Legal · Placeholder draft
Privacy policy
Last updated: May 25, 2026
This policy explains what we collect, why, how long we keep it, and the rights you have under GDPR and CCPA.
1. Who we are
RFP Genius ApS, Copenhagen, Denmark. Data controller for the marketing site and account data. Data processor for content you upload into the product.
2. What we collect
- Account data — name, work email, hashed password, role.
- Content — RFP documents, knowledge base entries, workspace files you upload.
- Usage — pages visited, features used, error logs. No third-party advertising trackers.
- Cookies — essential session cookies always; product analytics only with consent.
3. Why we use it
- To provide the service you signed up for.
- To detect and fix bugs.
- To send transactional and (with consent) product-update emails.
4. Where it lives
You choose EU, US or APAC at signup. Content stays in that region.
5. Sub-processors
Listed and kept current on our security page. We give 30 days notice before adding a new one.
6. Retention
Account data: for the life of the account + 30 days. Workspace content: deleted on workspace deletion. Backups: 30 days rolling.
7. Your rights (GDPR / CCPA)
- Access, rectification, portability, erasure — from Account → Privacy.
- Object to or restrict processing — email privacy@rfpgenius.app.
- Lodge a complaint with your local data protection authority.
8. Contact
DPO: dpo@rfpgenius.app
This is a placeholder draft — not legal advice. Final wording will be reviewed by counsel before any commercial use. For a signed copy on company paper, contact legal@rfpgenius.com.