This Privacy Policy explains how [COMPANY LEGAL NAME] ("Company", "we", "us", or "our") collects, uses, stores, shares and protects personal data when you use [SERVICE NAME], available at [DOMAIN] and related services, applications, APIs and communications (together, the "Service").
The Service helps users search, monitor, analyse and manage public procurement opportunities, including tender notices, CPV categories, buyer information, public procurement documents and AI-generated tender insights.
1. Controller
For the purposes of the General Data Protection Regulation ("GDPR"), the data controller is:
Address: [REGISTERED ADDRESS]
Email: [PRIVACY EMAIL]
Data Protection Officer, if appointed: [DPO EMAIL OR "Not appointed"]
If you use the Service on behalf of an organisation, that organisation may also act as a controller for certain personal data it uploads or manages through the Service.
2. Personal Data We Collect
We collect the following categories of personal data.
2.1 Account and user data
When you create an account or use the Service, we may collect:
- name;
- business email address;
- company name;
- job title or role;
- password or authentication information;
- account settings;
- language and notification preferences;
- billing and subscription details, if applicable.
2.2 Company profile and procurement preferences
To help match tenders to your organisation, you or your team may provide:
- company description;
- products and services;
- target countries and markets;
- CPV codes and procurement categories of interest;
- languages;
- certifications;
- past project references;
- sector preferences;
- bid/no-bid criteria;
- preferred contract sizes;
- internal notes and saved tenders.
You should avoid uploading unnecessary personal data into company profiles or notes.
2.3 Tender, bid and evidence data you upload
If you use bid preparation, evidence library or document analysis features, you may upload or enter:
- company documents;
- certificates;
- case studies;
- reference descriptions;
- CVs or team profiles;
- declarations;
- tender documents;
- internal comments;
- bid-related notes;
- files, PDFs, spreadsheets or other attachments.
Some of these documents may contain personal data about employees, contractors, clients or contacts. You are responsible for ensuring you have the right to upload and process such data through the Service.
2.4 Public procurement data
We collect and process public procurement data from public sources, including official procurement portals such as TED and other public procurement websites. This may include:
- tender notices;
- buyer names and buyer contact information;
- public authority details;
- supplier names in award notices;
- public contract information;
- CPV codes;
- publication dates;
- submission deadlines;
- tender links and public documents.
This data is generally public procurement information, but some records may include personal data such as contact names or email addresses of public officials or supplier representatives.
2.5 AI interaction data
When you use AI features, we may process:
- prompts and questions you submit;
- tender metadata sent for analysis;
- uploaded tender documents selected for AI analysis;
- company profile information used for matching;
- AI-generated summaries, risk flags, bid/no-bid recommendations and fit scores;
- feedback you provide on AI outputs.
We use AI to assist users, but AI outputs may be incomplete or inaccurate. You should review AI-generated content before relying on it for procurement, legal, financial or commercial decisions.
2.6 Usage, device and log data
We may automatically collect:
- IP address;
- browser type;
- device information;
- operating system;
- pages viewed;
- search queries;
- clicks and actions within the Service;
- dates and times of access;
- error logs;
- API usage logs;
- approximate location derived from IP address.
2.7 Cookies and similar technologies
We may use cookies and similar technologies to keep you signed in, remember settings, secure the Service, analyse usage, improve performance and measure product adoption. Where required by law, we will request your consent before using non-essential cookies.
3. How We Use Personal Data
3.1 Providing the Service
We process data to create and manage user accounts, authenticate users, provide tender search and filtering, show tender details, save tenders and watchlists, generate AI tender summaries, provide tender fit scores, support bid/no-bid analysis, manage company profiles and evidence libraries, provide alerts and notifications, and respond to user requests.
3.2 AI analysis and tender matching
We may use AI systems to summarise tender notices, classify opportunity type, identify submission deadlines and procurement risks, compare tender data against company profiles, generate fit scores, suggest next steps and extract requirements from documents, where available.
We do not intend AI outputs to be the sole basis for legally binding or high-impact decisions. Users remain responsible for reviewing tender requirements and making final business decisions.
3.3 Product improvement and analytics
We use usage and feedback data to improve search relevance, debug errors, improve AI prompts and workflows, understand feature usage, develop new features, and improve security and performance. Where possible, we use aggregated or de-identified data for analytics.
3.4 Security and abuse prevention
We process data to prevent unauthorised access, detect suspicious activity, protect user accounts, enforce our terms, prevent fraud, misuse and spam, and maintain audit logs.
3.5 Customer support and communications
We may use your contact details to respond to support requests, send service updates, security notices, billing or account-related messages, onboarding or product information, and marketing communications where permitted. You can opt out of marketing emails at any time.
3.6 Legal compliance
We may process data to comply with tax and accounting obligations, legal requests, regulatory requirements, contractual obligations, dispute resolution, and enforcement of our rights.
