Last updated: 16 July 2026
FindWell is an automated public procurement monitoring service operated by Dani Boross, trading as FindWell, a sole proprietorship (eenmanszaak) registered in the Netherlands. For the purposes of the EU General Data Protection Regulation (GDPR), FindWell is the data controller for the personal data described in this policy.
We collect and process the following personal data:
We use your data solely to deliver the service: matching tenders to your monitoring rules, generating analyses of tenders you choose to analyse, and sending your digests and notifications. Under the GDPR we process your personal data on the following legal bases:
We do not use your keywords, industry profile, or company data to train machine-learning models. We do not sell your personal data, and we do not share it with third parties for their own purposes. To operate the service we rely only on the sub-processors listed in section 8, who process data solely on our instructions.
All personal data is stored in a Postgres database hosted by Supabase (AWS eu-central-1, Frankfurt, Germany) — an EU jurisdiction. Data is encrypted at rest and in transit (TLS 1.2+). Access is restricted to the application’s authenticated service processes.
We retain your account data for as long as your account is active. Within 30 days of account closure or deletion, your personal data is deleted. Aggregated, anonymised tender statistics that do not identify you may be retained indefinitely for our insights and research pages.
You have the right to access, rectify, or erase your personal data; the right to restrict processing; the right to object to processing; and the right to data portability. To exercise any of these rights, email privacy@findwell.eu. You also have the right to lodge a complaint with the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens (autoriteitpersoonsgegevens.nl), or with the supervisory authority in your country of residence.
We do not use advertising or tracking cookies. The application uses only essential authentication cookies (secure, HTTP-only), set by us and by our authentication provider, Clerk, and required to keep you logged in. No third-party analytics or advertising scripts are loaded on any page.
To operate the service we use the following sub-processors, each bound by a data processing agreement and processing personal data only on our instructions. We notify active users by email of any new sub-processor at least 14 days in advance so that you may object.
Some of our sub-processors process personal data outside the European Economic Area (EEA), primarily in the United States: Clerk, Stripe, Resend, Vercel, Railway, and OpenAI. Where personal data is transferred outside the EEA, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the transfer safeguard, as incorporated into each provider’s data processing agreement. Supabase, our primary data store, hosts your data within the EU (Frankfurt, Germany).
We will notify active users by email of material changes to this policy at least 14 days in advance. The current version is always available at /privacy.