Legal
Last udpated
Privacy Policy
Scout RFP Platform ("Scout," "we," "us," or "our") is operated by Growth Scout, LLC. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our software-as-a-service platform available at app.growthscout.ai and our marketing website at growthscout.ai (collectively, the "Services").
By accessing or using the Services, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Services.
1. Who We Are and Who This Policy Covers
Scout is a B2B SaaS platform serving architecture, engineering, and construction (AEC) firms. This policy applies to:
Company Administrators who create and manage firm accounts
Team Members who are invited to collaborate within a firm's account
Visitors to our marketing website at growthscout.ai
Scout operates as a multi-tenant platform. Each firm ("Company") is a separate tenant. Data belonging to one Company is logically isolated and is never accessible to another Company through the platform.
2. Information We Collect
2.1 Information You Provide Directly
Account and Profile Information
Full name, email address, job title, and company name provided during signup or profile setup
Profile photographs (headshots) uploaded to team member profiles
Password credentials (stored in hashed form; we never store plaintext passwords)
Firm and Business Information
Firm name, logo, website URL, office locations, and primary contact information
Custom branding preferences (colors, visual identity settings)
Subscription and billing contact information
Proposal and RFP Content
RFP documents uploaded for processing (PDF and Word .docx formats)
Proposal text, section content, and editorial annotations created by your team
Win/loss decisions and outcome notes recorded in the platform
Final proposal documents uploaded as submissions
Knowledge Base Content
Team member resumes and biographical materials (PDF and Word formats)
Project portfolio information including descriptions, images, and project data
Company documents and past winning proposals uploaded for AI reference
Firm credentials and certifications
Communications
Messages or inquiries submitted through contact forms
Support requests and correspondence with our team
2.2 Information Generated Through Your Use of the Services
Usage and Activity Data
Pages and features accessed, actions taken, and time spent within the platform
Proposal generation events, section edits, assignment completions, and workflow stage changes
Search queries and filters applied within the platform
Technical and Device Data
IP address, browser type and version, operating system
Session identifiers and authentication tokens
Error logs and performance diagnostics
AI Interaction Data
Inputs submitted to AI-powered features (proposal generation prompts, resume parsing requests, website import requests)
AI-generated output associated with your account
2.3 Information Collected Automatically
We use standard web technologies including server-side session management and analytics tools to collect usage data as described above. We may use cookies or similar technologies to maintain your authenticated session. We do not sell data collected via cookies to third parties.
3. How We Use Your Information
We use the information we collect for the following purposes:
To Provide and Operate the Services
Authenticate your identity and maintain your session
Generate AI-powered proposal drafts using your firm's uploaded knowledge base materials
Process RFP documents and extract relevant project requirements
Enable team collaboration, section assignment, and workflow management
Store and retrieve files you upload (documents, headshots, logos) via Cloudflare R2 object storage
Deliver email notifications related to your account activity via our email service provider
To Improve and Develop the Services
Analyze aggregated, de-identified usage patterns to improve platform features
Diagnose technical issues and fix bugs
Develop and train internal models for proposal quality improvement using de-identified aggregate data only (see Section 7 for details on AI and your data)
To Communicate With You
Send transactional emails (account verification, password reset, proposal notifications, assignment alerts)
Respond to support requests
Share product updates, release notes, and relevant announcements (you may opt out of non-transactional communications at any time)
To Ensure Security and Legal Compliance
Detect, investigate, and prevent fraudulent or unauthorized activity
Enforce our Terms of Service
Comply with applicable laws, regulations, and legal obligations
Respond to lawful requests from courts, regulators, or law enforcement
To Process Payments
Billing contact information is used to manage your subscription. Payment processing is handled by a third-party processor; we do not store full credit card numbers on our servers.
4. How We Share Your Information
We do not sell your personal information. We do not share your information with third parties for their own marketing purposes.
We share information only in the following limited circumstances:
4.1 Service Providers and Subprocessors
We work with third-party vendors who process data on our behalf, subject to data processing agreements and obligations to protect your information:
Vendor | Purpose | Data Involved |
|---|---|---|
Neon (neon.tech) | PostgreSQL database hosting | All structured platform data |
Cloudflare R2 | File storage | Uploaded documents, images, files |
Vercel | Frontend hosting and delivery | Request logs, static assets |
Railway | Backend hosting and compute | Application logs, environment |
Anthropic (Claude API) | AI proposal generation and content processing | RFP content, knowledge base materials submitted in generation requests |
Resend | Transactional email delivery | Email address, email content |
Stripe (future) | Payment processing | Billing information |
4.2 Within Your Company Account
Information uploaded or created by users within a Company account is accessible to other authenticated users within that same Company account. Company Administrators have elevated access to manage users, settings, and account data. Scout staff do not access your firm's content except as necessary to provide support or investigate a reported issue.
4.3 Business Transfers
If Scout is involved in a merger, acquisition, asset sale, or similar transaction, your information may be transferred as part of that transaction. We will provide notice before your information is subject to a materially different privacy policy.
