Iepirkumi.io: Weak AI, Lack of Unique Data, and Privacy Risks | SerpCtrl
2026-06-30·15min
Iepirkumi.io: Weak AI, Lack of Unique Data, and Privacy Risks
AIvibecoding
Key Findings
An audit of iepirkumi.io reveals a profound discrepancy between the information visible to platform clients and its actual functionality. On the surface, the service positions itself as a premium, modern B2B SaaS platform powered by sophisticated AI and utilizing real-time data streaming. However, behind the login wall, the platform turns into a thin frontend layer operating on free public data feeds, conducts hidden third-party session tracking, and contains hardcoded social proof.
Claims vs. Reality
Aspect: Data Architecture
Promise: 8 unified sources monitoring over 280,000+ public procurements and €31B+ total turnover.
Reality: Exactly 2 active sources (IUB and TED). The remaining 6 sources have no data or active integrations.
Aspect: Real-Time Data
Promise: Dynamic live feed demonstrating Latest Procurement Winners via real-time public data streams.
Reality: Static, client-side JavaScript array (array) that cyclically displays ~15 hardcoded companies from 2019. Not a single network request occurs.
AI Capabilities
Aspect:
Promise: Advanced AI that automatically matches relevant bids, prepares complex proposals in 60 seconds, and acts as a proprietary matching engine.
Reality: Basic prompt wrapper built with open APIs. The Matches function uses a baseline prompt to evaluate text, while the PRO AI proposal tool is non-functional vaporware, marked as coming soon.
Aspect: Pricing Policy
Promise: Publicly advertised as a simple and honest pricing model with a €19 Starter and €99 Pro tier.
Reality: The legally binding terms.pdf contract contains a completely different infrastructure: a €39 Pro and €119 AI Premium tier.
Aspect: Data Moat & IP
Aspect: Premium platform worth a significant monthly per-seat fee to secure an operational edge.
Promise: Zero data uniqueness. The core infrastructure uses freely available data under CC0 or open APIs, utilizing no unique technologies.
Technical Audit
1. Data Sourcing and Origins
The platform relies heavily on impressive metrics to project authority, explicitly advertising a massive history of records across 8 distinct data sources.
In reality, the search module operates on standard feeds from the Procurement Monitoring Bureau (IUB) and Tenders Electronic Daily (TED). Sources such as EIS do not perform automated data ingestion, because IUB notices inherently contain EIS tracking numbers themselves.
"Coming soon" hooks: Funding sources representing billions in capital—such as CFLA, ALTUM, and LIAA—are merely visual placeholders. Internally, they are tagged as "DRĪZUMĀ" (COMING SOON) to inflate value for potential clients.
2. AI: Hype vs. Prompt Wrapping
The core value proposition relies on automated B2B funding acquisition, promising that "money finds You" through intelligent algorithmic delivery.
Match evaluation: Testing with a fresh, unoptimized user profile yields basic procurement recommendations that get stuck at highly static 50% to 57% compatibility scores. The platform relies on a basic instruction, requiring the user to manually add descriptive company summaries before executing any operations.
Infrastructure issues: The backend completely relies on public APIs, such as EU grants endpoints and IUB Open Data JSON files. The underlying language engine is powered by standard commercial API requests.
False Marketing Claims and Discrepancies in Pricing Policy
The iepirkumi.io storefront and marketing strategy rely on artificially created psychological triggers, inconsistent contract terms, and deceptive social proof to drive conversions. Below, these issues are listed in detail:
1. The Bait-and-Switch Pricing Policy
The platform operates two completely separate, conflicting pricing structures depending on whether the user is looking at the site or the legally binding contract.
Advertised pricing policy: On the public /pricing page, which features a prominent subtitle "Simple and honest pricing policy," the platform advertises a STARTER plan for €19/month and a PRO plan for €99/month.
Reality: In Section 4 of the referenced terms of service (terms of service, /terms) within the actual peace-of-mind.pdf and ptac-sudziba.pdf documents, the binding contract displays completely different plans and higher rates: a Pro plan for €39/month and an AI Premium plan for €119/month.
