Privacy Policy
Last updated: April 2026
1. Who We Are
WULFRN is a defense procurement intelligence platform. This policy explains how we collect, use, and protect your data.
2. Data We Collect
Account data: Email address, password (hashed), company profile information you provide (company name, country, capabilities, certifications).
Usage data: Pages visited, searches performed, tenders viewed, features used. Collected via Vercel Analytics (privacy-friendly, no cookies for analytics).
Payment data: Processed by Stripe. We do not store credit card numbers. Stripe may store your payment method and billing address per their privacy policy.
Cookies: We use essential cookies only — for authentication (Supabase session tokens) and a cookie consent preference. No third-party tracking cookies.
Usage data: Pages visited, searches performed, tenders viewed, features used. Collected via Vercel Analytics (privacy-friendly, no cookies for analytics).
Payment data: Processed by Stripe. We do not store credit card numbers. Stripe may store your payment method and billing address per their privacy policy.
Cookies: We use essential cookies only — for authentication (Supabase session tokens) and a cookie consent preference. No third-party tracking cookies.
3. How We Use Your Data
We use your data to: (a) provide and personalize the Service; (b) send alerts and digest emails you opted into; (c) process payments; (d) improve the platform based on aggregate usage patterns; (e) communicate about your account and service changes.
4. Data Storage and Processing
Database: Supabase (PostgreSQL), hosted in AWS EU (Frankfurt). All user data is stored in the EU.
Authentication: Supabase Auth with email/password. Passwords are hashed with bcrypt.
Payments: Stripe (PCI DSS Level 1 compliant).
Email: Resend for transactional and digest emails.
Hosting: Vercel (edge network with EU primary region).
AI processing: Tender summaries and classifications are generated using OpenAI. Only public tender text is sent to OpenAI — never your personal data.
Authentication: Supabase Auth with email/password. Passwords are hashed with bcrypt.
Payments: Stripe (PCI DSS Level 1 compliant).
Email: Resend for transactional and digest emails.
Hosting: Vercel (edge network with EU primary region).
AI processing: Tender summaries and classifications are generated using OpenAI. Only public tender text is sent to OpenAI — never your personal data.
5. Data Sharing
We do not sell your data. We share data only with: (a) service providers listed above (Supabase, Stripe, Resend, Vercel, OpenAI) as necessary to operate the Service; (b) law enforcement when legally required.
6. Your Rights (GDPR)
If you are in the EEA, you have the right to: (a) access your personal data; (b) correct inaccurate data; (c) request deletion of your data; (d) export your data in a portable format; (e) withdraw consent for marketing emails; (f) lodge a complaint with your local data protection authority.
To exercise these rights, email privacy@wulfrn.com. We will respond within 30 days.
To exercise these rights, email privacy@wulfrn.com. We will respond within 30 days.
7. Data Retention
Account data is retained while your account is active. After account deletion, personal data is permanently removed within 30 days. Anonymized usage statistics may be retained indefinitely. Email sequence records are deleted 90 days after completion.
8. Security
We implement industry-standard security measures: encrypted connections (TLS), hashed passwords, Row Level Security on all database tables, and regular security updates. We use a service key architecture that separates admin and user access.
9. Children
The Service is not intended for users under 18. We do not knowingly collect data from minors.
10. Changes
We may update this policy. Material changes will be communicated via email to registered users.
11. Contact
Data protection inquiries: privacy@wulfrn.com