Privacy Policy
Last updated: February 2026
1. Introduction
ProofWorks Limited (trading as BidEngine), registered in England and Wales, is committed to protecting your privacy in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This policy explains what data we collect, how we use it, and your rights.
2. Data Controller
Terri Bryan — Data Controller
ProofWorks Limited (trading as BidEngine)
Archer Drive, Derby, DE3 0AG
Email: privacy@bidengine.co
3. Data We Collect
- Account Information: Name, email address, company name, and payment details collected at registration.
- Content You Upload: Bid documents, evidence records, tender responses, and any other content you submit to the platform.
- Usage Data: Login times, IP addresses, pages visited, and features used.
Document handling: Uploaded documents (PDF, Word) are processed to extract structured data and are not retained after extraction. Only the structured records derived from your documents are stored. Original files are discarded immediately after processing.
4. How We Use Your Data
- Providing the Service — processing your tender documents and generating bid responses (lawful basis: contract performance).
- Processing payments — managing subscriptions and billing (lawful basis: contract performance).
- Service communications — sending updates, maintenance notices, and security alerts (lawful basis: legitimate interest).
- Service improvement — understanding how the platform is used to improve functionality (lawful basis: legitimate interest).
5. Third-Party Processors
We use the following third-party processors to deliver the service. Where data is transferred outside the UK, transfers are covered by the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs) as applicable.
| Processor | Purpose | Location | Safeguard |
|---|---|---|---|
| Bubble (AWS) | Database — stores account data, evidence records, and generated responses | USA | SCCs / IDTA |
| Clerk | User authentication and session management | USA | SCCs / IDTA |
| Anthropic | AI generation and scoring of bid responses. Does not train on submitted data. | USA | SCCs / IDTA |
| OpenAI | Generating semantic embeddings for evidence search. Does not train on submitted data. | USA | SCCs / IDTA |
| n8n | Workflow automation for document processing and evidence extraction | Germany (EU) | EU adequacy |
| Stripe | Payment processing and subscription management | USA | SCCs / IDTA |
| Vercel | Application hosting and serverless function execution | USA | SCCs / IDTA |
Neither Anthropic nor OpenAI use data submitted via their APIs to train their AI models under their standard API terms.
6. Data Retention
- Account data: Retained for the duration of your account plus 2 years after closure.
- Uploaded documents: Discarded immediately after processing — not retained.
- Extracted evidence records and generated responses: Retained for the duration of your account.
- Payment records: 7 years (legal requirement under HMRC rules).
- Usage logs: 12 months.
7. Your Rights
Under UK GDPR you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data (right to be forgotten).
- Restrict Processing: Request that we limit how we use your data.
- Data Portability: Receive your data in a portable, machine-readable format.
- Object: Object to processing based on legitimate interests.
To exercise any of these rights, contact privacy@bidengine.co. We will respond within 30 days.
8. Data Security
We implement appropriate technical and organisational measures to protect your data, including: encryption in transit (TLS/SSL), encrypted database storage, secure authentication, and role-based access controls. Access to client data is restricted to authorised personnel only.
9. Complaints
If you have concerns about how we handle your data, please contact us at privacy@bidengine.co in the first instance. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.
10. Contact
Terri Bryan (Data Controller)
ProofWorks Limited (trading as BidEngine)
Archer Drive, Derby, DE3 0AG
Email: privacy@bidengine.co