Privacy Policy

Last updated: February 2025

1. Introduction

RFP Platform Quest ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at rfp.quest.

By using RFP Platform Quest, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

  • Email address (used for authentication and communication)
  • Password (securely hashed, never stored in plain text)
  • Company profile information you provide (company name, size, sectors, etc.)

2.2 Usage Data

  • Tenders you view and save
  • Search queries and filter preferences
  • Feature usage patterns
  • Device and browser information
  • IP address and approximate location

2.3 Tender Data

We fetch publicly available UK government tender data from the Find a Tender service. This data is published under the Open Government Licence and is available to the public.

3. How We Use Your Information

  • To provide and maintain our service
  • To authenticate your account and secure your data
  • To match you with relevant tenders based on your company profile
  • To improve and personalise your experience
  • To analyse usage patterns and improve our platform
  • To send service-related communications
  • To respond to your support requests

4. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience:

  • Essential cookies: Required for authentication and core functionality
  • Preference cookies: Remember your settings and choices
  • Analytics cookies: Help us understand how you use RFP Platform Quest

You can control cookies through your browser settings. Disabling certain cookies may affect your experience.

5. Data Sharing and Third Parties

We work with trusted third-party service providers:

  • Neon: Database hosting (PostgreSQL)
  • Vercel: Website hosting and deployment
  • Railway: Background service hosting
  • OpenAI: AI-powered analysis features (when used)
  • Cloudflare: Content delivery and security

We do not sell your personal information to third parties. Data sharing is limited to what is necessary for service operation.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Aggregated, anonymised data may be retained indefinitely for analytics purposes.

7. Your Rights

Under UK GDPR and the Data Protection Act 2018, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Delete your account and associated data
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a structured format
  • Object: Object to certain processing activities

To exercise these rights, please contact us at privacy@rfp.quest or use the account deletion feature in your account settings.

8. Data Security

We implement appropriate technical and organisational measures to protect your data:

  • Encrypted data transmission (HTTPS/TLS)
  • Secure password hashing
  • Regular security updates and monitoring
  • Access controls and authentication

9. Children's Privacy

RFP Platform Quest is not intended for users under 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

← Back to RFP Platform Quest