Privacy Policy

1. What we collect

BidShred collects your email address, organization name, and the RFP documents you upload. We store your compliance answers and AI-generated drafts on your behalf. We do not collect payment card details — those go directly to Stripe.

2. How we use your data

Your data is used solely to provide the BidShred service: extracting requirements from your RFPs, maintaining your Answer Library, and generating draft responses. We do not sell your data or use it to train AI models without explicit consent.

3. Data storage and security

Your data is stored in Supabase (PostgreSQL), hosted on AWS. All data is encrypted at rest and in transit (TLS 1.2+). RFP documents are stored in private Supabase Storage buckets with row-level security — only members of your organization can access your data.

4. Third-party processors

• Supabase — database, auth, and file storage
• Google (Gemini API) — AI extraction and draft generation. RFP text is sent to Google's API; see Google's data processing terms.
• Stripe — subscription billing. We do not store payment card details.
• Vercel — application hosting

5. Data retention

Your data is retained for as long as your account is active. You may request deletion of your account and all associated data by contacting us at privacy@bidshred.com. We will process deletion requests within 30 days.

6. Student data

BidShred is a tool for EdTech vendors, not schools. We do not process student personally identifiable information (PII). Your RFP documents may reference student data requirements, but no actual student data should be entered into BidShred.

7. Contact

Questions about this policy? Email us at privacy@bidshred.com.