Privacy Policy

1. Introduction

Complivex (“we,” “us,” or “our”) operates the Complivex platform at complivex.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using Complivex, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect information provided by your authentication provider, including your name, email address, and profile image. Authentication is handled by Clerk, a third-party identity provider.

2.2 RFP Content

We collect the information you provide during the RFP creation process, including procurement descriptions, responses to intake questions, company names, contact information, logos, and any content you enter into the RFP editor. This data is stored in our database to provide the service.

2.3 AI Processing Data

Your intake conversation messages and RFP descriptions are sent to Anthropic's API for processing by AI models. This data is used to generate your RFP document. Anthropic processes this data according to their own privacy policy and commercial terms, which do not permit use of your data for model training.

2.4 Usage Analytics

We use PostHog to collect anonymized usage analytics, including page views, feature usage events, and general interaction patterns. This data helps us improve the product. We do not track identified users unless they have created an account and are actively using the service.

2.5 Automatically Collected Information

When you access Complivex, we may automatically collect certain information including your IP address, browser type, operating system, referring URLs, and access times. This information is collected through standard web server logs and analytics tools.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Complivex platform
• Generate RFP documents based on your input
• Authenticate your account and manage your sessions
• Store and retrieve your RFP documents
• Generate shareable links and PDF exports at your request
• Analyze usage patterns to improve our service
• Send service-related communications (e.g., account verification)
• Develop new features, products, and services
• Provide recommendations, insights, or suggestions related to procurement (current or future)

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party service providers that help us operate the platform, including Anthropic (AI processing), Clerk (authentication), Supabase (data storage), PostHog (analytics), and Vercel (hosting). These providers are contractually obligated to protect your data and use it only for the purposes of providing their services to us.

4.2 Shared RFP Links

When you generate a shareable link for an RFP, the content of that RFP becomes accessible to anyone with the link. You control whether to generate a share link, and shared links can be identified by the /p/ URL path. Shared RFP pages are marked as noindex to prevent search engine indexing.

4.3 Affiliates and Partners

We may share aggregated, anonymized data with affiliates or business partners to provide you with relevant vendor recommendations, procurement insights, or related services. We will not share personally identifiable RFP content with third parties for marketing purposes without your explicit consent.

4.4 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.5 Business Transfers

In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our service of any change in ownership.

5. Data Storage and Security

Your data is stored on servers provided by Supabase (database and file storage) and Vercel (application hosting), both of which use industry-standard security practices including encryption at rest and in transit. While we implement commercially reasonable security measures, no method of electronic storage or transmission is 100% secure.

6. Data Retention

We retain your RFP data and account information for as long as your account is active or as needed to provide the service. You may request deletion of your account and associated data by contacting us. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Request portability of your data
• Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@complivex.com.

8. Cookies and Tracking

Complivex uses essential cookies for authentication and session management. Our analytics provider (PostHog) may set cookies to distinguish unique users and sessions. We do not use cookies for advertising purposes.

9. Children's Privacy

Complivex is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete that information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at privacy@complivex.com.