Privacy Policy

Last updated: 16 July 2026

1. Who we are

FindWell is an automated public procurement monitoring service operated by Dani Boross, trading as FindWell, a sole proprietorship (eenmanszaak) registered in the Netherlands. For the purposes of the EU General Data Protection Regulation (GDPR), FindWell is the data controller for the personal data described in this policy.

  • Chamber of Commerce (KVK): 92838812
  • Address: Van Vollenhovenstraat 3, apt 213, 3016 BE Rotterdam, Netherlands
  • Privacy enquiries: privacy@findwell.eu

2. Data we collect

We collect and process the following personal data:

  • Account data: your name, email address, and company name.
  • Profile data: your industry profile, monitoring keywords, selected CPV categories, target contract-value ranges, and email schedule preferences.
  • Website content: when you provide your company website, we retrieve and analyse its public content to pre-fill your company profile.
  • Application data: your monitoring rules, saved tenders, action-plan tasks, invited team members, and comments.
  • Billing data: your subscription and billing details, processed directly by our payment provider (see section 8); card data never reaches FindWell.
  • Technical data: when you use the dashboard we log request metadata (IP address, timestamp) for security purposes.

3. How we use your data and our legal basis

We use your data solely to deliver the service: matching tenders to your monitoring rules, generating analyses of tenders you choose to analyse, and sending your digests and notifications. Under the GDPR we process your personal data on the following legal bases:

  • Performance of a contract — to provide the service you have signed up for (matching, analysis, digests, account management).
  • Legitimate interests — to keep the service secure, prevent abuse, and improve the product.
  • Consent — where applicable, for any optional communications you opt into.

We do not use your keywords, industry profile, or company data to train machine-learning models. We do not sell your personal data, and we do not share it with third parties for their own purposes. To operate the service we rely only on the sub-processors listed in section 8, who process data solely on our instructions.

4. Data storage and security

All personal data is stored in a Postgres database hosted by Supabase (AWS eu-central-1, Frankfurt, Germany) — an EU jurisdiction. Data is encrypted at rest and in transit (TLS 1.2+). Access is restricted to the application’s authenticated service processes.

5. Retention

We retain your account data for as long as your account is active. Within 30 days of account closure or deletion, your personal data is deleted. Aggregated, anonymised tender statistics that do not identify you may be retained indefinitely for our insights and research pages.

6. Your rights (GDPR)

You have the right to access, rectify, or erase your personal data; the right to restrict processing; the right to object to processing; and the right to data portability. To exercise any of these rights, email privacy@findwell.eu. You also have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or with the supervisory authority in your country of residence.

7. Cookies

We do not use advertising or tracking cookies. The application uses only essential authentication cookies (secure, HTTP-only), set by us and by our authentication provider, Clerk, and required to keep you logged in. No third-party analytics or advertising scripts are loaded on any page.

8. Sub-processors

To operate the service we use the following sub-processors, each bound by a data processing agreement and processing personal data only on our instructions. We notify active users by email of any new sub-processor at least 14 days in advance so that you may object.

  • Supabase — database hosting (AWS eu-central-1, Frankfurt, EU). Stores all account and application data: your email, name, company and industry profile, monitoring rules, saved tenders, action-plan tasks, invited team members, and comments.
  • Vercel — web application hosting. Processes HTTP request data (IP address, session) in transit while you use the app.
  • Railway — background worker and analysis infrastructure. Runs tender scoring and on-demand analysis; processes your monitoring rules and, for the readiness and action-plan features, your company profile.
  • Clerk — authentication. Manages your login identity: name, email, and session.
  • Stripe — payment processing. Handles your billing details and subscription; card data is processed by Stripe directly and never reaches FindWell.
  • Resend — transactional email. Sends your digests and notifications to your email address.
  • OpenAI — AI analysis. Receives tender document text and, for the readiness and action-plan features, your company profile (for example, which certifications you hold) to generate your analysis. Per OpenAI’s API terms, your data is not used to train their models.

8a. International data transfers

Some of our sub-processors process personal data outside the European Economic Area (EEA), primarily in the United States: Clerk, Stripe, Resend, Vercel, Railway, and OpenAI. Where personal data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the transfer safeguard, as incorporated into each provider’s data processing agreement. Supabase, our primary data store, hosts your data within the EU (Frankfurt, Germany).

9. Changes to this policy

We will notify active users by email of material changes to this policy at least 14 days in advance. The current version is always available at /privacy.