Privacy Policy

BidSquirrel is a service operated by Orcana Ltd, a company registered in England & Wales, whose registered office is Registered office address — to be confirmed.

Orcana Ltd is the data controller for the personal data described in this notice. If you have any questions or want to exercise your rights, contact us at privacy@bidsquirrel.co.uk.

• Account data — your email address and authentication details (managed by our auth provider, Supabase).
• Business profile — information you give us about your business (name, sectors, capabilities, contract-value range, locations served, accreditations, insurance, financial standing, growth objectives, website, company number) so we can match tenders to you.
• Usage data — alerts you set, and tenders you save, track, and mark as applied/won/lost.
• Uploaded documents (ITTs) — processed in memory to generate guidance and never stored; only the short text guidance output is retained.
• Payment data — handled entirely by Stripe. We never see or store your full card details; we hold only a customer/subscription reference and your plan status.
• Technical data — standard server logs (IP address, browser type, timestamps) used for security and to keep the service running.

• To provide the service — matching, scoring, guidance, tracking and the email digests you request. Lawful basis: performance of our contract with you.
• To take payment and manage your subscription. Lawful basis: performance of our contract; compliance with our legal (tax/accounting) obligations.
• To secure, maintain and improve the service and prevent abuse. Lawful basis: our legitimate interests in running a safe, reliable product.
• To send service messages (e.g. security, billing, important changes). Lawful basis: performance of our contract / legitimate interests.

We do not sell your data, and we do not use it for third-party advertising.

Our matching, scoring and bidding guidance are generated by sending your business profile and the relevant tender text to our AI provider, Anthropic. Your data is not used to train AI models — neither by us nor by Anthropic under our business terms. AI output is decision support and can be incomplete or wrong (see our Terms).

We rely on a small set of trusted providers who process data on our behalf, under contract:

We also call public data services (e.g. UK Companies House and postcodes.io) to enrich tender and profile data; these receive only the specific lookup value (such as a company name or postcode), not your account.

Some providers above are based in the USA. Where your personal data is transferred outside the UK, we rely on the UK's International Data Transfer Agreement / Addendum to the EU Standard Contractual Clauses (or an applicable adequacy decision) so that it remains protected to UK standards.

• Account and profile data — for as long as your account is active.
• Uploaded ITT files — discarded immediately after processing; not stored.
• After you delete your account — your personal data is removed promptly; limited billing/transaction records may be retained where we are legally required to keep them (e.g. for tax, normally up to 6 years).
• Backups containing data may persist for a short rolling period before being overwritten.

Under UK GDPR you have the right to access, correct, delete, restrict, port and object to the processing of your personal data, and to withdraw any consent.

You can delete your account and associated data yourself at any time from your account settings. To exercise any other right, email privacy@bidsquirrel.co.uk. We will respond within one month.

We use only essential cookies needed to keep you signed in and to keep the service secure. We do not use advertising or third-party tracking cookies. If we add analytics in future, we will ask for your consent first.

If you are unhappy with how we handle your data, please contact us first so we can put it right. You also have the right to complain to the ICO — ico.org.uk/make-a-complaint, or the ICO helpline on 0303 123 1113.

We may update this notice from time to time. We will post the new version here and update the date above; significant changes affecting you will be notified by email.