Your Privacy is Our Priority

Privacy Policy

We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information when you use WizardRFP.

Last updated: December 15, 2025
Effective: September 8, 2025

Quick Navigation

Information We CollectHow We Use InformationData Storage & SecurityThird-Party ServicesGoogle User DataCookies & TrackingData RetentionYour RightsInternational Transfers

Information We Collect

We collect information to provide and improve our AI-powered RFP generation services.

Account Information

  • • Email address and name for account creation
  • • Profile information (job title, company, bio)
  • • Organization details and team membership information
  • • User preferences and settings

Content and Documents

  • • RFP documents you upload or create
  • • Proposal content generated through our platform
  • • Document attachments and exhibits
  • • Comments and collaboration messages
  • • Integration data from Google Drive, Microsoft 365, and Notion

AI Interaction Data

  • • Prompts and questions you submit to our AI systems
  • • AI-generated responses and suggestions
  • • Usage patterns and feature interactions
  • • Performance and quality feedback

Usage Information

  • • Log data including IP addresses, device information, and browser type
  • • Usage analytics and feature engagement metrics
  • • Performance data and error reports
  • • Session recordings for support and improvement purposes

How We Use Information

We use your information to provide, maintain, and improve our services.

Service Provision

  • • Generate AI-powered RFP responses and proposals
  • • Enable real-time collaboration features
  • • Process document integrations and exports
  • • Provide customer support and technical assistance

AI Training and Improvement

  • • Improve AI model performance and accuracy
  • • Develop new features and capabilities
  • • Quality assurance and content validation
  • • Research and development for better user experience

Important: We anonymize and aggregate data used for AI training. Personal identifiers and sensitive business information are removed or masked.

Communication

  • • Send service-related notifications and updates
  • • Provide support responses and assistance
  • • Share product announcements and improvements
  • • Send optional marketing communications (with your consent)

Analytics and Optimization

  • • Analyze usage patterns to improve our services
  • • Monitor system performance and reliability
  • • Conduct A/B testing for feature improvements
  • • Generate aggregated analytics and insights

Data Storage and Security

We implement industry-leading security measures to protect your data.

Encryption

  • • Data encrypted in transit using TLS 1.3
  • • Data encrypted at rest using AES-256
  • • Integration tokens encrypted with industry-standard algorithms
  • • End-to-end encryption for sensitive document transfers

Infrastructure Security

  • • Hosted on secure Vercel infrastructure with SOC 2 Type II compliance
  • • PostgreSQL databases with connection pooling and access controls
  • • Redis for real-time collaboration with data persistence
  • • Regular security audits and vulnerability assessments
  • • DDoS protection and rate limiting

Access Controls

  • • Multi-factor authentication for all admin access
  • • Role-based permissions and organization-level isolation
  • • Regular access reviews and deprovisioning procedures
  • • Comprehensive audit logging for all data access

Data Backup and Recovery

  • • Automated daily backups with geographic distribution
  • • Point-in-time recovery capabilities
  • • Disaster recovery procedures with RTO/RPO targets
  • • Regular backup integrity testing

Third-Party Services

We work with trusted partners to provide our services and protect your data.

Clerk

User authentication and organization management

Data processed: Email addresses, profile information, organization data

OpenAI

AI-powered content generation and analysis

Data processed: Proposal content, user prompts (anonymized)

Anthropic

AI language model processing for content generation

Data processed: Proposal content, user prompts (anonymized)

Vercel

Application hosting and performance monitoring

Data processed: Usage analytics, performance metrics

Stripe

Payment processing and subscription management

Data processed: Payment information, billing addresses

Google

Google Drive integration for document import and storage

Data processed: Document metadata, file contents (with your authorization), OAuth tokens

All third-party services are carefully vetted and must meet our security and privacy standards. We have data processing agreements in place with all partners.

Google User Data

Disclosure of how WizardRFP accesses, uses, stores, and shares Google user data in compliance with Google API Services User Data Policy.

Google Data We Access

When you connect your Google account to WizardRFP, we request access to the following data through Google APIs:

User Profile Information
  • • Google account email address
  • • Display name
  • • Profile picture URL
  • • Google user ID (for account linking)
Google Drive File Metadata
  • • File names and titles
  • • File types (MIME types)
  • • File sizes and modification dates
  • • Folder structure and parent folder information
  • • File permissions (can edit, can comment, can share)
  • • Thumbnail and icon URLs
  • • Web view and download links
Google Drive File Content
  • • Document content from files you explicitly select for import
  • • Google Docs, Sheets, and Slides content (exported as PDF or text)
  • • PDF and other document file contents
  • • Document preview text (first portion of documents for preview purposes)

OAuth Scopes Used: We request the following Google OAuth scopes:

  • drive.readonly - Read access to browse and select files
  • drive.file - Access to files created or opened by the app
  • userinfo.email - Your email address
  • userinfo.profile - Your basic profile information

How We Use Google User Data

WizardRFP uses your Google data exclusively for the following purposes:

Document Import for RFP Proposals

Import documents from Google Drive to use as source materials, exhibits, or attachments in your RFP proposals.

