Privacy Policy

1. Introduction

CWM Strategies, LLC ("we," "us," or "our") operates cwRFP (the "Service"), an AI-powered RFP response platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at cwrfp.com.

By accessing or using cwRFP, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

---

2. Information We Collect

2.1 Information You Provide to Us

Account Information:

• Name, email address, password
• Organization name and details
• Job title and role within your organization

Content You Create:

• Questions and answers you enter into the platform
• Documents you upload (Q&As from past RFP responses, supporting documents)
• Usage logs and activity within your account

2.2 Information Automatically Collected

Usage Data:

• Log data (IP address, browser type, pages visited)
• Device information (operating system, device identifiers)
• Analytics data (features used, time spent, actions taken)

Cookies and Similar Technologies:

• We use cookies and local storage to maintain your session and improve user experience
• You can control cookie preferences through your browser settings

---

3. How We Use Your Information

We use the information we collect for the following purposes:

Service Delivery:

• Provide, maintain, and improve the cwRFP platform
• Process and store your RFP questions, answers, and documents
• Generate AI-powered responses using Google Gemini API
• Enable search and retrieval of your organizational knowledge

Account Management:

• Create and manage your user account
• Authenticate users and maintain security
• Provide customer support and respond to inquiries
• Send important service updates and notifications

Business Operations:

• Monitor usage for billing purposes
• Analyze platform performance and user behavior
• Detect and prevent fraud, abuse, or security issues
• Comply with legal obligations

AI Processing:

• Your content (questions, answers, documents) is processed by Google Gemini AI to generate responses
• Google does not use your data to train AI models under our paid API agreement
• AI processing is performed solely to deliver the Service to you

---

4. How We Share Your Information

4.1 Service Providers

We share information with trusted third-party service providers who assist in operating our Service:

Google Cloud Platform / Firebase:

• Database hosting (Firestore) - Data stored in us-east4 (South Carolina)
• User authentication (Firebase Auth)
• File storage (Cloud Storage)
• Infrastructure services

Google Gemini API:

• AI-powered answer generation and document processing
• Google does not use your data for model training

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies).

4.3 Business Transfers

If CWM Strategies, LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will provide notice before your information becomes subject to a different privacy policy.

4.4 What We Do NOT Share

• We do NOT sell your personal information to third parties
• We do NOT share your organizational data with other cwRFP customers
• We do NOT use your data for advertising purposes
• Your Q&A library and documents remain completely private to your organization

---

5. Data Security

We implement enterprise-grade security measures to protect your information:

Technical Safeguards:

• AES-256 encryption for data at rest
• TLS encryption for data in transit
• Multi-tenant data isolation (your data is separated from other organizations)
• Role-based access controls within your organization
• Regular automated backups

Infrastructure Security:

• Hosted on Google Cloud Platform's SOC 2 Type II certified infrastructure
• 99.9% uptime SLA
• Comprehensive audit logging of all data access

Authentication:

• Secure password requirements
• Firebase Authentication for user management
• Session management and token-based security

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

---

6. Data Retention and Deletion

Active Data:

• We retain your account information and content for as long as your account is active

Deleted Data:

• When you delete Q&As or documents, they are permanently removed from our database
• Deleted data is not recoverable
• Deleted data may persist in automated backups for up to 30 days before being purged

Account Closure:

• If you close your account, we will delete your personal information within 90 days
• We may retain certain information as required by law or for legitimate business purposes (e.g., billing records, audit logs)

Your Right to Request Deletion:

• You may request deletion of your data at any time by contacting mickey@cwmstrategies.com
• We will respond to deletion requests within 30 days

---

7. Your Data Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request a machine-readable export of your data
• Objection: Object to our processing of your personal information
• Restriction: Request restriction of processing in certain circumstances

To exercise these rights, contact us at mickey@cwmstrategies.com. We will respond to your request within 30 days.

---

8. International Data Transfers

Your information is stored and processed in the United States (us-east4 / South Carolina region). If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States where our servers are located.

By using the Service, you consent to the transfer of your information to the United States and the processing of that information as described in this Privacy Policy.

---

9. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at mickey@cwmstrategies.com, and we will delete such information.

---

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect, use, disclose, and sell
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (Note: we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at mickey@cwmstrategies.com.

---

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

Legal Basis for Processing:

• Contract performance (to provide the Service)
• Legitimate interests (to improve and secure the Service)
• Consent (where required)

Data Protection Officer:
For GDPR inquiries, contact mickey@cwmstrategies.com

Supervisory Authority:
You have the right to lodge a complaint with your local data protection authority

---

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending an email notification (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

---

13. Contact Us