Back Mitigate

Privacy Policy

Mitigate Procurement AI Agent

Platform: procurements.mitigate.dev

Approved: February 2026. Next review: no later than February 2027.

This Privacy Policy describes how SIA Mitigate (Reg. No. 50103381201), headquartered at Gustava Zemgala gatve 74A, Riga, LV-1039, Latvia, as data controller, collects, uses, discloses, and safeguards personal data processed through the Mitigate Procurement AI Agent platform ("Platform"). All data processing is conducted in accordance with the General Data Protection Regulation (GDPR).

For any questions, contact us at datuapstrade@mitigate.dev.

1. How We Obtain Your Data

  1. You submit your data during account registration on the Platform;

  2. You upload procurement documents for AI analysis;

  3. Your data is provided by your organization's representative;

  4. Technical data is collected automatically when you use the Platform.

2. What Personal Data We Process

Data Category What We Collect Purpose
Account data Company name, registration number, representative name, email address, phone number Account creation, authentication, communication
Usage data Credit balance, analysis history, login activity, actions taken on the Platform Service delivery, billing, platform improvement
Uploaded documents Procurement documents and proposals uploaded for AI analysis AI analysis and report generation
AI interaction data Analysis parameters, evaluation results, generated reports Service delivery, quality improvement
Payment data Transaction records, invoice details. Credit card data is processed directly by Stripe, Inc. and is not stored by Mitigate. Payment processing, billing records
Technical data IP address, browser type, device information, date and time of access Security, troubleshooting, service optimization

3. Legal Basis for Processing

  1. Contract performance (Art. 6(1)(b) GDPR) — to provide the Platform services, process documents, and deliver analysis results;

  2. Legitimate interest (Art. 6(1)(f) GDPR) — to improve our services, ensure security, prevent fraud, and provide support;

  3. Legal obligation (Art. 6(1)(c) GDPR) — to comply with tax, accounting, and regulatory requirements;

  4. AI Processing (Art. 6(1)(b) and 6(1)(f) GDPR) — processing through AI functionality is necessary for contract performance and aligns with the legitimate interest of providing efficient analysis to Platform users.

4. How We Use Uploaded Documents

Documents uploaded to the Platform are processed solely for the purpose of providing the AI analysis service. We do not:

  1. Use your documents to train AI models;

  2. Share your documents with third parties;

  3. Access your documents for any purpose other than delivering the service.

5. AI Processing

The Platform uses AI to evaluate procurement documents through multi-stage automated analysis. No automated decisions with legal effect are made. All AI outputs are advisory and require human review.

Third-Party AI Providers: The AI technology may use third-party services for document processing. Mitigate manages the relationship with third-party AI providers and ensures compliance with GDPR and privacy requirements. Users do not need to agree separately to third-party terms. Mitigate ensures appropriate data processing agreements are in place with all AI sub-processors.

6. Payment Data and Stripe

Online payments are processed by Stripe, Inc. Mitigate does not store or have access to full credit card details. Stripe processes payment data in accordance with PCI DSS standards. For invoice payments, we store only transaction records necessary for accounting and tax compliance.

7. Data Sharing

We do not sell your personal data. We may share data with:

  1. Stripe, Inc. — for payment processing;

  2. Third-party AI service providers — for document analysis processing (with appropriate data processing agreements);

  3. Cloud infrastructure providers — for hosting and data storage (EU-based or with adequate safeguards);

  4. Legal authorities — when required by applicable law.

The Company carefully inspects all service providers who process personal data on its behalf and ensures they apply appropriate security measures in accordance with GDPR.

8. Data Security

Mitigate applies appropriate technical and organizational measures to protect your data:

  1. Encrypted data transmission (TLS/SSL);

  2. Encrypted data storage;

  3. Access controls and authentication;

  4. Regular security reviews and employee training.

Mitigate shall not be liable for unauthorized access to personal data if it is beyond Mitigate's control (e.g., due to fault or negligence of the User).

9. Data Retention

  1. Account data, uploaded documents, and reports — deleted upon the User's request or automatically if the User has not used the account (no registered login activity) for 12 (twelve) months;

  2. Payment records — retained as required by Latvian tax and accounting legislation;

  3. Technical logs — retained for up to 12 months.

To request data deletion, contact datuapstrade@mitigate.dev.

10. Your Rights

Under GDPR, you have the right to:

  1. Access your personal data and receive information about processing;

  2. Rectify inaccurate data;

  3. Erase your data ("right to be forgotten");

  4. Restrict processing;

  5. Data portability — receive your data in a structured format;

  6. Object to processing based on legitimate interest;

  7. Withdraw consent at any time, without affecting the lawfulness of prior processing;

  8. Lodge a complaint with the Data State Inspectorate of Latvia (Datu valsts inspekcija).

To exercise your rights, contact us at datuapstrade@mitigate.dev. We will respond within 30 days.

11. International Transfers

Your data is primarily processed within the EU/EEA. If data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses, adequacy decisions). Upon request, you can receive more detailed information on international data transfers.

12. Cookies

The Platform uses essential cookies required for authentication and platform functionality. We do not use tracking or advertising cookies.

13. Updates

We may update this Privacy Policy periodically. Material changes will be communicated via email or through the Platform. The latest version is always published at the Platform. Previous versions are available upon request at datuapstrade@mitigate.dev.

14. Contact

SIA Mitigate

Gustava Zemgala gatve 74A, Riga, LV-1039, Latvia

Reg. No.: 50103381201

Data processing inquiries: datuapstrade@mitigate.dev

Legal inquiries: legal@mitigate.dev

Technical support: ai@mitigate.dev

Back