Privacy Policy

Who we are

Biddexia (“we”, “us”, “our”) is an independent early-stage software product serving the UK public-sector procurement market. We monitor public tender notices, detect changes and score opportunities so bid teams can decide what to pursue. Biddexia is not currently incorporated as a UK company. For the personal data described in this policy, Biddexia is the data controller, and you can reach us at any time at contact@biddexia.com for any privacy, legal or support enquiry.

The information we collect

Account and profile information

When you create an account we collect your name, work email address, company name and role, along with the sectors, regions and contract types you tell us you work on. We use this to set up your account and personalise the opportunities we show you.

Product and usage information

As you use the product we store the keywords you save, the tenders you star or track, the AI bid audits you run and your notification preferences. This is what makes your radar work.

Prospect and outreach information

Before you are a customer we may hold a small amount of business contact data so we can introduce Biddexia to organisations that appear to work on UK public-sector bids. We keep this to the minimum needed: company name, company domain, the public source we found it from, a contact name and role where available, a work email address, and the status of any contact (for example new, sent, replied or do-not-contact). We do not buy bulk consumer data.

Technical, analytics and anti-spam information

We collect standard technical data such as your IP address, device and browser type, and how you move through our pages, using privacy-conscious analytics. We also use anti-spam protection on our forms. This helps us keep the service secure and understand what is useful.

How we use your information

• To provide the service: matching tenders, change signals, AI bid-fit checks and alerts.
• To set up and manage your account, subscription and billing.
• To send service messages, digests and alerts you have asked for.
• To introduce Biddexia to relevant organisations by business email, with a clear opt-out in every message.
• To improve the product, keep it secure, and prevent abuse.
• To meet our legal and accounting obligations.

Our legal bases

Under the UK GDPR we rely on the following legal bases:

• Contract. To provide the service to account holders and to manage billing.
• Legitimate interests. For limited business-to-business outreach to relevant organisations, for analytics, and for keeping the service secure. We balance these interests against your rights, and you can object at any time.
• Consent. Where consent is required, for example certain marketing messages. You can withdraw consent at any time.
• Legal obligation. To keep records we are required to keep.

Where prospect data comes from

Business contact data is taken from public sources such as company websites, Companies House and reputable email verification tools. We record the source of the data we hold. We treat sole traders and partnerships with extra care, and we maintain a suppression list so that anyone who asks not to be contacted is not contacted again.

Who we share information with

We do not sell your personal data. We share it only with the service providers that help us run Biddexia, under contracts that require them to protect it. These include:

• Supabase, for database and authentication.
• Stripe, for payments and subscription billing.
• Resend, for transactional and lifecycle email.
• Twilio, for WhatsApp alerts (only if you enable them).
• Google and Groq, for the AI that scores opportunities.
• PostHog and Vercel, for hosting and product analytics.
• hCaptcha, for spam protection on our forms.

We may also disclose information where we are required to by law.

International transfers

Some of our providers are based outside the UK. Where personal data is transferred internationally, we rely on appropriate safeguards such as the UK International Data Transfer Agreement or Standard Contractual Clauses.

How long we keep information

We keep personal data only for as long as we need it. Account data is kept while your account is active and for a reasonable period afterwards. Prospect data is kept only while it is relevant, and is removed when someone opts out. Billing records are kept for as long as the law requires.

Your rights

You have the right to:

• access the personal data we hold about you;
• ask us to correct it if it is wrong;
• ask us to delete it;
• object to or restrict how we use it;
• ask for a copy in a portable format;
• withdraw any consent you have given.

To exercise any of these rights, email contact@biddexia.com. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk, although we would appreciate the chance to put things right first.

Marketing and opt-out

Every outreach and marketing email includes a clear way to unsubscribe. You can also reply asking us to stop, or email contact@biddexia.com, and we will add you to our suppression list and not contact you again.

Cookies and similar technologies

We use a small number of cookies and similar technologies to keep you signed in, remember your preferences and understand how the service is used. You can control cookies through your browser settings.

Security

We protect personal data with encryption in transit and at rest, access controls and reputable infrastructure providers. No system is perfectly secure, but we take reasonable steps to keep your information safe.

Children

Biddexia is a business tool and is not intended for anyone under 18. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. When we make a material change we will update the date at the top of this page.

How to contact us

For any privacy question or request, email contact@biddexia.com. Biddexia serves the UK procurement market.