Your Privacy is Our Priority

Privacy Policy

We are committed to protecting your privacy and being transparent about how we collect, use, and protect your personal information when you use WizardRFP.

Last updated: September 8, 2025
Effective: September 8, 2025

Quick Navigation

Information We CollectHow We Use InformationData Storage & SecurityThird-Party ServicesCookies & TrackingData RetentionYour RightsInternational Transfers

Information We Collect

We collect information to provide and improve our AI-powered RFP generation services.

Account Information

  • • Email address and name for account creation
  • • Profile information (job title, company, bio)
  • • Organization details and team membership information
  • • User preferences and settings

Content and Documents

  • • RFP documents you upload or create
  • • Proposal content generated through our platform
  • • Document attachments and exhibits
  • • Comments and collaboration messages
  • • Integration data from Google Drive, Microsoft 365, and Notion

AI Interaction Data

  • • Prompts and questions you submit to our AI systems
  • • AI-generated responses and suggestions
  • • Usage patterns and feature interactions
  • • Performance and quality feedback

Usage Information

  • • Log data including IP addresses, device information, and browser type
  • • Usage analytics and feature engagement metrics
  • • Performance data and error reports
  • • Session recordings for support and improvement purposes

How We Use Information

We use your information to provide, maintain, and improve our services.

Service Provision

  • • Generate AI-powered RFP responses and proposals
  • • Enable real-time collaboration features
  • • Process document integrations and exports
  • • Provide customer support and technical assistance

AI Training and Improvement

  • • Improve AI model performance and accuracy
  • • Develop new features and capabilities
  • • Quality assurance and content validation
  • • Research and development for better user experience

Important: We anonymize and aggregate data used for AI training. Personal identifiers and sensitive business information are removed or masked.

Communication

  • • Send service-related notifications and updates
  • • Provide support responses and assistance
  • • Share product announcements and improvements
  • • Send optional marketing communications (with your consent)

Analytics and Optimization

  • • Analyze usage patterns to improve our services
  • • Monitor system performance and reliability
  • • Conduct A/B testing for feature improvements
  • • Generate aggregated analytics and insights

Data Storage and Security

We implement industry-leading security measures to protect your data.

Encryption

  • • Data encrypted in transit using TLS 1.3
  • • Data encrypted at rest using AES-256
  • • Integration tokens encrypted with industry-standard algorithms
  • • End-to-end encryption for sensitive document transfers

Infrastructure Security

  • • Hosted on secure Vercel infrastructure with SOC 2 Type II compliance
  • • PostgreSQL databases with connection pooling and access controls
  • • Redis for real-time collaboration with data persistence
  • • Regular security audits and vulnerability assessments
  • • DDoS protection and rate limiting

Access Controls

  • • Multi-factor authentication for all admin access
  • • Role-based permissions and organization-level isolation
  • • Regular access reviews and deprovisioning procedures
  • • Comprehensive audit logging for all data access

Data Backup and Recovery

  • • Automated daily backups with geographic distribution
  • • Point-in-time recovery capabilities
  • • Disaster recovery procedures with RTO/RPO targets
  • • Regular backup integrity testing

Third-Party Services

We work with trusted partners to provide our services and protect your data.

Clerk

User authentication and organization management

Data processed: Email addresses, profile information, organization data

OpenAI

AI-powered content generation and analysis

Data processed: Proposal content, user prompts (anonymized)

Anthropic

AI language model processing for content generation

Data processed: Proposal content, user prompts (anonymized)

Vercel

Application hosting and performance monitoring

Data processed: Usage analytics, performance metrics

Stripe

Payment processing and subscription management

Data processed: Payment information, billing addresses

All third-party services are carefully vetted and must meet our security and privacy standards. We have data processing agreements in place with all partners.

Cookies and Tracking Technologies

How we use cookies and similar technologies to improve your experience.

Essential Cookies

These cookies are necessary for the website to function and cannot be disabled.

  • • Authentication and session management
  • • Security and fraud prevention
  • • Basic website functionality

Analytics Cookies

Help us understand how you use our services to improve performance and user experience.

  • • Usage analytics and feature engagement
  • • Performance monitoring and optimization
  • • A/B testing and feature experimentation

Preference Cookies

Store your preferences and settings to personalize your experience.

  • • User interface preferences and themes
  • • Language and regional settings
  • • Feature customizations and layouts

Managing Cookies

You can control cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our services. You can manage your cookie preferences in your account settings or browser configuration.

Data Retention and Deletion

How long we keep your data and your options for deletion.