The full price is not visible to the user before initiating the checkout sequence. Labeling this specific setup as "honest" directly removes any protection against accidental error under consumer rights protection laws.
2. False Claims About Real-Time Data
To build credibility, a section titled "Latest Procurement Winners" is included on the page.
Claim displayed on the page: The module is explicitly marked as "Real-time data from public procurement results."
Technical reality: Network inspection reveals that during page load, 0 server requests or API calls are made to populate this feed. It is a completely static, hardcoded JavaScript array that loops through approximately 15 fixed records.
Lies through time: Each record in this loop is assigned a fake dynamic timestamp of "2m ago". One of the displayed real-time winners is SIA Lattelecom — a corporate entity that legally ceased to exist under this name in 2019 when it rebranded to Tet.
3. Contradictory and Absolute Claims
The marketing team utilizes absolute performance (performance) promises that are completely nullified by their own legal text.
Marketing promise: The page includes bold headlines promising that users will "Receive 100% of all procurements" or get "100% matching procurements."
Stated in the contract: Section 9 of the platform's binding terms directly contradicts this promise. The legal text completely disclaims any liability for delayed, inaccurate, or missed procurements, explicitly limits liability to the fees of the last 12 months, and explicitly sells the service strictly "as is".
4. Deceptive Urgency
The website actively uses dark patterns to create artificial scarcity and manipulate perceived value.
Artificial Scarcity Rules: The platform includes a 50% discount code (pirmie_100), which is advertised to the "first 100 customers." According to consumer protection frameworks, using limited availability caps that are not programmatically enforced (enforced) or are untrue constitutes a misleading commercial practice in itself.
Promoting non-functional solutions: The platform displays pricing tiers for PRO (€99), TEAM, and ENTERPRISE plans, yet three of these five tiers are blocked out as "COMING SOON" and are not actually purchasable. Their visual presence serves purely as a psychological comparison to make the basic €19/month tier look cheap.
Artificial hype: The main hero section highlights the metric "280,000+ procurements" (and changes elsewhere on the site to 285,000+). However, Section 8 of the operator's own terms only lists ~125,000 IUB records and ~38,000 TED records, totaling approximately 163,000 records. The headline marketing figure is inflated by more than 70% compared to what is stated in their legal data processing policy.
Infrastructure Audit
1. Undisclosed Data Collection
The most critical privacy failure involves the silent deployment of aggressive user-tracking software, which is in direct contradiction with the platform's publicly available disclaimers.
Platform reality: Upon initial page load, the site immediately initializes an active Sentry Session Replay instance. It allocates a buffer stream directly in the user's local browser data.
Analytics scope: This tool records complete Document Object Model (DOM) structural changes, the user's navigation paths, scrolling behavior, clicks, and inputs. For a dedicated enterprise software application that processes sensitive procurement profiles and confidential project documentation, collecting such data poses significant risks.
Legal contradiction: Sentry scripts and CDN endpoints run across the entire platform. However, the tool is completely excluded from the cookie notification modal, missing from the general privacy overview (§8), and left out of the corporate subprocessor schedule (§4). Furthermore, Section 8 of the platform's privacy policy clearly states: "We do not use... other third-party... tools." This error transforms the issue from simple missing information into an active, verifiable false statement under the transparency provisions of GDPR Article 13.
2. Immediate Pre-Consent Tracker Fires
The application structurally violates the basic requirements of consent architecture by silently calling a Cloudflare RUM beacon, launching a first-party analytics POST request, and buffering Sentry Session Replay immediately upon entering the site, before the user has even had the opportunity to accept or reject data collection.
Tracking solutions described on the site: The platform's cookie banner clearly highlights only standard Google Analytics tracking.
Technical reality: Although Google Consent Mode v2 is implemented correctly, several secondary tracking scripts are still launched immediately upon load.
Leaked data streams: The Cloudflare Real User Monitoring (RUM) beacon instantly triggers a 204 data transmission. Simultaneously, an undisclosed first-party tracker executes a POST request to register the session data layer. Both tracking vectors record user data without prior permission, bypassing ePrivacy and GDPR policies.
