Privacy Policy

We collect information you provide directly to us when you create an account, such as your name, email address, organization details, and profile information. When using our platform, we collect usage data including pages viewed, features used, search queries, and interaction patterns to improve our services.

Our platform automatically collects technical information including IP addresses, browser type and version, device information, operating system, and referral sources. We use cookies and similar technologies to maintain your session, remember your preferences, and analyze platform performance.

When you upload documents or create proposals, we collect and process this content to provide our AI-powered analysis and generation services. We also collect data about your tender preferences, scoring history, and proposal templates to personalize your experience and improve our algorithms.

We use your information to provide and maintain our tender management services, including account authentication, tender matching, AI-powered analysis, and proposal generation. Your data helps us personalize your experience by showing relevant tenders and customizing AI outputs based on your organization's profile.

We analyze usage patterns and platform performance to improve our services, develop new features, and optimize user experience. This includes using aggregated, anonymized data to train and improve our AI models while protecting individual privacy and confidential business information.

We may use your contact information to send important service notifications, security alerts, and updates about new features. With your consent, we may also send promotional communications about relevant services, which you can opt out of at any time through your account settings.

We do not sell, trade, or rent your personal information to third parties. We may share your information with trusted service providers who assist us in operating our platform, such as cloud hosting services, AI providers like OpenAI, and email delivery services. These providers are contractually bound to protect your information and use it only for specified purposes.

Within your organization, information may be shared with other members based on the access permissions configured by your organization administrator. We implement role-based access controls to ensure team members only see information relevant to their responsibilities.

We may disclose your information if required by law, court order, or government regulation, or if we believe in good faith that such disclosure is necessary to protect our rights, your safety, or the safety of others. In the event of a business transfer or merger, your information may be transferred as part of the transaction, subject to the same privacy protections.

We implement industry-standard security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure authentication protocols, regular security audits, and access controls limiting who can view your information.

Our platform uses secure cloud infrastructure with redundant backups and disaster recovery procedures. We regularly update our security practices and conduct vulnerability assessments to identify and address potential risks. All employees with access to user data undergo security training and background checks.

While we take extensive precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly notifying you of any security breaches that may affect your personal information in accordance with applicable laws.

We retain your personal information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Account information is maintained while your account is active and for a reasonable period afterward to facilitate account reactivation and provide historical data access.

Proposal and tender data may be retained longer for legitimate business purposes, including contract fulfillment, legal compliance, and service improvement. We implement automated data retention policies to regularly review and delete unnecessary data while preserving information required for legal or regulatory compliance.

You may request deletion of your personal information at any time, subject to our legal obligations and legitimate business interests. Upon account deletion, we will remove or anonymize your personal information within a reasonable timeframe, typically 30-90 days, while preserving aggregated, non-identifiable data for analysis purposes.

You have the right to access, update, or delete your personal information through your account settings or by contacting us directly. You can review and modify your profile information, organization details, and privacy preferences at any time through the platform interface.

You have the right to request a copy of your personal data in a portable format and to object to certain types of data processing. Under applicable privacy laws like GDPR, you may also have rights to data rectification, restriction of processing, and the right to lodge complaints with supervisory authorities.

You can control email communications through your account preferences and unsubscribe from promotional emails at any time. You may also request that we stop processing your data for marketing purposes while continuing to provide core platform services. We will respond to privacy requests within the timeframes required by applicable law.

As a platform serving organizations across Europe, we may transfer your personal information to countries outside the European Economic Area (EEA) for processing by our service providers. When we do so, we ensure appropriate safeguards are in place through adequacy decisions, standard contractual clauses, or other approved mechanisms.

Our primary data processing occurs within the EEA using cloud infrastructure that complies with European data protection standards. For AI services provided by third parties like OpenAI, we implement contractual protections and technical measures to maintain privacy and security standards equivalent to those required under European law.

We regularly review our international data transfer practices to ensure compliance with evolving privacy regulations and court decisions. You can contact us for specific information about the safeguards we use for international transfers of your personal data.

Sunday Roast is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Organizations using our platform are responsible for ensuring that their team members meet the minimum age requirements and have proper authorization to access and use business tools. If you believe we have collected information from a minor, please contact us immediately so we can investigate and take appropriate action.

Parents or guardians who discover that their child has provided personal information to us should contact us using the information provided in this Privacy Policy. We will work to verify the request and delete the information if appropriate.

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how we handle your personal information, please contact us through the support channels available in your Sunday Roast account or by email to our privacy team.

For data protection inquiries, you can also contact our Data Protection Officer who oversees privacy compliance and can assist with requests related to your personal information. We commit to responding to privacy inquiries within reasonable timeframes and in accordance with applicable legal requirements.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will notify you of any material changes through the platform and by email. The updated policy will be effective immediately upon posting, and your continued use of the service constitutes acceptance of the changes.