BIDENGINE

Privacy Policy

Last updated: January 2025

1. Introduction

ProofWorks (trading as BidEngine), Company No. 193465832, is committed to protecting your privacy in compliance with the UK GDPR and Data Protection Act 2018.

2. Data Controller

Terri Bryan
ProofWorks (trading as BidEngine)
Archer Drive, Derby, DE3 0AG
Email: privacy@bidengine.co

3. Data We Collect

Account Information: Name, email, company details, payment information

Content You Upload: Bid documents, evidence records, generated responses

Usage Data: Login times, IP addresses, features used

4. How We Use Your Data

  • Providing the Service (contract performance)
  • Processing payments (contract performance)
  • Sending service updates (legitimate interest)
  • Improving our Service (legitimate interest)

5. Third-Party Processors

  • MongoDB Atlas - Database hosting (United Kingdom — AWS London)
  • Anthropic (Claude) - AI response generation & scoring (USA; EU processing available)
  • OpenAI - Semantic search embeddings (USA)
  • Clerk - Authentication (USA)
  • Stripe - Payment processing (USA/UK)
  • Vercel - Application hosting (USA/global)

Your evidence and tender content are stored in the United Kingdom (MongoDB Atlas, AWS London). Where data is transferred outside the UK — for example AI processing by Anthropic and OpenAI — it is protected by Standard Contractual Clauses and appropriate safeguards under UK GDPR. Anthropic and OpenAI do not use your data to train their models.

6. Data Retention

  • Active account & uploaded content: duration of your subscription, plus 30 days after termination to allow export, then deleted
  • Generated tender responses: up to 3 years to support audit requirements (unless earlier deletion is requested)
  • Usage and activity logs: 12 months
  • Payment records: 7 years (legal requirement)

7. Your Rights (GDPR)

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion ("right to be forgotten")
  • Restrict Processing: Limit how we use your data
  • Data Portability: Receive your data in portable format
  • Object: Object to processing based on legitimate interests

Contact privacy@bidengine.co to exercise these rights. We respond within 30 days.

8. Data Security

We implement encryption in transit (TLS 1.2+) and at rest (AES-256), secure authentication via Clerk, and multi-tenant isolation enforced at the data-access layer so each organisation can only access its own data.

9. Complaints

You may lodge a complaint with the Information Commissioner's Office (ICO):
ico.org.uk

10. Contact

Terri Bryan (Data Controller)
ProofWorks, Archer Drive, Derby, DE3 0AG
Email: privacy@bidengine.co