Last updated: May 21, 2026
Reyda.ai ("Reyda", "we", "us", or "our") provides software that helps companies discover, assess, and respond to public procurement opportunities. We process personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other applicable data protection laws.
For the personal data described in this Privacy Policy, the controller is:
Reyda.ai
Friedrichstr. 155
10117 Berlin, Germany
Contact: [email protected]
This Privacy Policy applies when you:
If you use Reyda on behalf of an organisation, that organisation controls the personal data it chooses to upload, submit, or otherwise process through the platform. For that customer-controlled content, Reyda generally acts as a processor under our agreement with that organisation and processes the data only to provide the requested services and follow documented instructions.
We process information such as your name, email address, organisation, role, account settings, authentication data, team membership, invitations, and access permissions. We use this data to create and manage accounts, authenticate users, administer teams, provide the platform, communicate service updates, and keep the service secure.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR), legitimate interests in operating and securing the service (Art. 6(1)(f) GDPR), and legal obligations where applicable (Art. 6(1)(c) GDPR).
You or your organisation may provide company profile information, procurement preferences, capabilities, certifications, past experience, contacts, and related business information. We use this data to configure your workspace, match opportunities, support tender analysis, and personalise platform outputs.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legitimate interests in providing and improving the service (Art. 6(1)(f) GDPR).
You may upload or create documents, tender materials, company documents, proposal drafts, comments, bid-room content, form responses, and other workspace content. These materials may contain personal data depending on what you or your organisation include.
We process this content to provide the features you request, such as document storage, extraction, summarisation, search, drafting, compliance checks, collaboration, and AI-assisted functionality. Where AI-assisted features are used, relevant workspace content and instructions are processed as needed to generate the requested result.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR). Where Reyda processes this data on behalf of your organisation, Reyda does so as a processor under the applicable data processing agreement.
We process product usage data such as pages viewed, features used, event names, event properties, device and browser information, approximate location derived from technical data, timestamps, and identifiers associated with your account or session. For logged-in users, analytics may be associated with account information such as user ID, email, organisation ID, role, and name.
We use this data to understand how the website and dashboard are used, improve usability, diagnose issues, measure feature adoption, maintain security, and prioritise product improvements.
Legal basis: legitimate interests for product and security analytics (Art. 6(1)(f) GDPR). Where required, we ask for consent for non-essential cookies or similar technologies (Art. 6(1)(a) GDPR).
If you contact us, we process your contact details and the content of your message. This may include email, support requests, sales enquiries, feedback, security reports, and related correspondence. We use this data to respond to you, provide support, manage our relationship, and improve our services.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR), legitimate interests in responding to you and managing our relationship (Art. 6(1)(f) GDPR), and legal obligations where applicable (Art. 6(1)(c) GDPR).
If you or your organisation purchases Reyda, we may process billing contact details, invoices, subscription information, payment status, tax information, and contractual records. Payment details may be processed by payment providers.
Legal basis: performance of a contract (Art. 6(1)(b) GDPR) and legal obligations (Art. 6(1)(c) GDPR).
We use cookies and similar technologies to operate our website and platform, keep users signed in, remember preferences, protect the service, and understand usage.
Some cookies are necessary for the website or platform to function. Analytics and marketing cookies are used only where required consent has been obtained. You can manage cookie preferences through the cookie controls we provide or through your browser settings.
We do not sell personal data.
We disclose personal data only where necessary to provide, secure, support, or improve Reyda, where we use service providers acting on our behalf, or where required by law. Recipients may include:
We enter into data processing agreements with processors where required by Art. 28 GDPR. These agreements require processors to protect personal data, keep it confidential, apply appropriate security measures, and process it only under our instructions or another valid legal basis. Where we use subprocessors, we use contractual and organisational controls designed to protect personal data.
We are based in Germany and aim to process customer data in the European Economic Area where practical. Some service providers or their affiliates may process personal data outside the EEA.
When personal data is transferred outside the EEA, we use appropriate safeguards such as adequacy decisions, the EU-U.S. Data Privacy Framework where applicable, Standard Contractual Clauses, and additional technical and organisational measures where required.
We take the security of personal data seriously and use technical and organisational measures designed to protect it against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.
These measures include encryption in transit and at rest, access controls, authentication controls, least-privilege access, confidentiality obligations, logging and monitoring, backup practices, security reviews, vulnerability management, employee security practices, and internal procedures for responding to security incidents. We review these measures regularly and adjust them based on risk, legal requirements, and changes to our service.
No system can be guaranteed to be completely secure. If you believe your account or data may be at risk, contact us at [email protected].
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, in line with the GDPR storage limitation principle, unless a longer retention period is required or permitted by law.
We may retain anonymised or aggregated data that no longer identifies a person.
Under the GDPR, you have the following rights in relation to your personal data, subject to the conditions and limits set out in the GDPR:
To exercise your rights, contact us at [email protected].
If your data is processed by Reyda on behalf of your organisation, we may need to refer your request to that organisation or coordinate with them before responding.
If you have concerns about how we handle personal data, please contact us first so we can try to resolve the issue.
You also have the right to lodge a complaint with a data protection supervisory authority. In Germany, you may contact the Federal Commissioner for Data Protection and Freedom of Information (BfDI) or your local data protection authority.
Reyda is not designed to require special categories of personal data under Art. 9 GDPR, such as health information, biometric data, information about political opinions, religious beliefs, trade union membership, ethnicity, or sexual orientation.
However, procurement documents, HR materials, CVs, references, compliance documents, or other files that you or your organisation choose to upload may contain this type of information. Where this happens, we process that data only to provide the requested platform features and, where applicable, on your organisation's instructions under the applicable agreement.
If Reyda acts as a controller for special-category data in a specific context, we process it only where a valid Art. 9 GDPR condition applies, such as explicit consent (Art. 9(2)(a) GDPR), processing necessary for legal claims (Art. 9(2)(f) GDPR), or another permitted condition.
Reyda is intended for business use and is not directed to children. We do not knowingly collect personal data from children. If we become aware that a child has created an account or provided personal data, we will revoke access to the service and delete the personal data. If you believe a child has provided us with personal data, contact us at [email protected].
Our website and platform may link to third-party websites or services. Their privacy practices are governed by their own policies, not this Privacy Policy.
We may update this Privacy Policy from time to time. If changes are material, we will provide notice through the website, platform, email, or another appropriate channel.
For privacy questions or requests, contact:
Reyda.ai
Friedrichstr. 155
10117 Berlin, Germany