scope
Scope
This Privacy Policy applies to DueBid websites, accounts, workspaces, APIs, hosted checkout handoffs, report delivery, and customer support.
Customer tender documents may contain personal data, business confidential information, commercial terms, and sensitive procurement material. Customers remain responsible for deciding what material is appropriate to submit.
roles
Privacy roles
For account, website, billing-support, security, and product-usage data, DueBid generally acts as an independent controller or business. For customer content submitted into a workspace, DueBid generally processes that material to provide the requested product features and digital report artifacts.
When checkout is handled by Lemon Squeezy or related payment-provider infrastructure, that provider independently processes payment, tax, fraud, receipt, refund, dispute, and chargeback data according to its own terms and privacy notices.
data collected
Data we collect
We collect account and workspace data such as name, email, company, role, authentication state, workspace membership, preferences, invitation records, and support communications.
We collect customer content such as tender documents, RFP text, addenda, proposal files, uploaded evidence, comments, reviewer decisions, report artifacts, document metadata, and workspace activity needed to provide DueBid.
We collect technical and security data such as IP address, device and browser data, session events, audit logs, file integrity checks, access logs, API requests, error events, and abuse-prevention signals.
billing data
Billing and payment data
DueBid does not intentionally collect or store full card numbers, bank account numbers, card security codes, or other full payment credentials.
DueBid receives limited billing metadata from checkout and billing providers, such as customer identifiers, order identifiers, product or plan identifiers, subscription status, payment status, currency, tax, amount, invoice or receipt references, refund status, and portal availability.
uses
How we use data
We use data to provide and secure the application, process uploaded material, generate and review digital report artifacts, verify payment state, provision subscriptions and report credits, provide support, monitor reliability, prevent abuse, comply with law, and improve product quality.
We do not use customer tender material to train general-purpose models for other customers. Cross-customer reuse of customer tender material is not permitted.
legal bases
Legal bases
Where GDPR or similar law applies, our legal bases may include performance of a contract, legitimate interests in operating and securing the service, compliance with legal obligations, consent where required, and establishment or defense of legal claims.
You can withdraw consent where processing is based on consent. Withdrawal does not affect processing that already occurred or processing required for legal, security, billing, or contractual reasons.
sharing
How we share data
We share data with service providers that help operate DueBid, including hosting, storage, security scanning, monitoring, analytics, communications, model-processing, support, billing, tax, subscription, and payment providers.
We may share data when required by law, to protect rights and security, to investigate misuse, to complete a merger or financing transaction, or with your direction through workspace integrations and authorized users.
DueBid does not sell personal information for money and does not share customer tender material for cross-context behavioral advertising.
subprocessors
Subprocessors
DueBid's subprocessor categories include cloud hosting, object storage, security and malware scanning, email and support tooling, monitoring and analytics, AI/model processing, and hosted checkout and billing providers.
Lemon Squeezy and its payment-provider infrastructure process checkout, subscription, tax, invoice, refund, and chargeback data when used for DueBid purchases. A current named subprocessor list requires approved launch content before publication.
retention
Retention and deletion
Workspace documents and report artifacts are retained while the workspace is active or while needed to deliver the purchased digital product, maintain customer-requested company memory, support auditability, or comply with law.
Verified deletion requests are processed through the approved deletion workflow unless retention is required for security, legal, tax, accounting, billing, dispute, fraud-prevention, or backup integrity reasons. Backups and disaster-recovery copies are overwritten on their normal cycle.
Billing, tax, invoice, security, audit, and dispute records may be retained longer where required for compliance, accounting, chargeback defense, or fraud prevention.
security
Security
DueBid uses access controls, workspace authorization, secure download gates, server-side validation, audit logging, transport security, and file-safety controls designed to protect confidential tender material.
No system is perfectly secure. Report suspected unauthorized access, unsafe file handling, or security incidents through the approved public security contact once it is configured.
international
International processing
DueBid and its providers may process data in countries different from where users are located. Where required, DueBid uses contractual, organizational, and technical measures intended to support lawful transfers.
Do not submit data that cannot lawfully be transferred to or processed by the systems needed to provide DueBid.
rights
Privacy rights
Depending on your location, you may have rights to access, correct, delete, restrict, object to, or receive a copy of personal data. You may also have rights to opt out of certain processing or lodge a complaint with a supervisory authority.
Send privacy requests through the approved public privacy contact once configured. DueBid may need to verify your identity, authority, workspace role, and the scope of the request before acting.
children
Children
DueBid is intended for business users and is not directed to children. Do not use DueBid if you are under 18, and do not intentionally submit children's personal data unless it is lawful and necessary for the requested tender workflow.
contact
Contact
Privacy, security, billing, and product-support contacts require approved launch content before production publication. Until then, use the request-review flow for pre-launch questions.
DueBid may update this Privacy Policy as the product, providers, legal requirements, or business operations change.