BundleIQ is committed to protecting your privacy. We only collect data that is necessary to operate the platform and we never sell your personal data to third parties.
1. Who we are
BundleIQ Ltd ("BundleIQ", "we", "us", "our") operates the procurement platform at bundleiq.co.uk. We are the data controller for personal data collected through this platform.
Registered in England and Wales. For all privacy enquiries, contact: privacy@bundleiq.co.uk
2. What data we collect
Buyers
- Name, email address, and organisation name when you register or join a buying pool
- Phone number (optional)
- Purchase and order history from catalogue and pool transactions
- RFQ submissions including requirement descriptions and contact details
- Usage data including pages visited and actions taken on the platform
Vendors
- Company name, registration number, and contact details
- Documents uploaded for IQ Trust verification (insurance certificates, accreditations)
- Bid submissions and tender responses
- Payment and subscription information (processed by Stripe — we do not store card details)
- Product and service listings
All users
- IP address, browser type, and device information
- Cookies and similar tracking technologies (see Section 8)
3. How we use your data
- To operate the BundleIQ platform — matching buyers with vendors, managing pool tenders, processing orders
- To send transactional emails — order confirmations, pool award notifications, chase reminders
- To verify vendor credentials through IQ Trust (seven independent data sources)
- To improve the platform through usage analytics
- To comply with legal obligations
- To send market intelligence and bulletins (where you have opted in)
4. Legal basis for processing
- Contract performance — processing necessary to deliver the services you have requested
- Legitimate interests — platform security, fraud prevention, service improvement
- Consent — marketing communications and non-essential cookies
- Legal obligation — compliance with applicable laws
5. Who we share data with
We share data only where necessary to operate the platform:
- Supabase — database and backend infrastructure (EU-hosted)
- Stripe — payment processing (PCI-DSS compliant)
- Resend — transactional email delivery
- IQ Trust data sources — Companies House, OFSI, Insolvency Service, Gas Safe Register, FSA, TrustMark, Charity Commission (read-only verification checks)
- Winning vendors — buyer contact details shared with the vendor upon acceptance of a pool award or catalogue order, to enable fulfilment
We do not sell personal data. We do not share data with advertisers.
6. How long we keep data
- Account data: retained while your account is active and for 3 years after closure
- Transaction records: 7 years (legal and tax compliance)
- Usage logs: 90 days
- Vendor documents: retained while IQ Trust status is active, deleted within 30 days of account closure on request
7. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion of your data (subject to legal retention obligations)
- Portability — receive your data in a structured, machine-readable format
- Object — object to processing based on legitimate interests
- Withdraw consent — for any processing based on consent
To exercise any right, email privacy@bundleiq.co.uk. We will respond within 30 days.
You have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk
8. Cookies
We use the following cookies:
- Essential cookies — session management, security. Cannot be disabled.
- Analytics cookies — understand how the platform is used. Can be disabled.
- Preference cookies — remember your mode (Business/Personal/Freelancer) and basket contents.
See our Cookie Policy for full details.
BundleIQ Ltd
Email: privacy@bundleiq.co.uk
For general enquiries: hello@bundleiq.co.uk