Privacy Policy

Information we collect

• Account information: email address and authentication identifiers.
• Workspace and project data: workspace names, members/roles, projects, and settings.
• Uploaded content: questionnaires (e.g., Excel SIG/RFP files), evidence documents, and any responses you draft or approve.
• Usage and audit data: activity logs and metadata (e.g., timestamps, feature usage) to operate and secure the Service, including sanitized first-party route traffic telemetry and service health signals.
• Billing data: subscription status and payment metadata handled by our payment providers (we do not store full card numbers).

How we use information

• Provide, maintain, and improve the Service.
• Process uploads, extract questionnaire questions, and generate draft responses.
• Support collaboration, approvals, exports, and auditability.
• Detect, prevent, and respond to security incidents, abuse, and fraud.
• Monitor first-party route traffic and host-level demand so uptime, routing, and SEO/AI discovery surfaces can be verified.
• Provide customer support and communicate service updates.

Cookies and analytics controls

Essential cookies and first-party operational telemetry stay enabled because they are used to run the service, secure buyer access paths, and verify route-level availability. Optional third-party analytics cookies remain off unless you explicitly accept them through the in-product consent controls.

AI and third-party processing

Some features may use third-party AI model providers to draft answers based on your uploaded evidence and questionnaire content. When you use these features, relevant text may be sent to those providers solely to perform the requested processing. Do not include information you are not authorized to share.

Cross-border processing and subprocessors

VeriRFP uses third-party providers for hosting, storage, billing, authentication, monitoring, and optional AI-assisted drafting. Those providers may process data in the United States or other provider-managed regions under their contractual commitments. The current inventory, transfer controls, and retention notes are published on our subprocessor page.

How we share information

We share information only as needed to provide the Service, including with vendors that help us operate the product (e.g., hosting, authentication, storage, analytics, payments, and AI providers). We may also share information to comply with law, enforce our terms, or protect the rights and safety of users and the public.

Data retention

We retain content and account data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. Workspaces may also configure retention policies and deletion schedules within the product.

Privacy rights and contract workflows

Access requests, export requests, deletion requests, correction requests, and DPA reviews are handled through a documented intake and validation workflow. That process is separate from product usage so identity, workspace scope, and legal authority can be verified before any disclosure or deletion action is executed.

Security

We use reasonable administrative, technical, and organizational safeguards designed to protect information, including encryption in transit (HTTPS) and access controls. No method of transmission or storage is 100% secure.

Your choices

• You can manage workspace membership and roles in the app.
• You can revoke API keys and tokens you created.
• You can request access, export, correction, or deletion by contacting us.

Contact

If you have questions about this Privacy Policy, contact us at admin@verirfp.com.