Privacy, written for RFPScan.

• The PDF you upload, only if you choose to upload one. (Use the sample RFP if you don’t want to upload anything.)
• Your email, if you enter it, or if you arrived through a personalized link we sent you.
• Basic visit metadata, standard request data (IP address, user agent, timestamps) used to operate the site and stop abuse.

We send it to Google Gemini, which reads it and returns a structured list of requirements. We render that list into a branded PDF and hand it back to you. Then we delete it.

Your uploaded RFP is permanently deleted within 60 seconds of generating the summary. The result page shows the exact deletion time, in Pacific Time, as a receipt. Your summary itself (the extracted requirements and the PDF) is retained for 24 hours so you can come back to it or share the link with a colleague, then permanently deleted.

• We don’t link your upload to your identity. This is built into the architecture, not just a policy. Your identity (email, the link you clicked) is stored under one id. The file you upload is processed under a separate, randomly generated id that has no column, key, or join connecting it back to you. Even with full access to our database, we could not tell you which RFP any given person uploaded. We designed it that way on purpose.
• We don’t profile contractors or build a dossier on your bidding.
• We don’t sell competitive intelligence. We will never sell, rent, or hand another contractor information about what you’re bidding.
• We don’t share your uploaded content with anyone except Google Gemini, for the few seconds it takes to analyze the file.

Google, and no one else. Your PDF passes to Google’s Gemini API for the brief processing window. We do not use your file to train any model, and we ask Google not to either. See Google’s data policy for the Gemini API. Beyond Google, no third party receives your RFP or its contents.

• Your email / name (if you provided them): retained for up to 90 days of inactivity, then automatically purged.
• Your summary: the extracted requirements and the generated PDF are stored under a random session id, with no link to you or your identity, so you can come back to the result or share the link. Retained for 24 hours, then permanently deleted.
• Your uploaded RFP (the original file): deleted within 60 seconds of generating your summary and never retained.

You can ask us to delete the record tied to your email at any time. Email privacy@bidshelf.com and we’ll remove it and confirm. (We can act on your email record. We can’t retrieve an uploaded RFP for you, by design, it’s already gone and was never tied to you.)

Construction is competitive. Bidder lists are sometimes confidential. Handing your RFP to an unfamiliar tool is a real trust decision, and a boilerplate policy that could describe any website doesn’t earn that trust. We wrote this one to answer the specific worry a contractor brings to RFPScan, and we built the product so the answer is true.

If your RFP is under NDA or a confidential bidder list, please don’t upload it. Use the sample RFP to see how the tool works.