Ruthless Evaluator
Stress-test your proposal. No mercy, just metrics.
Get started
FeaturesHow it worksSecurityFAQPricingBlogContact
Legal

Privacy Policy

Last updated: April 1, 2026

1. Identity of the Controller

Koncentriq Innovation Consulting, S.L., incorporated in Spain, acts as Data Controller for account, subscription, and website data.

Contact email: [email protected]

2. Applicable Legal Framework

Personal data is processed in accordance with:

  • Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR)
  • Spanish Organic Law 3/2018 (LOPDGDD)
  • Ley 34/2002 de Servicios de la Sociedad de la Información (LSSI-CE)

3. Roles Under GDPR

For account management and subscription data, the Company acts as Data Controller under Article 4(7) GDPR.

For proposal content uploaded by customers, the Company acts as Data Processor under Article 4(8) GDPR, processing data exclusively on documented instructions of the customer.

4. Categories of Personal Data

  • Account data (name, email, organisation)
  • Billing and subscription data
  • Technical metadata (IP address, access logs)
  • Proposal content submitted by users may contain personal data such as names, roles, affiliations, and contact details
  • The service does not intentionally collect special categories of personal data

5. Legal Bases for Processing (Article 6 GDPR)

  • Article 6(1)(b) – Performance of a contract
  • Article 6(1)(f) – Legitimate interests in securing and operating the platform
  • Article 6(1)(c) – Compliance with legal obligations where applicable

6. Automated Processing and Article 22 GDPR

The platform performs automated analytical processing of proposal content.

Outputs do not produce legal or similarly significant effects within the meaning of Article 22 GDPR. Final funding decisions are made exclusively by human evaluators external to the platform.

7. Data Retention

  • Proposal drafts are deleted after evaluation completion.
  • Structured evaluation outputs and limited technical metadata are retained for the duration of the contractual relationship and until deletion by the customer.
  • Billing data is retained in accordance with Spanish tax legislation.

8. Infrastructure and Data Location

Core application hosting and database infrastructure are located in Frankfurt, Germany.

Certain processing activities related to language model functionality are carried out by a subprocessor operating global infrastructure.

9. Security Measures (Article 32 GDPR)

  • Encrypted communications (HTTPS/TLS)
  • Access controls and authentication mechanisms
  • Logical environment separation
  • Data minimisation principles
  • Organisational confidentiality commitments

We apply appropriate technical and organisational measures in line with Article 32 GDPR, taking into account the nature, scope, context, and purposes of processing.

10. Subprocessors

The Company may use infrastructure and service providers located within the European Economic Area and language processing providers operating global infrastructure.

Subprocessors are subject to written obligations consistent with Article 28 GDPR.

11. International Transfers

Personal data may be processed outside the European Economic Area where required for the provision of language processing functionality.

Any transfer of personal data outside the European Economic Area is subject to appropriate safeguards in accordance with Chapter V GDPR, including the European Commission Standard Contractual Clauses or another legally recognised transfer mechanism.

Architectural safeguards are applied, including encrypted transmission, transient processing design, and absence of content logging by the language processing subprocessor.

12. Data Subject Rights (Articles 15–22 GDPR)

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent where applicable

Requests may be directed to [email protected].

13. Right to Lodge a Complaint

Data subjects may lodge a complaint with the Spanish Data Protection Authority (Agencia Española de Protección de Datos – AEPD) or another competent EU supervisory authority.

14. Data Breach Notification

In the event of a personal data breach, the Company will act in accordance with Articles 33 and 34 GDPR.

15. Cookies and Tracking Technologies

The platform uses cookies and similar technologies.

  • Essential cookies are used to enable core site functions and security features.
  • Analytics cookies are optional and disabled by default. Where enabled by the user, analytics cookies help us understand usage and improve the product.

Cookie preferences can be adjusted through the cookie settings interface available on the website.

16. Record of Processing Activities

The Company maintains an internal Record of Processing Activities pursuant to Article 30 GDPR.

Cookies

We use essential cookies to make the site work. Optional cookies, such as analytics, are disabled by default. You can accept, reject, or configure your preferences.

See: Privacy Policy