Privacy Policy

1. Introduction

This Privacy Policy ("Policy") describes how Spiketech Enterprise Private Limited ("SpikeCore AI," "we," "us," or "our"), a company incorporated under the laws of India with its registered office at C30, C Block, Sector 63, Noida, Gautam Buddha Nagar, Uttar Pradesh, India 201301, collects, uses, stores, processes, and protects your personal information when you use our AI-powered tender response platform and related services (collectively, the "Services").

By accessing or using the Services, you consent to the collection and use of your information in accordance with this Policy. If you do not agree with this Policy, please do not use the Services.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect your full name, email address, phone number (optional), organization name, job title, and login credentials. If you sign up via a third-party authentication provider (e.g., Google OAuth), we receive your name and email address from that provider.

2.2 Organization and Team Data

We collect information about your organization including company name, industry, size, and geographic location. When you invite team members, we collect their email addresses to facilitate access to your organization's workspace.

2.3 Documents and Content

When you upload documents to the platform (RFPs, capability statements, past project details, certifications, case studies, financial records, and other knowledge base materials), we store and process these documents to provide the Services. This includes extracting text content, generating vector embeddings for semantic search, and optionally performing AI-powered visual analysis of document pages (diagrams, charts, schematics).

2.4 Usage and Analytics Data

We automatically collect information about how you interact with the Services, including pages visited, features used, search queries, AI-generated responses viewed, session duration, browser type and version, device type, operating system, and IP address. We use this data to improve the Services and troubleshoot issues.

2.5 Payment Information

When you subscribe to a paid plan, payment processing is handled by our third-party payment processors — Razorpay (for India-based transactions) and PayPal (for international transactions). We do not directly store your credit card numbers, bank account details, or UPI IDs. Our payment processors may share with us limited information such as your billing name, email, payment status, subscription ID, and transaction history.

2.6 Communication Data

When you contact us through our contact form, email, or support channels, we collect the content of your communications, your contact details, and any attachments you provide.

2.7 Location Data

We infer your approximate geographic location from your IP address to determine applicable jurisdiction-specific features (e.g., payment gateway routing, compliance frameworks). We do not collect precise GPS-based location data.

3. How We Use Your Information

We use the information we collect to: provide, maintain, and improve the Services; process your documents through our AI-powered ingestion pipeline (text extraction, vision analysis, embedding generation, and semantic search indexing); generate AI-assisted tender responses based on your knowledge base and uploaded RFPs; process payments and manage subscriptions; send you service-related communications including onboarding emails, usage alerts, and billing notifications; respond to your inquiries and provide customer support; detect, prevent, and address technical issues and security threats; comply with legal obligations under applicable laws; and analyze aggregate usage patterns to improve the platform.

4. AI Processing of Your Documents

Our platform uses artificial intelligence to process your documents. This involves sending document content to third-party AI service providers (currently Anthropic and OpenAI) for text extraction, analysis, embedding generation, and response generation. Your document content is transmitted to these providers solely for the purpose of delivering the Services to you.

We use API-based access to these AI services, which means your data is processed in real-time and is not used by these providers to train their models. We contractually require our AI service providers to maintain confidentiality and not retain your data beyond what is necessary to process the request.

AI-generated outputs (e.g., tender responses, document summaries) are provided as suggestions and should always be reviewed by qualified human personnel before submission. We do not guarantee the accuracy, completeness, or compliance of AI-generated content.

5. Data Storage and Security

Your data is stored on secure cloud infrastructure. We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, regular security audits, and automated file scanning for malware detection. Uploaded documents undergo security scanning before processing.

Document embeddings (vector representations of your content used for semantic search) are stored in a secured PostgreSQL database with the pgvector extension. These embeddings are mathematical representations and cannot be reverse-engineered to reconstruct your original documents.

While we take reasonable measures to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information with: third-party AI service providers (Anthropic, OpenAI) for document processing as described in Section 4; payment processors (Razorpay, PayPal) for transaction processing; cloud infrastructure providers for hosting and storage; email service providers for transactional communications; analytics providers for usage analysis (in anonymized or aggregated form); and law enforcement or regulatory authorities when required by applicable law or in response to valid legal process.

All third-party service providers are contractually obligated to protect your data and use it only for the purposes for which it was shared.

7. International Data Transfers

As we serve users globally, your information may be transferred to and processed in countries other than your country of residence. In particular, AI processing may involve data transfer to servers located in the United States (where our AI service providers operate). We take appropriate safeguards to ensure that your data receives an adequate level of protection regardless of where it is processed.

For users in India, cross-border data transfers are conducted in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and any rules notified thereunder. We will not transfer personal data to any country restricted by the Central Government of India under Section 16(1) of the DPDP Act.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and analyze usage patterns. Essential cookies are required for the Services to function and cannot be disabled. Analytics cookies help us understand how the Services are used and are collected in anonymized form. You can manage cookie preferences through your browser settings, though disabling essential cookies may impair functionality.

9. Data Retention

We retain your account information for as long as your account is active or as needed to provide the Services. Uploaded documents and their processed derivatives (chunks, embeddings) are retained until you delete them or close your account. Soft-deleted documents are permanently purged within 90 days. Payment records are retained as required by applicable tax and financial regulations. Usage logs and analytics data are retained in anonymized form for up to 24 months.

10. Your Rights

10.1 All Users

Regardless of your location, you have the right to: access the personal information we hold about you; correct inaccurate or incomplete personal information; delete your account and associated data; export your uploaded documents; withdraw consent for optional data processing; and object to processing of your data for purposes beyond service delivery.

10.2 Indian Users — DPDP Act, 2023

If you are a resident of India, you are a "Data Principal" under the Digital Personal Data Protection Act, 2023 (DPDP Act). In addition to the rights above, you have the right to: nominate another individual to exercise your rights in the event of your death or incapacity; obtain information about the personal data we process and the processing activities; and lodge a grievance with our Grievance Officer or, if unresolved, with the Data Protection Board of India.

We act as a "Data Fiduciary" under the DPDP Act and process your personal data based on your consent or for legitimate uses as permitted under the Act.

10.3 US Users

If you are a resident of California, Virginia, Colorado, Connecticut, Utah, or other states with comprehensive privacy legislation, you may have additional rights including the right to know what personal information is collected, the right to delete, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at the details provided in Section 14.

10.4 EEA/UK Users

If you are located in the European Economic Area or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR, including the right to data portability, the right to restrict processing, and the right to lodge a complaint with your local data protection authority.

11. Children's Privacy

The Services are designed for business use and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete such information promptly.

12. Third-Party Links

The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on this page with a revised "Last updated" date, and where required by law, by sending you an email notification. Your continued use of the Services after such changes constitutes acceptance of the updated Policy.

14. Contact Us

If you have questions about this Policy or wish to exercise your data rights, please contact us at:

Grievance Officer (for Indian users under the DPDP Act): For any grievances related to processing of your personal data, please write to our Grievance Officer at contactus@spikecore.ai. We will acknowledge your grievance within 48 hours and aim to resolve it within 30 days.