3. Data Hygiene Issues
Client document storage creates long-term liability for any platform where sensitive information can be uploaded.
Data accumulation risks: According to Section 6 of the internal privacy documentation, user-submitted proposal guidelines, corporate CVs, and financial documentation uploaded to the platform's Cloudflare R2 storage are governed by the policy: "Not deleted automatically; manual cleaning."
Hazard: This storage lacks a programmatic data retention limit or an automatic garbage collection routine. For a small two-person corporate operation, allowing raw, unredacted (unredacted) enterprise PDF files to accumulate indefinitely creates a major data security vulnerability and violates the storage limitation principles of GDPR Article 5(1)(e). If a user wants their data deleted, they must manually send an email to a general support mailbox to request it.
4. SEO Issues
In addition to core compliance risks, the platform's public root routing file is misconfigured, thereby destroying the entire marketing model.
Blocking all LLM models: The platform's edge robots.txt file is written in a way to block all major AI crawler agents, including GPTBot, ClaudeBot, Google-Extended, Amazonbot, and Bytespider. Consequently, this site will never be cited in any LLM models.
Configuration Drift: The system contains immediate file drift. The robots.txt configuration clearly specifies a Disallow rule to hide the data directory, yet the sitemap.xml file simultaneously pushes (pushes) that exact same path directly to search engines for indexing with a 0.7 priority rating. This structural conflict creates systematic routing coverage errors in Google Search Console.
5. Frontend & Interface Credibility Cracks
A final code audit reveals execution errors that harm user trust:
Leaked Authentication Loops: The developer console calls a broken GET /api/auth/me 401 (Unauthorized) error API call on every anonymous page load. While structurally normal to check active user sessions in a Next.js application, leaving this call unhandled (un-handled) shows a lack of professionalism to potential B2B clients who navigate information technologies.
Contrast issues: The main CTA text is fundamentally unreadable due to a gross design error, as it is placed directly over a bright and detailed photo of 100 US dollar bills. Developers have not added a dark, semi-transparent layer or overlay between the text and the background, causing the letters to completely blend in with the mottled image. Due to this camouflage, automated testing tools like Google Lighthouse give the page an absolute zero contrast rating, meaning the site fails official global accessibility (WCAG) standards and is practically unusable for people with visual impairments. By ignoring these basic UI/UX requirements and making its primary call-to-action hard to read, the platform is essentially actively sabotaging its own conversion rate.
Complete and Absolute Lack of Unique Data
Ultimately, iepirkumi.io acts as a thin, deceptive wrapper around free public government data. The platform has absolutely no unique infrastructure, exclusive research data, or technical validation thereof. Because the main data streams rely entirely on open-license endpoints, such as IUB CC0 JSON, TED API, and KOHESIO open data, the underlying assets are already available for commercial reuse for free. By buying access to this tool for €19 to €119 a month, money is lost, and user data is exposed to risk.
Weak AI Solutions and Free Alternatives
The AI advertised by the platform is nothing more than a crude interface that provides no unique information, and all the advanced features simply do not work. The entire capacity of this platform can be replicated in-house for €0. A single scheduled prompt, using an existing AI subscription (e.g., Claude Opus), can fetch active Latvian and EU procurements, precisely filter them by CPV codes, budget, and region, and automatically rank them by relevance. By using existing automated tools, such as Claude Code for daily scheduling, the actual difference disappears completely, entirely eliminating the risk of compromising your data with the platform advertised by Untāls.
Disclaimer: The analysis of iepirkumi.io was conducted by the SerpCtrl team using publicly available information and performing a practical analysis of the site's functionality, reviewing it in its technical and content state as of June 26, 2026, saving screenshots and code snippets that substantiate the claims made in the article. SerpCtrl has no affiliation with iepirkumi.io or Edgars Untāls, nor does SerpCtrl offer an analogous product to this platform. If you see omissions or inaccurate information in the publication, please report it in writing to info@serpctrl.lv, and we will make changes if they are justified.