Skip to content

Privacy Policy

Last updated: 22 January 2026

1. Introduction

Gwinva Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you use MyBidTeam.

Gwinva Ltd is the data controller for personal data processed through MyBidTeam. We are registered in England and Wales (Company No. 16854456) and registered with the Information Commissioner's Office (ICO Registration: ZC044445).

2. Data We Collect

We collect the following types of data:

Account Information

  • Name and email address
  • Password (securely hashed)
  • Organisation name

Business Information (Your "Vault")

  • Company details and accreditations
  • Team member information
  • Case studies and past project details
  • Policies and certifications

Compliance Information

You may optionally provide compliance-related information to support your bid responses:

  • Insurance details (provider, policy number, cover amount, expiry date) for Public Liability, Employers' Liability, and Professional Indemnity insurance
  • Policy summaries (key commitments and review dates) for Health & Safety and GDPR/Data Protection policies

Important: We store this information to help generate compliant bid responses. We display expiry warnings as a convenience only. We are not your compliance advisor and you remain solely responsible for maintaining valid insurance and up-to-date policies. MyBidTeam does not verify, validate, or guarantee the accuracy of any compliance information you provide.

Tender and Bid Data

  • Tender documents you upload
  • Generated bid responses
  • Analysis and strategy reports

Technical Data

  • IP address and browser information
  • Device type and operating system
  • Usage data and interaction logs

3. How We Use Your Data

We use your data to:

  • Provide the MyBidTeam service, including generating bid responses
  • Store your business information in your Vault for future bids
  • Process payments
  • Send service-related communications
  • Improve our service and user experience
  • Comply with legal obligations

4. Legal Basis for Processing

We process your data on the following legal bases:

  • Contract: To provide the service you have purchased
  • Legitimate interests: To improve our service and prevent fraud
  • Legal obligation: To comply with applicable laws
  • Consent: For marketing communications (where applicable)

5. Data Sharing

We do not sell your data. We share data only with:

  • AI Service Providers: Tender content and vault data is processed by AI services (Anthropic Claude) to generate bid responses. This data is processed under strict data processing agreements.
  • Payment Processors: Stripe processes payment information. We do not store full card details.
  • Hosting Providers: Our infrastructure is hosted on secure cloud platforms (Vercel, Supabase).
  • Legal Requirements: We may disclose data if required by law or to protect our rights.

6. Data Retention

We retain your data as follows:

  • Account data: Until you close your account
  • Vault data: Until you delete it or close your account
  • Compliance data: Insurance and policy information is retained until you delete it or close your account. Snapshots of compliance data used in bid generation are retained with bid data.
  • Bid data: 7 years (for tax and legal compliance)
  • Technical logs: 90 days

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

  • Encryption in transit (TLS) and at rest
  • Secure authentication and access controls
  • Regular security assessments
  • Staff training on data protection

8. Your Rights

Under UK GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Erasure: Request deletion of your data
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a portable format
  • Objection: Object to certain processing

To exercise these rights, contact us at hello@mybidteam.com. We will respond within one month.

9. International Transfers

Some of our service providers are based outside the UK. When we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

10. Cookies

We use cookies to operate our service. For details, please see our Cookie Policy.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website.

12. Contact and Complaints

If you have questions or concerns about this policy, contact us at:

Gwinva Ltd
Email: hello@mybidteam.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.