Privacy Policy

Privacy Policy

Last updated: February 2026

Sharp Logica, Inc. ("we", "us", or "our") operates BidCompliance (the "Service"). This Privacy Policy explains what information we collect, why we collect it, how it is used, and the choices you have. For the purposes of data protection laws such as the GDPR, Sharp Logica, Inc. is the data controller for the personal data described in this Policy.

1. Information We Collect

Account Information

• Name and email address (from authentication provider)
• Company name (optional)
• Payment information (processed by Stripe; we do not store full card details)

Documents

• RFP documents you upload
• Bid documents you upload
• Analysis results generated

2. How We Use Your Information

We use your information to

• Provide and operate the Service
• Authenticate users and secure accounts
• Process your document analyses and generate results
• Process payments and manage billing
• Send service-related communications (e.g., receipts, important notices)
• Respond to support requests

Legal bases for processing (where required by law, including under the GDPR)

• Contract necessity: to create your account and provide the Service, including running analyses and displaying results
• Legal obligation: to comply with applicable accounting, tax, and regulatory requirements
• Legitimate interests: to secure the Service, prevent fraud and abuse, and maintain reliability (balanced against your rights)

3. Document Processing

When you upload documents

• Documents are collected and processed only to provide the Service and generate your analysis report
• Documents are encrypted in transit (TLS) and at rest (AES-256)
• Documents are stored in Azure Blob Storage under your account
• We do NOT use your documents to train AI models
• You are in control of your documents and results at all times
• You can delete documents and results at any time
• You can choose to delete documents immediately after the analysis completes
• If you enable the option "Delete document upon completed analysis", the uploaded documents will be physically deleted from Azure Blob Storage immediately after the analysis completes
• Documents are deleted when you delete an analysis or your account
• Documents may be sent to an AI processing provider (OpenAI) via API solely to generate analysis results
• We send only what is necessary to perform the analysis
• We do NOT allow the AI provider to use your content to train their models

Data required to provide the Service

• Account email and authentication details are required to create and maintain an account
• Uploaded documents are required to run an analysis; without them, we cannot generate a report

Automated processing

• The Service uses automated processing to generate analysis results from the documents you provide
• The Service is designed to support your review and decision-making and does not make decisions on your behalf that produce legal or similarly significant effects

4. Data Sharing

We do not sell your personal information. We share data only with

• Service providers (Azure, Stripe, Clerk, and their subprocessors) necessary to operate the Service
• Legal authorities when required by law or valid legal process
• Parties involved in a business transfer (e.g., merger or acquisition), subject to appropriate safeguards
• AI processing providers (OpenAI) used solely to generate analysis results

5. Data Retention

• Account data: Retained until you delete your account (and as needed to comply with legal obligations)
• Documents and results: Retained until you delete them (including immediate deletion after analysis, if you choose) or delete your account
• Billing and transaction records: Retained as required by applicable law

6. Security

We implement industry-standard security measures

• Data encrypted in transit and at rest
• Azure cloud infrastructure with enterprise-grade security controls
• Access controls and least-privilege practices
• Monitoring and safeguards to prevent unauthorized access and abuse
• SOC 2 aligned authentication provider (Clerk)
• PCI DSS compliant payments (Stripe)

7. Your Rights

You have the right to

• Access your personal data
• Correct inaccurate data
• Delete your account and associated data
• Request restriction of processing of your personal data
• Object to processing where we rely on legitimate interests
• Receive a copy of personal data you provided to us in a portable format where applicable
• Export your analysis results (where supported)
• Withdraw consent where we rely on consent (we generally do not rely on consent to provide the Service)
• Opt out of marketing communications

You also have the right to lodge a complaint with your local data protection authority if you believe your rights have been infringed.

8. Cookies

We use essential cookies for

• Authentication session management
• Security purposes

We do not use cookies for advertising.

9. Third-Party Services

We use the following third-party services

• Clerk (authentication)
• Stripe (payments)
• Azure (cloud infrastructure and storage)
• Vercel (hosting)

Each has their own privacy policy governing their data practices.

10. International Users

Data may be processed in the United States and other locations where our service providers operate. Where required by law, we rely on appropriate safeguards for international transfers, such as Standard Contractual Clauses. By using the Service, you consent to the processing and transfer of your information as described in this Policy.

11. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

12. Changes to This Policy

We may update this policy periodically. We will post the updated version and revise the "Last updated" date. If changes are significant, we will notify you via email or an in-Service notice.

13. Contact Us

For privacy-related questions or requests, contact us at

• Email: support@sharplogica.com
• Address: 580 5th Avenue, Ste 820, New York, NY 10036