DraftYourBid

Privacy Policy

Last updated: 8 April 2026

DraftYourBid is operated by HFP Consulting AB, a company registered in Sweden. This Privacy Policy explains what personal data we collect, why we collect it, and how we protect it.

By using DraftYourBid you agree to this policy. If you do not agree, please stop using the service.

1. What data we collect

We collect only what is necessary to provide the service:

  • Account data — your email address when you register or sign in.
  • Documents you upload — proposal PDFs and text files you provide so the AI can learn your writing style. These are stored privately in your account and are never readable by DraftYourBid employees.
  • Generated proposals — proposals created using the service, stored privately in your account history for your own reference. No employee of DraftYourBid can read your proposals.
  • Usage data — basic analytics such as page views and feature usage, collected via Google Analytics.
  • Payment data — if you subscribe to a paid plan, payment is processed by Stripe. We do not store your card details.

2. How we use your data

  • To provide and operate the DraftYourBid service.
  • To generate proposals based on your uploaded documents.
  • To send transactional emails (account confirmation, password reset).
  • To improve the service through aggregate, anonymised analytics.

We do not sell your data to third parties. We do not use your documents or proposals to train AI models — yours or anyone else's.

3. Data storage and security

Your data is stored securely using Supabase, with servers located in the European Union. All data is encrypted in transit (HTTPS) and at rest. Row-level security at the database level means your documents and proposals are technically inaccessible to other users and to DraftYourBid employees — only you can see your content.

4. Third-party services

We use the following trusted third parties to operate DraftYourBid:

  • Supabase — database and authentication
  • OpenAI — AI model provider (your content is processed to generate proposals but is not used to train OpenAI's models)
  • Stripe — payment processing
  • Vercel — hosting and deployment
  • Google Analytics — anonymised usage analytics

5. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and all associated data.
  • Object to or restrict certain processing.
  • Data portability — receive your data in a machine-readable format.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

6. Data retention

We retain your data for as long as your account is active. If you delete your account, all associated documents and proposals are permanently deleted within 30 days.

7. Cookies

We use essential cookies to keep you signed in and functional cookies for analytics. We do not use advertising or tracking cookies.

8. Changes to this policy

We may update this policy from time to time. If we make significant changes we will notify you by email or via a notice in the app. Continued use of the service after changes constitutes acceptance.

9. Contact

For any privacy-related questions, contact us at:
HFP Consulting AB
Sweden
[email protected]