TenderAiroTenderAiro
LoginStart Free Trial

Privacy Policy

Last updated: March 2026

1. Data Controller

Find a Contract Ltd ("we", "us", or "our"), registered in England and Wales, is the data controller for the personal data processed through the Find a Contract platform. We are responsible for deciding how your personal data is collected, used, and protected.

If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at support@findacontract.co.uk.

2. What Data We Collect

We collect the following categories of personal data when you use the Service:

  • Account information: Name, email address, password (hashed), job title, and organisation name provided during registration.
  • Organisation data: Company details, sectors, frameworks, certifications, geographic coverage, and contract value preferences entered in the supplier profile.
  • Usage data: Pages visited, features used, search queries, saved searches, pipeline activities, watchlist items, and FOI requests created within the platform.
  • Technical data: IP address, browser type, device information, and session data collected automatically when you access the Service.
  • Payment data: Billing information is collected and processed by Stripe. We do not store full card numbers on our servers.
  • Communications: Content of any support requests, feedback, or correspondence you send us.

3. Lawful Basis for Processing (GDPR)

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, we process your personal data on the following lawful bases:

  • Contract performance (Article 6(1)(b)): Processing necessary to provide the Service to you, including account management, contract matching, AI analysis, pipeline tracking, and subscription billing.
  • Legitimate interests (Article 6(1)(f)): Processing for our legitimate business interests, including improving the Service, analysing usage patterns, preventing fraud, and ensuring platform security. We balance these interests against your rights and freedoms.
  • Consent (Article 6(1)(a)): Where we rely on consent, such as for marketing communications or optional analytics cookies, you may withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Legal obligation (Article 6(1)(c)): Processing required to comply with applicable laws, including tax and financial regulations.

4. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Providing and operating the Find a Contract platform, including contract search, matching, and alerts.
  • Generating AI-powered match scores, contract briefs, and bid assessments using your supplier profile data.
  • Processing subscription payments and managing your billing account through Stripe.
  • Sending transactional emails including alert notifications, digest summaries, and account confirmations.
  • Responding to support requests and communications.
  • Improving the Service through aggregated, anonymised usage analytics.
  • Complying with legal obligations and enforcing our Terms and Conditions.

5. Data Processors and Third Parties

We use the following third-party data processors to deliver the Service. Each processor is bound by data processing agreements and processes data only on our instructions:

  • Supabase (EU-hosted): Database hosting, authentication, and backend services. Your account data, organisation data, and platform content are stored in Supabase PostgreSQL databases hosted within the European Union.
  • Stripe: Payment processing for subscriptions. Stripe processes your payment card details and billing information in accordance with PCI DSS Level 1 standards.
  • Resend: Transactional email delivery for notifications, alerts, digests, and team invitations.
  • Anthropic: AI analysis provider. When you request AI-generated match scores, contract briefs, or bid assessments, relevant contract data and your supplier profile are sent to Anthropic's Claude API for processing. Anthropic does not use this data for model training.
  • Vercel: Application hosting and serverless function execution.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained for the duration of your subscription plus 30 days after account termination, during which you may request a data export.
  • Usage logs and analytics: Retained in aggregated, anonymised form for up to 24 months.
  • AI analysis cache: Contract briefs and match analyses are cached for 24 hours, then regenerated on request.
  • Audit logs: Retained for 12 months to support security and compliance requirements.
  • Payment records: Retained as required by UK tax and financial regulations (typically 6 years).

After the applicable retention period, personal data is securely deleted or irreversibly anonymised.

7. Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data. You can also update most information directly through your account settings.
  • Right to erasure: You may request deletion of your personal data where there is no compelling reason for its continued processing.
  • Right to data portability: You may request your personal data in a structured, commonly used, machine-readable format for transfer to another service.
  • Right to object: You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Right to restrict processing: You may request restriction of processing in certain circumstances, such as when accuracy is contested.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at support@findacontract.co.uk. We will respond within one month, as required by law.

8. Cookies

We use cookies and similar technologies to operate the Service. For full details on the cookies we use and how to manage them, please see our Cookie Policy.

9. International Data Transfers

Your primary data is stored in Supabase databases hosted within the European Union. However, some of our data processors (including Anthropic and Stripe) may process data in the United States.

Where personal data is transferred outside the UK and EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office (ICO) and the European Commission, or reliance on adequacy decisions where applicable.

10. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS) and at rest, access controls with role-based permissions, regular security reviews, and Row-Level Security (RLS) policies at the database level to enforce multi-tenant data isolation.

While we take reasonable steps to protect your data, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

11. Children's Privacy

The Service is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly.

12. Data Protection Officer

For data protection enquiries, please contact our Data Protection Officer at support@findacontract.co.uk.

13. Complaints

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first at support@findacontract.co.uk so we can attempt to resolve your concern before you escalate to the ICO.

14. Contact

Find a Contract Ltd
Registered in England and Wales
Email: support@findacontract.co.uk
Website: findacontract.co.uk