Plain English Summary: Your documents are stored in your private account workspace, are not shared with other users, are not used to train AI models, and are not sold or licensed to third parties. We disclose information only to the vetted service providers needed to operate the platform. You can delete your files at any time.
1. Who We Are
WinRFP AI is a product of AZS Consultants ("we," "us," "our"), an AI and ML consulting company. Contact: info@azsconsultants.com
2. What Data We Collect
- Account information: Name, company, email address, and username provided during registration.
- Uploaded documents: PDFs and DOCX files you upload to the Knowledge Library (capabilities statements, past performance, resumes, pricing docs, certifications).
- RFP content: PDF files you upload for analysis within a session. These are processed in memory and are not permanently stored.
- Usage data: Login timestamps, features used, and session activity for service improvement and security monitoring.
3. Where Your Documents Are Stored
Knowledge Library documents are stored in a private, per-user directory in Amazon S3 (AWS), providing durable, encrypted cloud storage. Each user's files are isolated and cannot be accessed by other users of the platform.
Session-uploaded RFPs (for analysis) are processed in memory and are not written to permanent storage.
Storage reliability: Knowledge Library documents are stored in Amazon S3, providing durable cloud storage that persists independently of application updates or infrastructure changes. We recommend maintaining your own copies of all important documents as a standard business practice.
4. Document Retention
- Knowledge Library documents remain stored until you delete them or close your account.
- You can delete individual files at any time from the Knowledge Library tab in the app.
- To delete your entire account and all associated data, email info@azsconsultants.com. We will process the request within 7 business days.
5. Who Can Access Your Documents
We do not sell or license your documents. We do not share your documents with other users. We disclose information only to authorized service providers, subprocessors, professional advisors, legal authorities when required by law, and other parties described in this Policy.
- You — through your authenticated account only.
- AZS Consultants staff — only for technical support, security investigations, or legal obligations. We do not routinely access user documents.
- Railway (hosting provider) — as infrastructure operators, Railway has technical access to server data. View their privacy policy at railway.app/legal/privacy.
- Anthropic (AI provider) — document content is transmitted to Anthropic's Claude API to generate outputs. Anthropic does not use API inputs or outputs to train their AI models. View their policy at anthropic.com/privacy.
- Amazon Web Services — S3 storage for your Knowledge Library documents. AWS processes data only to provide storage services.
- Stripe — payment processing for paid plans. Stripe receives billing information only; Stripe does not receive your documents or proposal content.
- Google Analytics — aggregate, anonymized visitor analytics on our marketing website (winrfpai.com) only. No document content is shared with Google Analytics.
- Legal authorities — we may disclose information if required by applicable law, court order, or lawful government request.
6. AI Training
We do not use Customer Content to train WinRFP AI models. Our current AI provider (Anthropic) states that API inputs and outputs are not used to train its generative models without customer consent. We require AI processing only for the purpose of providing the Service, subject to applicable provider terms and this Privacy Policy.
7. Classified and Restricted Information
Do not upload: Classified information, Controlled Unclassified Information (CUI), export-controlled material (ITAR/EAR), source-selection information, procurement-sensitive information, restricted government data, protected health information (PHI), payment card data (PCI), Social Security numbers, or third-party confidential information you are not authorized to process. WinRFP AI is designed exclusively for unclassified proposal workflows. You are solely responsible for ensuring that uploaded content complies with applicable classification and handling requirements.
8. Data Security & Infrastructure
- All data is transmitted over HTTPS/TLS encryption.
- User accounts are protected by bcrypt-hashed passwords.
- Per-user file isolation — each account's Knowledge Library is stored in a private, isolated directory. No user can access another user's files.
- Knowledge Library documents are stored in Amazon S3 (AWS) — durable, encrypted cloud storage with 99.999999999% durability. Files persist independently of application deployments.
- Application hosting is provided by Railway, which is SOC 2 Type II certified. View their security documentation at trust.railway.com.
- WinRFP AI is not FedRAMP authorized. Do not use this service for programs requiring FedRAMP authorization or for processing CUI at impact levels requiring FedRAMP compliance.
9. Data Breach Notification
We maintain reasonable technical and organizational measures to protect your information. If we determine that a security incident triggers a legal notification obligation, we will notify affected users or authorities as required by applicable law.
10. Cookies and Analytics
Our marketing website (winrfpai.com) uses Google Analytics to track aggregate visitor behavior (page views, traffic sources, device type). No personally identifiable information is collected via analytics. The application (app.winrfpai.com) uses session cookies for authentication only.
11. Your Rights
- Access: Request a copy of data we hold about you.
- Deletion: Delete files in the app, or request full account deletion by emailing us.
- Correction: Request correction of inaccurate account information.
- Portability: Request an export of your account data.
Depending on your jurisdiction and our legal obligations, you may have additional rights, including the right to opt out of certain processing or to appeal a denied privacy request. To exercise any of these rights, email info@azsconsultants.com.
12. Changes to This Policy
We may update this Privacy Policy as the product evolves. Material changes will be communicated via email to registered users. Continued use of the service after changes constitutes acceptance.