Active Accounts

  • • Account data: Retained while your account is active
  • • Proposal content: Retained according to your organization's settings
  • • Usage logs: Retained for 2 years for security and analytics
  • • AI interaction data: Anonymized and retained for model improvement

Account Deletion

  • • Personal data deleted within 30 days of account closure
  • • Some data may be retained for legal compliance (up to 7 years)
  • • Anonymized data may be retained for analytics and AI training
  • • Backup data purged according to our backup retention schedule

Inactive Accounts

  • • Accounts inactive for 3+ years may be automatically deleted
  • • 90-day notice provided before automatic deletion
  • • Option to reactivate account during notice period
  • • Data export available upon request before deletion

Your Rights and Choices

You have control over your personal data. Here are your rights and how to exercise them.

Access and Portability

  • • Request a copy of your personal data
  • • Export your proposals and content in standard formats
  • • Access your data processing history
  • • Download your account information and settings

Correction and Updates

  • • Update your profile and account information
  • • Correct inaccurate or incomplete data
  • • Modify your communication preferences
  • • Update integration permissions and settings

Deletion and Restriction

  • • Request deletion of your personal data
  • • Delete specific proposals or content
  • • Restrict processing for certain purposes
  • • Object to automated decision-making

Marketing and Communications

  • • Opt out of marketing emails and communications
  • • Control notification preferences
  • • Manage cookie and tracking preferences
  • • Withdraw consent for optional data processing

How to Exercise Your Rights:

  • • Contact us at privacy@wizardrfp.com
  • • Use the data management tools in your account settings
  • • Submit a request through our support system
  • • We'll respond to requests within 30 days

GDPR Compliance

Our commitment to EU data protection standards.

Legal Basis for Processing

  • Contract: Processing necessary to provide our services
  • Legitimate Interest: Service improvement and security
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

Data Protection Officer

For GDPR-related inquiries, you can contact our Data Protection Officer at:

Email: dpo@wizardrfp.com

Rights for EU Residents

  • • Right to be informed about data processing
  • • Right of access to your personal data
  • • Right to rectification of inaccurate data
  • • Right to erasure ("right to be forgotten")
  • • Right to restrict processing
  • • Right to data portability
  • • Right to object to processing
  • • Right to withdraw consent
  • • Right to lodge a complaint with supervisory authorities

CCPA Compliance

California Consumer Privacy Act rights and disclosures.

Consumer Rights

  • • Right to know what personal information is collected
  • • Right to know if personal information is sold or disclosed
  • • Right to say no to the sale of personal information
  • • Right to access your personal information
  • • Right to equal service and price, even if you exercise your privacy rights
  • • Right to delete personal information

Categories of Information Collected

  • • Identifiers (name, email, organization details)
  • • Commercial information (subscription and usage data)
  • • Internet activity (usage patterns, preferences)
  • • Professional information (job title, industry)
  • • Inferences (derived insights about preferences)

Sale of Personal Information

We do not sell your personal information. We may share certain data with service providers and partners for business purposes, but this does not constitute a "sale" under CCPA definitions.

California Residents: To exercise your CCPA rights, contact us at privacy@wizardrfp.com or use our online form. We'll verify your identity and respond within 45 days.

Children's Privacy

Our policy regarding users under 18 years of age.

WizardRFP is a business-to-business service intended for professional use by adults. We do not knowingly collect personal information from individuals under 18 years of age.

Age Verification

  • • Users must be at least 18 years old to create an account
  • • Business email addresses required for registration
  • • Professional use cases and organizational contexts

Accidental Collection

If we become aware that we have collected personal information from someone under 18, we will delete that information immediately. If you believe we may have collected information from a minor, please contact us at privacy@wizardrfp.com.

International Data Transfers

How we handle data transfers across international borders.

Data Location

  • • Primary data centers located in the United States
  • • Backup and disaster recovery facilities in EU regions
  • • Some third-party services may process data globally
  • • Data residency options available for enterprise customers

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs) for EU data transfers
  • • Adequacy decisions where applicable
  • • Data processing agreements with all international partners
  • • Regular compliance audits and assessments

EU-US Data Privacy Framework

We participate in and comply with applicable international data transfer frameworks, including the EU-US Data Privacy Framework where applicable. We ensure that all international data transfers meet the required adequacy and security standards.

Changes to This Privacy Policy

How we handle updates to our privacy practices.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

Notification Process

  • • Email notification to all active users for material changes
  • • In-app notifications for policy updates
  • • 30-day advance notice for significant changes
  • • Updated effective dates clearly marked

Version History

We maintain a history of policy changes and make previous versions available upon request. Major changes are highlighted and explained in our update notifications.

Contact Information

How to reach us with questions or concerns about your privacy.

Privacy Team

Email: privacy@wizardrfp.com

Response Times

  • • General privacy inquiries: 5-7 business days
  • • Data access requests: 30 days
  • • Data deletion requests: 30 days
  • • Urgent privacy concerns: 24-48 hours

What to Include

When contacting us about privacy matters, please include:

  • • Your full name and email address
  • • Account information (if applicable)
  • • Specific nature of your request or concern
  • • Any relevant dates or details

Questions about your privacy?

Our privacy team is here to help. Contact us with any questions or concerns about how we handle your personal information.