Legal

Privacy Policy

How Citadelle Advisory Group, LLC collects, uses, stores, and shares personal information across our website, the iTenders product, and client engagements.

Last updated: May 16, 2026

1. Who we are

Citadelle Advisory Group, LLC (“Citadelle,” “we,” “us”) is a consulting and advisory firm organized in the United States. This policy covers personal information we collect through the website at www.citadelleadvisorygroup.com, our procurement-intelligence product iTenders, and direct client engagements.

Questions about this policy or any data we hold about you can be sent to connect@citadelleadvisorygroup.com.

2. Information we collect

2.1 Information you provide to us

  • Contact form submissions on the website — your name, organization, email, the service of interest, and the message text.
  • Consultant Network applications — the contact details, professional background, languages, country, and supporting information you submit through the application form.
  • iTenders account information — first name, last name, company name, email address, password (stored hashed), the markets you target, your firm capability statement, and the tender documents you upload for analysis.
  • Billing details — if you subscribe to iTenders, your card information is collected and processed by Stripe; Citadelle never sees or stores your full card number.
  • Engagement materials — documents, data, and other materials you share with us in the course of a consulting engagement.

2.2 Information collected automatically

  • Server logs — IP address, user-agent, referring URL, and timestamps, retained by our hosting provider (Netlify) for normal operational and security purposes.
  • Cookies — see Section 6 below.
  • Product telemetry inside iTenders — the URLs you navigate to and basic interaction events, used to keep the product running and to diagnose errors. We do not run third-party advertising trackers.

3. How we use your information

  • To respond to inquiries sent through the contact form or by email.
  • To evaluate Consultant Network applications and contact applicants whose profile matches an engagement need.
  • To deliver the iTenders service — authenticate you, run AI fit-scoring against the documents you upload, generate proposal skeletons, manage seats inside your organization, and bill the subscription.
  • To deliver consulting engagements we have agreed under a signed scope of work or master services agreement.
  • To send transactional messages — account notifications, billing receipts, security alerts. We do not send marketing email without a separate opt-in.
  • To comply with legal obligations and protect our rights.

4. Who we share your information with

We do not sell personal information. We share data only with vendors that help us operate the business, and only to the extent necessary:

  • Supabase — hosts the iTenders database (accounts, organizations, tender records) in the United States. Data is encrypted in transit and at rest.
  • Netlify — hosts the website and serverless functions; receives standard request logs.
  • Stripe — processes iTenders subscription payments. Stripe is a PCI-DSS Level 1 service provider; their privacy notice applies to card data.
  • Anthropic (Claude API) — when you ask iTenders to score a tender, draft a proposal, or translate a notice, we send the relevant text (capability statement, tender description, draft inputs) to the Claude API to compute the response. We do not authorize Anthropic to use submitted content to train models, in line with their commercial-API terms.
  • Public procurement portals — iTenders ingests tender notices from public sources (SAM.gov, etenders.gov.za, CNMP Haïti, ESPPRA Eswatini, World Bank, AfDB, IDB). These are read-only feeds; we do not push your data to them.
  • Authorities or legal counsel when we are required to disclose by law, subpoena, or court order, or when necessary to defend legal claims.

5. International transfers

Our service providers are based in the United States. If you are located in the European Economic Area, the United Kingdom, the Caribbean, or Africa, your data will be transferred to and processed in the United States. We rely on standard contractual measures with our processors to safeguard those transfers.

6. Cookies and similar technologies

The marketing site (citadelleadvisorygroup.com) uses a minimal set of cookies and similar technologies:

  • Strictly necessary — a session cookie set by Supabase Auth inside the iTenders app so you stay signed in. Without it the app cannot function.
  • Consent preference — a single value stored in your browser’s localStorage remembering whether you accepted or declined non-essential cookies. No personal identifiers.
  • Analytics (optional) — if we run privacy-friendly traffic analytics (e.g., Plausible or a self-hosted equivalent), we collect aggregated, non-identifying request counts only after you consent.

You can withdraw consent at any time by clearing site data in your browser, or by emailing us. The cookie banner shown on first visit lets you accept or decline non-essential cookies.

7. Your rights

Depending on where you live, you may have the right to:

  • Request a copy of the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete information, subject to legal retention obligations (for example, tax records).
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Lodge a complaint with a supervisory authority (in South Africa, the Information Regulator at inforegulator.org.za).

To exercise any of these rights, email connect@citadelleadvisorygroup.com. We will respond within 30 days.

8. Data retention

We keep contact-form messages and Consultant Network applications for as long as they remain useful for the inquiry, then archive or delete. iTenders account data is retained for the life of your subscription, plus the period required to resolve disputes and comply with legal obligations (typically 7 years for tax records). You can request deletion of your iTenders account from inside the app at any time.

9. Children

The website and iTenders are not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us and we will delete it.

10. Security

We use industry-standard safeguards: TLS in transit, encryption at rest with our database and storage providers, hashed passwords, row-level access controls inside iTenders, and least-privilege service credentials. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

11. Changes to this policy

We will update the “Last updated” date at the top of this page when this policy changes. Material changes will also be announced inside the iTenders app and, where appropriate, by email to active subscribers.

How to contact us about privacy: Email connect@citadelleadvisorygroup.com with the subject line “Privacy request” and we’ll route it appropriately.