HomePrivacy

Privacy Policy

Last updated: 2026-05-18

This Privacy Policy explains how eSourcing Data Ltd collects, uses, shares, and protects personal information in connection with the website at winacontract.com and related services (the "Services"). We comply with the UK General Data Protection Regulation ("UK GDPR"), the EU General Data Protection Regulation ("EU GDPR"), and the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and we offer the rights described below to all users regardless of location.

1. Who We Are

eSourcing Data Ltd is a private limited company incorporated in England and Wales (Company Number 15234891), and is the controller of personal data processed through the Services. You can contact us at info@winacontract.com.

2. Personal Information We Collect

We collect personal information in three ways: directly from you, automatically through your use of the Services, and from authorized third parties.

2.1 Information you provide

  • Identity and contact data: first name, last name, email address, company name, role/title (where supplied).
  • Founding Member purchase data: billing address and country (collected by Stripe on our behalf), customer email, order metadata.
  • Communications: the content of any email, support message, or form submission you send us.
  • Platform usage (post-launch): RFPs, bid drafts, capability content, saved searches, and other content you create through the Platform. Treated as "User Content" under our Terms.

2.2 Information we collect automatically

  • Device and connection data: IP address, browser type and version, operating system, language, time zone.
  • Usage data: pages visited, referring URL, timestamps, basic interaction metadata.
  • Payment metadata: the last four digits of a card, card brand, expiry month/year, and a Stripe identifier. We do not see or store full card numbers, security codes, or full bank account details — those are held directly by Stripe.

2.3 Information from third parties

We may receive personal information from our payment processor (Stripe), our email sender (Resend), our hosting provider (Render), our CDN provider, and from publicly available business sources where you have voluntarily made information public.

3. Why We Use Personal Information

  • To provide, operate, and maintain the Services.
  • To process Founding Member purchases, send receipts, and manage your membership.
  • To respond to your support requests and other communications.
  • For fraud prevention, security monitoring, and protection of our legal rights and those of our users.
  • To comply with legal, tax, accounting, and regulatory obligations.
  • To send service announcements (required) and, where you have opted in, marketing communications.
  • To improve the Services through aggregate, de-identified analytics.

4. Lawful Bases (UK/EU GDPR)

  • Contract performance — to deliver the Services and the Founding Membership you purchased.
  • Legitimate interests — to run, secure, and improve our business, where those interests are not overridden by your fundamental rights.
  • Consent — for optional marketing communications and any cookies that are not strictly necessary.
  • Legal obligation — to comply with tax, anti-money-laundering, accounting, and other statutory duties.

5. Categories of Recipients

We share personal information with the following categories of recipients, each acting as a processor (or, where required, joint controller) under appropriate contractual terms:

  • Stripe — payments and tax calculation.
  • Resend — transactional and (opt-in) marketing email delivery.
  • Render — application hosting.
  • Vercel and/or Cloudflare — content delivery, edge caching, and DDoS protection.
  • Professional advisers — auditors, lawyers, accountants, where relevant and under duties of confidentiality.
  • Authorities — where required by valid legal process or to protect rights, safety, and property.

A current list of subprocessors is maintained at our /subprocessors page (in preparation; available on request before that page is live by emailing us). We do not sell, rent, or share personal information for cross-context behavioral advertising. We do not engage in "sharing" as that term is defined under the CCPA/CPRA.

6. International Data Transfers

We are based in the United Kingdom and our service providers operate in the United States, the European Union, and elsewhere. Where personal information is transferred outside the UK or EEA to a country not deemed to provide an adequate level of protection, we rely on appropriate safeguards including the UK International Data Transfer Agreement ("IDTA"), the UK Addendum to the EU Standard Contractual Clauses, and the EU Standard Contractual Clauses, as applicable. You may request a copy of these safeguards by emailing us.

7. Data Retention

  • Account and subscription data — for the duration of your relationship with us plus seven (7) years thereafter to meet UK tax and accounting requirements.
  • Waitlist signups — until you ask us to delete them, or until they become inactive for an extended period.
  • Marketing opt-ins — until you withdraw consent or unsubscribe.
  • Backups and logs — for up to 90 days, then deleted on standard rotation.
  • Legal hold — any of the above may be retained longer where required for a live legal claim.

8. Your Rights (UK and EU)

Subject to applicable law, you have the right to:

  • Access the personal information we hold about you.
  • Have inaccurate information corrected (rectification).
  • Have your personal information deleted (erasure / "right to be forgotten") in defined circumstances.
  • Restrict our processing of your personal information.
  • Receive your personal information in a portable, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority in the EU/EEA.

9. Your Rights (California — CCPA/CPRA)

If you are a California resident, you have additional rights:

  • Right to know what personal information we have collected, used, disclosed, and shared about you.
  • Right to delete personal information, subject to legal exceptions.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — we do not sell or "share" personal information as those terms are defined, and you do not need to take action.
  • Right to limit use of sensitive personal information — we do not use sensitive personal information for inferring characteristics about you.
  • Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email info@winacontract.com. We may need to verify your identity before responding.

10. Cookies and Similar Technologies

The Site presently uses only strictly necessary cookies and storage required for site operation (e.g., session continuity, security tokens). We do not use advertising or cross-context tracking cookies at this time. If and when we add analytics or other non-essential cookies, we will display a compliant cookie banner and obtain consent where required.

11. Children

The Services are directed at businesses and government-contracting professionals. They are not directed at children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal information, please contact us and we will delete it.

12. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, alteration, disclosure, and destruction. No method of transmission or storage is fully secure, and we cannot guarantee absolute security. Payment card data is handled exclusively by Stripe, a PCI-DSS Level 1 service provider.

13. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes affecting how we handle existing personal information, we will provide at least thirty (30) days' advance notice by email to active members and a prominent notice on the Site.

14. Contact for Privacy Requests

To exercise any right, ask a question, or raise a concern about how we handle your personal information, email info@winacontract.com. We respond to verified requests within 30 days (and may extend by an additional 30 days where reasonably necessary, in which case we will inform you within the first 30 days). See also our Terms of Service and Refund Policy.

Continue exploring

Where to next?

Homepage

← Back to homepage

The WinAContract overview — platform, pricing, coverage, FAQs.

Founding 200 · limited

Claim a founding seat — only 13 remain

$999 once. Year 1 free at launch. 50% off forever. Refundable any time before launch.

Reserve my seat →Coverage

Browse all coverage

Every federal agency, state portal, and solicitation type we cover at launch.

Join the US waitlist

Be first in line for the WinAContract US launch in Q3 2026. 2,866 businesses already registered.

Reserve your spot