4.4 Legal Requirements
We may disclose your information if we believe in good faith that disclosure is required to comply with applicable law, respond to a valid legal process (subpoena, court order, or government request), protect the rights, property, or safety of Scout, our users, or others, or investigate and prevent fraud or security incidents.
4.5 With Your Consent
We may share your information for any other purpose with your explicit consent.
5. Data Retention
We retain your information for as long as your account is active or as needed to provide the Services.
Account data is retained for the life of your subscription plus 90 days following termination, after which it is deleted or anonymized.
Uploaded files stored in Cloudflare R2 are deleted within 90 days of account termination.
Proposal and RFP content is retained for the life of your account to support the Learning Engine and historical reference features.
Backup and log data may be retained for up to 12 months for security and operational purposes.
Billing records are retained for 7 years as required by financial regulations.
You may request deletion of your data at any time (see Section 9).
6. Data Security
We implement and maintain reasonable technical and organizational security measures designed to protect your information against unauthorized access, loss, alteration, and disclosure. These measures include:
Encrypted connections (HTTPS/TLS) for all data in transit
Encrypted storage for sensitive data at rest
Multi-tenant data isolation enforced at the database query level -- all queries are scoped to your Company ID
Session-based authentication with server-side session management
Access controls limiting Scout staff access to production data
Regular dependency updates and security monitoring
No method of transmission over the internet or method of electronic storage is 100% secure. While we work to protect your information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at security@growthscout.ai.
7. Artificial Intelligence and Your Data
Scout uses the Anthropic Claude API to power AI features including proposal generation, resume parsing, and website content import.
How your data is used in AI features: When you trigger an AI feature (such as generating a proposal), relevant content from your account -- including RFP text, project portfolio data, team profiles, and uploaded knowledge base materials -- is transmitted to the Anthropic API as part of that request. Anthropic processes this content to generate a response, which is returned to Scout and stored in your account.
Anthropic's data practices: Anthropic does not use API input or output data to train its models by default under its API usage policies. You should review Anthropic's Privacy Policy and API Terms of Service at anthropic.com for the authoritative terms governing their processing of data transmitted through API calls.
We do not use your firm's content to train models for other customers. Aggregate, de-identified usage signals (such as whether a proposal section was accepted or rejected) may be used internally to improve prompt quality and platform performance. Your actual proposal content, RFP documents, and knowledge base materials are never shared with other firms or used to generate content for other customers.
AI-generated content: Proposals and other content generated by Scout's AI features are provided as drafts for your team's review and editing. You are responsible for reviewing, verifying, and approving all AI-generated content before submission. Scout makes no warranty regarding the accuracy, completeness, or fitness of AI-generated content for any purpose.
8. Third-Party Links and Integrations
The Services may contain links to third-party websites or offer integrations with third-party tools (such as Google Drive, Airtable, SharePoint, or HubSpot). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you connect to Scout. Scout is not responsible for the privacy practices of third-party services.
9. Your Rights and Choices
Depending on your location, you may have certain rights regarding your personal information. Regardless of location, we honor the following requests:
Access: You may request a copy of the personal information we hold about you.
Correction: You may update or correct inaccurate information through your account settings or by contacting us.
Deletion: You may request that we delete your personal information. Note that we may retain certain information as required by law or for legitimate business purposes (such as billing records). Deletion of a user account does not automatically delete the Company's account or data created on behalf of the Company.
Data Portability: You may request an export of your account data in a machine-readable format.
Opt-Out of Marketing Communications: You may unsubscribe from marketing emails at any time using the unsubscribe link in any marketing message or by contacting us. Transactional and account-related emails cannot be opted out of while your account is active.
Account Termination: Company Administrators may close their account by contacting us. Following closure, data is retained for 90 days before deletion per Section 5.
To exercise any of these rights, contact us at privacy@growthscout.ai. We will respond within 30 days.
California Residents: California law may provide additional rights including the right to know what personal information is collected, the right to know whether and to whom personal information is sold or disclosed, the right to opt out of the sale of personal information (we do not sell personal information), and the right to non-discrimination for exercising your rights. To make a California privacy rights request, contact us at privacy@growthscout.ai.
EEA, UK, and Swiss Residents: If you are located in the European Economic Area, United Kingdom, or Switzerland, you may have rights under applicable data protection laws including GDPR. Our legal basis for processing your data is generally contract performance (to provide the Services you have subscribed to) and legitimate interests (security, fraud prevention, service improvement). For data transfers from the EEA to the United States, we rely on appropriate safeguards including standard contractual clauses where required. To exercise your rights or lodge a complaint, contact privacy@growthscout.ai.
10. Children's Privacy
The Services are intended for business use by adults. We do not knowingly collect personal information from individuals under the age of 18. If we learn that we have collected personal information from a minor, we will take steps to delete that information promptly. If you believe a minor has provided us with personal information, please contact us at privacy@growthscout.ai.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this policy and notify users via email or a prominent notice within the platform at least 14 days before the change takes effect.
Your continued use of the Services after any change becomes effective constitutes your acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Growth Scout, LLC Email: privacy@growthscout.ai Security concerns: security@growthscout.ai Website: growthscout.ai