File Browsing and Selection

Display your Google Drive files within WizardRFP so you can browse, search, and select documents to import.

Document Preview

Generate previews of document content to help you identify the right files before importing.

Account Linking

Link your Google account to your WizardRFP account for seamless integration access.

We do NOT use Google user data for:

  • • Advertising or marketing purposes
  • • Training AI models on your private documents
  • • Profiling or tracking beyond the app's functionality
  • • Any purpose unrelated to the RFP generation features you use

Google Data Sharing

We are committed to protecting your Google data and limit sharing to what is necessary for our service:

Within Your Organization

Documents you import may be visible to other members of your WizardRFP organization who have access to the relevant proposals. This is necessary for collaborative proposal creation.

AI Processing Services

When you use AI features on imported documents, the document content may be processed by our AI providers (OpenAI, Anthropic) to generate responses. This processing is done under strict data processing agreements.

We Do NOT Share Google Data With:
  • • Third-party advertisers or marketers
  • • Data brokers or analytics companies
  • • Any parties for purposes unrelated to our core service
  • • Anyone outside your organization without your explicit consent

Google Data Storage and Protection

We implement robust security measures to protect your Google data:

OAuth Token Security
  • • Access and refresh tokens encrypted at rest using AES encryption
  • • Tokens stored server-side only, never exposed to client
  • • Automatic token refresh with secure key rotation
  • • Tokens immediately revoked when you disconnect
Document Data Security
  • • Imported documents encrypted in transit (TLS 1.3)
  • • Data encrypted at rest (AES-256)
  • • Organization-level data isolation
  • • Role-based access controls within organizations
Infrastructure Security
  • • SOC 2 Type II compliant hosting infrastructure
  • • Regular security audits and penetration testing
  • • DDoS protection and rate limiting
  • • Comprehensive audit logging
Access Controls
  • • Multi-factor authentication for administrative access
  • • Principle of least privilege for data access
  • • Employee background checks and security training
  • • Regular access reviews and deprovisioning

Google Data Retention and Deletion

What We Retain
  • OAuth tokens: Retained while your Google account is connected; deleted immediately upon disconnection
  • File metadata: Cached for imported documents to enable quick access; deleted when document references are removed
  • Document content: Stored as part of your proposals; retained according to your organization's data retention settings
  • Document previews: Temporarily cached (24 hours maximum) for performance; automatically purged
How to Delete Your Google Data

You can delete your Google data from WizardRFP at any time:

  1. Disconnect Google Drive: Go to Settings → Integrations → Google Drive → Disconnect. This immediately revokes access and deletes stored OAuth tokens.
  2. Delete Imported Documents: Remove individual document attachments from your proposals through the document management interface.
  3. Delete Your Account: Request complete account deletion, which will delete all data including any Google-sourced content.
  4. Contact Support: Email privacy@wizardrfp.com to request deletion of specific Google-related data.
Deletion Timeline
  • • OAuth tokens: Deleted immediately upon disconnection
  • • Cached previews: Automatically purged within 24 hours
  • • File metadata: Deleted within 30 days of reference removal
  • • Document content: Deleted within 30 days of deletion request
  • • Backup data: Purged within 90 days following our backup rotation schedule

Google Account Permissions: You can also revoke WizardRFP's access to your Google account at any time through your Google Account permissions page.

Cookies and Tracking Technologies

How we use cookies and similar technologies to improve your experience.

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled.

  • • Authentication and session management
  • • Security and fraud prevention
  • • Basic website functionality

Analytics Cookies

Help us understand how you use our services to improve performance and user experience.

  • • Usage analytics and feature engagement
  • • Performance monitoring and optimization
  • • A/B testing and feature experimentation

Preference Cookies

Store your preferences and settings to personalize your experience.

  • • User interface preferences and themes
  • • Language and regional settings
  • • Feature customizations and layouts

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services. You can manage your cookie preferences in your account settings or browser configuration.

Data Retention and Deletion

How long we keep your data and your options for deletion.

Active Accounts

  • • Account data: Retained while your account is active
  • • Proposal content: Retained according to your organization's settings
  • • Usage logs: Retained for 2 years for security and analytics
  • • AI interaction data: Anonymized and retained for model improvement

Account Deletion

  • • Personal data deleted within 30 days of account closure
  • • Some data may be retained for legal compliance (up to 7 years)
  • • Anonymized data may be retained for analytics and AI training
  • • Backup data purged according to our backup retention schedule

Inactive Accounts

  • • Accounts inactive for 3+ years may be automatically deleted
  • • 90-day notice provided before automatic deletion
  • • Option to reactivate account during notice period
  • • Data export available upon request before deletion

Your Rights and Choices

You have control over your personal data. Here are your rights and how to exercise them.

