BidPacto

Legal

Data Processing Addendum

This DPA applies when BidPacto processes personal data in Customer Content on behalf of a business customer.

Last updated

Application

This Data Processing Addendum applies when a customer uses BidPacto for business purposes and Customer Content contains personal data that BidPacto processes on the customer's behalf.

For account, billing, fraud-prevention, security, support, and business operations data, BidPacto and Polar may act as independent controllers or businesses under applicable privacy laws.

Roles

  • Customer is the controller or business for Customer Content and determines whether personal data may be uploaded and processed.
  • BidPacto is the processor or service provider for Customer Content processed solely to provide the service.
  • Each party remains responsible for its own compliance obligations under applicable privacy and data protection laws.

Processing Instructions

BidPacto will process Customer Content to provide, secure, maintain, support, troubleshoot, and improve the service; comply with law; enforce agreements; and follow documented customer instructions expressed through the product or written agreement.

If BidPacto believes an instruction violates applicable law or creates material security, legal, or payment risk, it may suspend the processing and request clarification.

Security And Confidentiality

  • BidPacto will use reasonable technical and organizational measures designed to protect Customer Content.
  • Personnel and contractors with access to Customer Content must have a business need and confidentiality obligations.
  • Customer remains responsible for configuring access, choosing what to upload, and reviewing final exports before sharing them externally.

Subprocessors

Customer authorizes BidPacto to use subprocessors listed on the Subprocessors page. BidPacto remains responsible for subprocessors it uses to process Customer Content under this DPA.

Assistance

Taking into account the nature of processing and information available, BidPacto will provide reasonable assistance for data subject requests, security incidents, deletion requests, and data protection assessments where required by applicable law.

Security Incidents

BidPacto will notify affected customers without undue delay after confirming a security incident involving Customer Content, where notification is required by law or contract. Notice may include the nature of the incident, affected data, mitigation steps, and recommended customer actions when known.

Deletion And Return

Upon account closure or written request, BidPacto will delete or return Customer Content within a reasonable period, unless retention is required or permitted for backups, legal obligations, disputes, security, fraud prevention, tax, accounting, or service integrity.

International Transfers

Where international transfer safeguards are required, the parties will use appropriate transfer mechanisms available under applicable law. If EU Standard Contractual Clauses are required and no separate agreement is signed, the parties intend to incorporate the applicable controller-to-processor clauses by reference to the extent legally permitted.

Processing Details

  • Subject matter: operation of BidPacto's RFP response and proposal workspace.
  • Duration: the subscription term plus retention needed for backups, support, legal obligations, security, fraud prevention, and disputes.
  • Data subjects: customer users, customer employees, buyer contacts, references, proposal contributors, and other people included in Customer Content.
  • Data categories: names, emails, titles, business contact details, proposal facts, document text, project metadata, account identifiers, support data, and similar business information.
  • Processing operations: hosting, storage, extraction, retrieval, AI processing, generation, export, authentication, support, logging, security, billing reconciliation, and deletion.

Contact

Questions about this document can be sent to support@bidpacto.com. Privacy requests can be sent to privacy@bidpacto.com. Security reports can be sent to security@bidpacto.com. Legal notices can be sent to legal@bidpacto.com.