Skip to main content
RapidRFP

Privacy Policy

Last Updated: December, 2025

This Privacy Policy explains how the RapidRFP.ai platform, websites, and related services ("Service") collect, use, store, and protect information. By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use.

1. Information We Collect

We collect the following information when you use the Service:

1.1 Account Information

  • Name, email address, password, and organization-related details.
  • Billing information if you subscribe to a paid plan.

1.2 User Content

  • Documents, text, questionnaires, data, and other materials you upload or submit through the Service.
  • User Content remains your property.
  • We process User Content only to operate, maintain, and improve the Service.
  • We do not use User Content to train public or shared AI models.

1.3 Usage Data

Information automatically collected, including:

  • IP address
  • Browser type and device information
  • Access times
  • Pages viewed
  • Features used
  • System logs and error reports

1.4 Cookies & Tracking

We use cookies and similar technologies for:

  • Session management
  • Authentication
  • Analytics
  • Feature personalization

You may block cookies, but some features may not function properly.

Cookies and Tracking Technologies

The Service uses cookies and similar technologies (such as local storage, tags, and analytics scripts) to operate the platform, maintain secure sessions, remember preferences, and understand how the Service is used. These technologies help improve performance, enhance user experience, and support essential functionality.

Where required by applicable law, including GDPR, we will request consent before using non-essential cookies or tracking technologies.

2. How We Use Information

We use the information we collect to:

  • Provide and operate the Service
  • Process and analyze User Content to generate AI Output
  • Improve platform performance, reliability, and features
  • Communicate with you about updates, billing, and support
  • Detect, prevent, and respond to security incidents
  • Comply with legal obligations

We do not sell personal data.

3. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), personal data is processed under one or more of the following legal bases:

  • Contract performance – to deliver the Service
  • Legitimate interest – platform functionality, analytics, security
  • Consent – when explicitly required (e.g., optional cookies)
  • Legal obligation – compliance with applicable law

You have rights under GDPR, described in Section 8.

4. How We Share Information

We do not share your information except in the following limited circumstances:

4.1 Service Providers

We use trusted third-party providers for:

  • Cloud hosting
  • AI model processing
  • Payment processing
  • Error monitoring
  • Customer support tools

These providers only access data as needed to perform services on our behalf.

4.2 Compliance & Legal

We may disclose information where required to:

  • Comply with laws
  • Respond to lawful requests
  • Protect our rights, safety, or security
  • Prevent fraud or misuse

4.3 Business Continuity

If ownership or operation of the Service changes (e.g., merger, acquisition), data may transfer as part of the transaction, subject to continued protection.

5. AI Processing and Model Usage

The Service uses third-party AI models and internal algorithms to process User Content and generate AI Output.

We ensure:

  • User Content is not used to train public AI models
  • User Content is processed securely and transiently where required
  • Access is restricted and logged in alignment with SOC 2 principles

6. Security

We implement administrative, technical, and physical safeguards in line with SOC 2 security practices, including:

  • Encryption in transit (HTTPS/TLS)
  • Restricted access controls
  • Secure credential storage
  • Periodic security reviews
  • Logging and monitoring
  • Disaster recovery backups

However, no system is completely secure. You upload User Content at your own risk.

7. Data Retention

We retain:

  • User Content: Only as long as needed to provide the Service or as required by law
  • Account Data: While your account remains active
  • Backups: Temporary retention for security and disaster recovery
  • Billing Records: As required for financial compliance

Upon account closure:

  • User Content may be deleted after a defined retention window
  • Backup copies may persist for a limited period and are automatically purged

You may request deletion where permitted by law (see Section 8).

8. Your Rights (GDPR & Global)

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your data ("right to be forgotten")
  • Restrict or object to processing
  • Port your data to another service
  • Withdraw consent where processing is based on consent

Requests can be submitted to support@RapidRFP.ai.

We may need to verify your identity before processing requests.

9. International Data Transfers

Data may be processed or stored in locations outside your country. We use safeguards consistent with GDPR requirements, such as:

  • Standard Contractual Clauses (SCCs)
  • Data processing agreements
  • Secure hosting environments

10. Children's Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal information from minors.

11. Links to Third-Party Sites

The Service may contain links to external websites. We are not responsible for the privacy practices or content of third-party sites.

12. Changes to This Policy

We may update this Privacy Policy periodically. The updated version will be posted on our website, and continued use of the Service constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

support@RapidRFP.ai