Privacy, written for RFPScan.

• The PDF you upload , only if you choose to upload one. (Use the sample RFP if you don’t want to upload anything.)
• Your email - if you enter it, or if you arrived through a personalized link we sent you.
• Basic visit metadata , standard request data (IP address, user agent, timestamps) used to operate the site and stop abuse.

We send it to Google Gemini, which reads it and returns a structured list of requirements. We render that list into a branded PDF and hand it back to you. Then we delete it.

Your uploaded file and the extracted output are permanently deleted within 60 seconds of generating your summary. The result page shows you the exact deletion time, in Pacific Time, as evidence, not a promise, a receipt.

• We don’t link your upload to your identity. This is built into the architecture, not just a policy. Your identity (email, the link you clicked) is stored under one id. The file you upload is processed under a separate, randomly generated id that has no column, key, or join connecting it back to you. Even with full access to our database, we could not tell you which RFP any given person uploaded. We designed it that way on purpose.
• We don’t profile contractors or build a dossier on your bidding.
• We don’t sell competitive intelligence. We will never sell, rent, or hand another contractor information about what you’re bidding.
• We don’t share your uploaded content with anyone except Google Gemini, for the few seconds it takes to analyze the file.

Google, and no one else. Your PDF passes to Google’s Gemini API for the brief processing window. We do not use your file to train any model, and we ask Google not to either. See Google’s data policy for the Gemini API. Beyond Google, no third party receives your RFP or its contents.

• Your email / name (if you provided them): retained for up to 90 days of inactivity, then automatically purged.
• Upload session metadata: each scan creates a throwaway record, a random id, the file’s storage path, and timestamps, with no link to you and nothing about the file’s contents. The file itself is gone within 60 seconds; this minimal record exists only as a cleanup safety net and is cleared shortly after.
• The requirements we extract are never stored on our servers. They live only in your browser and the PDF you download.

You can ask us to delete the record tied to your email at any time. Email privacy@bidshelf.com and we’ll remove it and confirm. (We can act on your email record. We can’t retrieve an uploaded RFP for you, by design, it’s already gone and was never tied to you.)

Construction is competitive. Bidder lists are sometimes confidential. Handing your solicitation to an unfamiliar tool is a real trust decision, and a boilerplate policy that could describe any website doesn’t earn that trust. We wrote this one to answer the specific worry a contractor brings to RFPScan, and we built the product so the answer is true.

If your RFP is under NDA or a confidential bidder list, please don’t upload it. Use the sample RFP to see how the tool works.