Access and Portability

  • • Request a copy of your personal data
  • • Export your proposals and content in standard formats
  • • Access your data processing history
  • • Download your account information and settings

Correction and Updates

  • • Update your profile and account information
  • • Correct inaccurate or incomplete data
  • • Modify your communication preferences
  • • Update integration permissions and settings

Deletion and Restriction

  • • Request deletion of your personal data
  • • Delete specific proposals or content
  • • Restrict processing for certain purposes
  • • Object to automated decision-making

Marketing and Communications

  • • Opt out of marketing emails and communications
  • • Control notification preferences
  • • Manage cookie and tracking preferences
  • • Withdraw consent for optional data processing

How to Exercise Your Rights:

  • • Contact us at privacy@wizardrfp.com
  • • Use the data management tools in your account settings
  • • Submit a request through our support system
  • • We'll respond to requests within 30 days

GDPR Compliance

Our commitment to EU data protection standards.

Legal Basis for Processing

  • Contract: Processing necessary to provide our services
  • Legitimate Interest: Service improvement and security
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: dpo@wizardrfp.com

Rights for EU Residents

  • • Right to be informed about data processing
  • • Right of access to your personal data
  • • Right to rectification of inaccurate data
  • • Right to erasure ("right to be forgotten")
  • • Right to restrict processing
  • • Right to data portability
  • • Right to object to processing
  • • Right to withdraw consent
  • • Right to lodge a complaint with supervisory authorities

CCPA Compliance

California Consumer Privacy Act rights and disclosures.

Consumer Rights

  • • Right to know what personal information is collected
  • • Right to know if personal information is sold or disclosed
  • • Right to say no to the sale of personal information
  • • Right to access your personal information
  • • Right to equal service and price, even if you exercise your privacy rights
  • • Right to delete personal information

Categories of Information Collected

  • • Identifiers (name, email, organization details)
  • • Commercial information (subscription and usage data)
  • • Internet activity (usage patterns, preferences)
  • • Professional information (job title, industry)
  • • Inferences (derived insights about preferences)

Sale of Personal Information

We do not sell your personal information. We may share certain data with service providers and partners for business purposes, but this does not constitute a "sale" under CCPA definitions.

California Residents: To exercise your CCPA rights, contact us at privacy@wizardrfp.com or use our online form. We'll verify your identity and respond within 45 days.

Children's Privacy

Our policy regarding users under 18 years of age.

WizardRFP is a business-to-business service intended for professional use by adults. We do not knowingly collect personal information from individuals under 18 years of age.

Age Verification

  • • Users must be at least 18 years old to create an account
  • • Business email addresses required for registration
  • • Professional use cases and organizational contexts

Accidental Collection

If we become aware that we have collected personal information from someone under 18, we will delete that information immediately. If you believe we may have collected information from a minor, please contact us at privacy@wizardrfp.com.

International Data Transfers

How we handle data transfers across international borders.

Data Location

  • • Primary data centers located in the United States
  • • Backup and disaster recovery facilities in EU regions
  • • Some third-party services may process data globally
  • • Data residency options available for enterprise customers

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs) for EU data transfers
  • • Adequacy decisions where applicable
  • • Data processing agreements with all international partners
  • • Regular compliance audits and assessments

EU-US Data Privacy Framework

We participate in and comply with applicable international data transfer frameworks, including the EU-US Data Privacy Framework where applicable. We ensure that all international data transfers meet the required adequacy and security standards.

Changes to This Privacy Policy

How we handle updates to our privacy practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification Process

  • • Email notification to all active users for material changes
  • • In-app notifications for policy updates
  • • 30-day advance notice for significant changes
  • • Updated effective dates clearly marked

Version History

We maintain a history of policy changes and make previous versions available upon request. Major changes are highlighted and explained in our update notifications.

Contact Information

How to reach us with questions or concerns about your privacy.

Privacy Team

Email: privacy@wizardrfp.com

Response Times

  • • General privacy inquiries: 5-7 business days
  • • Data access requests: 30 days
  • • Data deletion requests: 30 days
  • • Urgent privacy concerns: 24-48 hours

What to Include

When contacting us about privacy matters, please include:

  • • Your full name and email address
  • • Account information (if applicable)
  • • Specific nature of your request or concern
  • • Any relevant dates or details

Questions about your privacy?

Our privacy team is here to help. Contact us with any questions or concerns about how we handle your personal information.

Privacy Policy - How We Protect Your Data | WizardRFP