Back

Legal

Privacy Policy

Last updated: June 21, 2026

1. Introduction

ClearRFP (“ClearRFP,” “we,” “our,” or “us”) operates the website at clearrfp.com and the associated API (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, with whom we share it, and the choices you have regarding your information.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and organization name. This information is provided by you directly and managed through our authentication provider, Clerk.

Billing Information

If you subscribe to a paid plan, billing and payment information is collected and processed directly by Stripe. We do not store your credit card number or other payment credentials. We retain subscription status, plan tier, and billing history as needed to provide the Service.

Customer Content

You may upload documents (such as RFP files in PDF, DOCX, or XLSX format) to the Service for analysis. These documents are stored securely and processed by our AI systems on your behalf. You retain all rights to your Customer Content. We do not use your uploaded documents to train AI models or share them with third parties except as necessary to provide the Service.

Usage Data

We collect information about how you use the Service, including features accessed, analysis runs executed, exports generated, and AI model usage. This data is used to operate, improve, and bill for the Service.

Technical Data

We automatically collect certain technical information when you access the Service, including your IP address, browser type, operating system, referring URLs, and request timestamps. This information is used for security, fraud prevention, and operational monitoring.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including processing your uploaded documents with AI language models;
  • Create and manage your account and organization;
  • Process payments and manage your subscription through Stripe;
  • Send transactional emails such as analysis completion notifications and export delivery via Postmark;
  • Monitor and analyze usage patterns to improve the Service using PostHog;
  • Detect and prevent security incidents and application errors using Sentry and Cloudflare;
  • Monitor AI performance and trace AI interactions using Langfuse;
  • Respond to your support requests and communications;
  • Comply with applicable legal obligations.

We do not sell your personal information. We do not use your personal information for advertising purposes or share it with advertising networks.

4. Subprocessors

We share your information with third-party service providers (“subprocessors”) only as necessary to deliver the Service. Each subprocessor is bound by appropriate data protection obligations. Our current subprocessors are:

ProviderPurposeLocation
ClerkAuthentication and user identity managementUSA
StripePayment processing and subscription managementUSA
PostmarkTransactional email deliveryUSA
PostHogProduct analytics and feature usage measurementUSA
SentryApplication error monitoringUSA
LangfuseAI interaction tracing and performance monitoringEU/USA
CloudflareContent delivery, file storage (R2), and securityUSA/Global
OpenAIAI language model processing for document analysisUSA
Mistral AIAI language model and OCR processingEU/USA
RailwayBackend API and worker infrastructure hostingUSA
VercelFrontend web application hostingUSA/Global

We may also disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our legal rights or the safety of others.

In the event of a merger, acquisition, or sale of assets, your information may be transferred to a successor entity. We will provide notice before your information is transferred and becomes subject to a different privacy policy.

5. Data Retention

We retain your account information and Customer Content for as long as your account is active. Upon termination of your account, we will delete or anonymize your personal information within 90 days, unless we are required to retain it longer by applicable law or for legitimate business purposes such as resolving disputes or enforcing our agreements.

Uploaded documents and AI-generated analysis results are retained for the duration of your subscription and deleted within 90 days of account termination. You may request earlier deletion at any time by contacting us.

Technical logs and aggregated usage data may be retained for up to 12 months for security and operational purposes.

6. Security

We implement industry-standard technical and organizational measures to protect your information, including encrypted data transmission (TLS), encrypted storage, access controls, and continuous security monitoring. All uploaded files are stored in Cloudflare R2 with restricted access enforced via time-limited signed URLs.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your rights or interests, we will notify you as required by applicable law.

7. Your Rights (California Residents — CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) provide you with the following rights:

  • Right to Know: You may request a disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purpose for collecting it, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to Correct: You may request correction of inaccurate personal information we hold about you.
  • Right to Opt Out of Sale or Sharing: We do not sell or share your personal information as defined under the CCPA/CPRA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, please contact us at privacy@clearrfp.com. We will respond to verifiable requests within 45 days as required by law.

8. Children’s Privacy

The Service is intended for business use only and is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, please contact us immediately at privacy@clearrfp.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will provide notice via email or a prominent notice within the Service at least 14 days before the change takes effect. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

ClearRFP

Privacy inquiries: privacy@clearrfp.com

Website: clearrfp.com