Submit a Referral. Earn $100!
Do you think ClickBid can benefit another charity auction? Click here to refer them and earn $100.

Last Updated: July 2020

This document outlines the data collected by BidKit (BidKit hereafter) for the purpose of running online auction services. Questions or comments can be directed to our technical support team at [email protected].

1.1 Personal Data Collected By BidKit

Bidder Personal Data: BidKit collects identifiable data from Organization donors (Bidders) and stores it securely in our Virtual Private Cloud (VPC) service provided by Amazon Web Services (AWS). This data may include the following information:

BidKit maintains this data within their database and one-way encrypts password information. This data is available to the Bidder so long as they are required to provide a password to bid on auction items. If no password is required, the ability to view and change personal information is not available. This data is also available to the Organization conducting the event and BidKit Administration.

Bidder Bid Data: BidKit collects bid information from registered Bidders and stores it securely in the same manner as Bidder Personal Data. This data may include the following information:

This data is available to a bidder who is successfully logged into the platform. It is also available to the Organization conducting the event and BidKit Administration.

Bidder Receipt/Invoice Data: BidKit collects and processes winning bids, donation and purchases from an auction. This data may include the following information:

This data is available to a bidder who is successfully logged into the platform. It is also available to the Organization conducting the event and BidKit Administration.

Organization Data: BidKit collects information from an Organization who wishes to use BidKit Mobile Bidding. We store this data in the same manner as listed above. This data may include the following:

This data is available to the Organization conducting the event and BidKit Administration.

1.2 Purpose Of Data Collected By BidKit

Bidder Personal Data: BidKit captures this data to assist the Organization in keeping accurate data on their donors. This data also allows a bidder to receive important updates from the software via automated alerts and from the Organization. Bidders who provide this information agree to BidKit terms and conditions.

Bidder Bid Data: BidKit captures this data to manage bid histories and current bids on silent auction items created by the charity. These histories allow BidKit to determine winners, and items necessary for payment. This data is also available to the Organization so that they can see Bidder histories, statistics across the entire event to help build better auctions.

Bidder Receipt/Invoice Data: BidKit captures this data to show the Bidder that they have yet to pay or have paid for their auction totals. This data is a list of auction items, donations and purchases that the Bidder has made during the auction. The Organization can also use this data to check on the status of a Bidder in the payment process as well as pull statistics on the entire event to see where there was success and potential improvements for future events.

Organization Data: BidKit captures this data to assist in overall communication with the Organization using BidKit. The data is used to send emails, invoices, ACH payments (where applicable) and link to external services like payment processors. This data is also used to organize auction items, Bidders, bids and other data relevant to the Organization.

1.3 Third Parties Access To User Data

Stripe: BidKit will provide Stripe with bidder name, phone and email data in addition to organizational name, phone and email data. This data is then stored on Stripe vaults.

A note on credit card numbers: In an effort to maintain the highest level of security, BidKit leverages hosted fields or iFrames whenever possible. This means that credit card data is never transmitted through BidKit’s network. Data is sent directly to the credit processor and token data is sent back to BidKit for storage. Therefore, a Bidder or Organization entering credit card data on any BidKit site is transmitting it directly to the card processor and bypassing any BidKit web service.

1.4 User Consent Processes

All Organizations and Bidders must agree to our terms and conditions which include data consent. If a record is on file in our platform, they have agreed to and consented with our terms and conditions.

1.5 Data Protection Strategies

To protect all data at BidKit, we leverage Virtual Private Cloud (VPC) services from Amazon Web Services. In the case of our data, we do not allow outside access to our database layer. Only approved machines are allowed access along with services located within the VPC.

In addition, all our data is organized using indexes to avoid data corruption or data duplication. We also employ data filtering methods on our web layer to avoid malicious data from being executed on our database and compromising information.

Regarding payment data, we automatically remove credit card tokens after a specific number of days to avoid maintaining any lingering information. We only retain Organizational tokens for the purposes of renewal.

At any time, a Bidder or Organization can request to have their information removed from our system and we will comply within 24 hours of the request. Upon request, we will remove the data from our system and it will no longer be available to execute within our platform.