, send a request to
[email protected], and Users will promptly be removed from ALL correspondence.

13. Contacting the Company.

If there are any questions regarding this Privacy Policy, please contact the Company using following information:

Bid Doc, Inc.

4461 Addenbrooke Loop

Castle Rock, CO 80109

BidMySmile Logo White

Social Links