B
Get Started

Privacy Policy

Last updated: 24 March 2025

1. Overview

Biddexia (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy in accordance with the UK General Data Protection Regulation (UK-GDPR) and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, store, and protect your data when you use our platform.

For questions, contact our Data Protection contact at privacy@biddexia.com.

2. Data We Collect

We collect and process the following categories of data:

  • Account data: Name, email address, and authentication credentials provided during registration.
  • Usage data: Pages visited, features used, session duration, and interaction logs for product improvement.
  • Business data (B2B): Strategic memos, tender documents, pipeline notes, and any other content you upload or create within the Platform.
  • Communication data: Messages sent via WhatsApp alerts and email notifications where you have opted in.
Security

3. Private Data Silos

All business-sensitive information you inject into Biddexia — including strategic memos, draft proposals, custom pipeline configurations, uploaded tender documents, and competitive analysis — is stored in encrypted Private Data Silos.

Each organisation's Private Silo is logically and cryptographically isolated from all other accounts. Data stored in your Private Silo:

  • Is encrypted at rest using AES-256 encryption.
  • Is encrypted in transit using TLS 1.2+.
  • Is never shared with, sold to, or accessible by other organisations.
  • Is retained only for as long as necessary to provide the Service, or until you request deletion.

4. Zero-Training Commitment

Biddexia explicitly opts out of AI model training on private B2B data. We do not permit any AI or large language model (LLM) provider we work with to use your private business data — including uploaded documents, pipeline data, strategic memos, or custom configurations — for the purposes of training, fine-tuning, or improving any AI model.

This commitment applies to all data stored in your Private Silo. We contractually require our AI infrastructure providers to honour this opt-out in accordance with applicable data processing agreements and UK-GDPR obligations. Public procurement data sourced from government datasets is not subject to this restriction, as it is publicly available information.

5. Legal Basis for Processing

Under UK-GDPR, we process your personal data on the following legal bases:

  • Contract performance (Art. 6(1)(b)): To provide the Service you have subscribed to.
  • Legitimate interests (Art. 6(1)(f)): To improve the Platform, detect fraud, and ensure security.
  • Consent (Art. 6(1)(a)): For optional communications such as WhatsApp alerts and marketing emails.
  • Legal obligation (Art. 6(1)(c)): Where required by applicable law.

6. Your Rights Under UK-GDPR

As a data subject under UK-GDPR, you have the following rights:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate data.
  • Right to erasure: Request deletion of your personal data (“right to be forgotten”).
  • Right to restrict processing: Ask us to limit how we use your data.
  • Right to data portability: Receive your data in a machine-readable format.
  • Right to object: Object to processing based on legitimate interests.

To exercise any of these rights, email privacy@biddexia.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

7. Data Retention

We retain personal data for as long as your account is active or as needed to provide the Service. Upon account deletion, personal data is permanently erased within 30 days, except where retention is required by law.

8. Third-Party Processors

We use trusted third-party processors to operate the Platform (e.g., cloud infrastructure, payment processing, email delivery). All processors are bound by Data Processing Agreements (DPAs) that comply with UK-GDPR. We do not sell personal data to third parties.

9. Cookies

We use strictly necessary cookies to operate the Platform and, with your consent, analytics cookies to understand usage patterns. You can manage cookie preferences in your browser settings at any time.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or a prominent notice on the Platform. Continued use after the effective date constitutes acceptance of the updated Policy.

See also: Terms of Service