4. Legal Bases for Processing
Where GDPR applies, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Account creation, authentication and service delivery | Performance of a contract |
| Tender search, saved tenders, watchlists and user settings | Performance of a contract |
| AI analysis requested by users | Performance of a contract or legitimate interests |
| Product analytics and service improvement | Legitimate interests |
| Security, fraud prevention and audit logs | Legitimate interests |
| Marketing to existing users | Legitimate interests or consent, depending on applicable law |
| Non-essential cookies | Consent, where required |
| Billing, tax and legal compliance | Legal obligation |
| Processing public procurement data | Legitimate interests and/or public availability of the data |
Our legitimate interests include operating, improving and securing the Service, helping users identify relevant public procurement opportunities, and developing better tender intelligence tools. We balance these interests against the rights and freedoms of individuals.
5. AI Providers and Subprocessors
To provide the Service, we may use third-party service providers, including cloud hosting providers, database providers, authentication providers, payment processors, analytics providers, email and notification providers, AI model providers, document processing and OCR providers, and customer support tools.
When we use service providers that process personal data on our behalf, we enter into appropriate data processing agreements where required.
If AI providers process tender content, uploaded documents or prompts, we will configure such services according to our data protection commitments and applicable contractual terms. We do not intentionally send unnecessary personal data to AI providers.
A current list of subprocessors is available at: [SUBPROCESSOR URL] or upon request at [PRIVACY EMAIL].
6. Public Procurement Data
The Service uses public procurement information from official and public sources. We may store, index, normalise, enrich and analyse this information to provide procurement search, alerts, analytics and AI-generated insights.
Where public procurement data includes personal data, we process it for legitimate interests related to procurement transparency, tender intelligence and business opportunity discovery.
If you believe public procurement data shown in the Service is inaccurate, outdated or should not be displayed, contact us at [PRIVACY EMAIL].
7. User-Uploaded Documents and Evidence Library
If you upload documents, you remain responsible for ensuring that:
- you have the right to upload and process the documents;
- the documents do not contain unnecessary personal data;
- any third-party personal data is processed lawfully;
- confidential or sensitive documents are uploaded only where appropriate.
We use uploaded documents to provide the features you request, such as document storage, requirements extraction, evidence matching and AI analysis.
8. Data Sharing
We may share personal data with:
- service providers acting on our behalf;
- your organisation or workspace administrators;
- other users in your workspace, according to your permissions;
- payment providers, if applicable;
- professional advisers, such as lawyers and accountants;
- public authorities where required by law;
- acquirers or investors in connection with a business transaction.
We do not sell personal data.
9. International Transfers
We aim to store and process data in the European Economic Area where practical. If we transfer personal data outside the EEA, we use appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms. The European Commission notes that international transfers under EU data protection rules require safeguards such as adequacy decisions, Standard Contractual Clauses or binding corporate rules.
10. Data Retention
We keep personal data only as long as reasonably necessary for the purposes described in this Privacy Policy.
Typical retention periods are:
| Data category | Retention period |
|---|---|
| Account data | For the life of the account, then deleted or anonymised within [X] days |
| Billing records | As required by tax/accounting law |
| Tender search history | [X months/years] or until deleted by user |
| Saved tenders and workspace data | Until deleted by user or workspace admin |
| Uploaded documents | Until deleted by user/admin or account termination |
| AI analysis outputs | Until deleted with the related tender/workspace data |
| Security logs | [X months] unless needed for security or legal reasons |
| Public procurement data | As long as relevant to the Service or permitted by law |
When data is no longer needed, we delete, anonymise or aggregate it.
11. Your Rights
Depending on your location and applicable law, you may have the right to:
- access your personal data;
- correct inaccurate data;
- delete your data;
- restrict processing;
- object to processing;
- receive a copy of your data in portable format;
- withdraw consent where processing is based on consent;
- lodge a complaint with a data protection authority.
GDPR guidance states that people should be clearly informed about the use of their personal data and their rights. The EDPB also notes that organisations should respond to data subject requests within one month, subject to applicable conditions.
To exercise your rights, contact us at [PRIVACY EMAIL].
We may need to verify your identity before responding.
12. Workspace and Organisation Accounts
If your account is part of an organisation workspace, the workspace administrator may be able to invite or remove users, manage access permissions, view activity related to the workspace, access saved tenders, company profiles, uploaded documents and AI analyses within the workspace, and export or delete workspace data.
If you use the Service through your employer or another organisation, contact that organisation for questions about how it controls workspace data.
13. Security
We use technical and organisational measures designed to protect personal data, such as:
- encryption in transit;
- access controls;
- authentication;
- role-based permissions;
- logging and monitoring;
- backups;
- vulnerability management;
- least-privilege access for internal staff.
No system is completely secure. You are responsible for keeping your login credentials confidential.
14. Children
The Service is intended for business users and is not directed to children. We do not knowingly collect personal data from children.
15. Marketing Communications
If you subscribe to updates or receive marketing communications, you can opt out at any time by using the unsubscribe link or contacting us at [PRIVACY EMAIL].
We may still send transactional or service-related messages.
16. Third-Party Links and Public Portals
The Service may link to TED, national procurement portals, buyer websites, document repositories or other third-party websites. We are not responsible for the privacy practices or content of those third-party services.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify users by email, in-app notice or another appropriate method.
The updated policy will be effective when posted, unless stated otherwise.
18. Contact
For privacy questions or requests, contact: