Privacy Policy

Last updated: 16 March 2026

This privacy policy explains how Overpass Apps Ltd ("we", "us", "our") collects, uses, and protects your personal data when you use the TenderDraft website and service ("Service").

1. Data Controller

Overpass Apps Ltd is the data controller for the purposes of UK GDPR and the Data Protection Act 2018.

Contact: [email protected]

2. Information We Collect

Waitlist sign-up:

• Email address
• Name (optional)

When the product launches, we will also collect:

• Business name, address, and contact details
• Tender response content that you input or upload
• Company documents (policies, certifications, case studies, insurance details)
• Account credentials (email and hashed password)
• Payment information (processed securely via our payment provider; we do not store card details)

Automatically collected:

• Usage analytics via Google Analytics 4 (anonymised page views, session duration, device type)
• IP address (anonymised in analytics)
• Browser type and operating system

3. How We Use Your Data

• To provide and improve the TenderDraft service
• To notify you about product launch and updates (waitlist)
• To generate AI-powered tender response drafts based on your input
• To store your company profiles and content library for reuse
• To process payments and manage your subscription
• To analyse usage patterns and improve the service
• To respond to support requests

4. Legal Basis for Processing

• Consent: Waitlist sign-up, marketing communications
• Contract: Providing the service you have subscribed to
• Legitimate interest: Improving the service, analytics, security

5. Data Security

We understand that tender responses contain commercially sensitive information. We take the security of your data seriously:

• All data is encrypted in transit (TLS/HTTPS) and at rest
• Your tender content is stored securely and is never shared with other users
• Your documents and responses are never used to train AI models
• Access to production systems is restricted to authorised personnel only
• We conduct regular security reviews of our infrastructure

6. Data Sharing

We do not sell your personal data. We may share data with:

• AI processing providers: To generate tender response drafts (your content is processed but not stored or used for training by these providers)
• Payment processors: To handle subscription billing securely
• Analytics providers: Google Analytics 4 (anonymised data only)
• Email service providers: To send product updates and notifications

We will never share your tender content, company documents, or commercially sensitive information with third parties for their own purposes.

7. Data Retention

• Waitlist data: retained until product launch or until you request removal
• Account data: retained for the duration of your subscription and 30 days after cancellation
• Tender content and documents: retained until you delete them or close your account
• Analytics data: anonymised and retained for up to 14 months

8. Your Rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Rectify inaccurate personal data
• Erase your personal data ("right to be forgotten")
• Restrict processing of your personal data
• Data portability (receive your data in a structured format)
• Object to processing based on legitimate interest
• Withdraw consent at any time

To exercise any of these rights, contact us at [email protected].

9. Cookies

We use essential cookies for site functionality and analytics cookies (Google Analytics 4) to understand how visitors use the site. Analytics cookies are set with consent mode enabled — analytics storage is granted, but advertising storage is denied by default.

10. International Transfers

Some of our service providers may process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or adequacy decisions.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or a notice on the website. The "Last updated" date at the top of this policy indicates when it was last revised.

12. Complaints

If you have a complaint about how we handle your data, please contact us first at [email protected]. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.