TendorBack

Privacy Policy

Your data, your control.

Last updated: April 26, 2025

1. What we collect

When you use Tendor, we collect only what is necessary to deliver the service:

  • Account information — email address, name, and password (hashed)
  • Company profile data — business name, industry, capabilities, and certifications you choose to provide
  • Tender documents — files you upload for AI analysis (processed in-session, not stored permanently)
  • Usage data — feature usage, session duration, and interaction patterns (anonymized)
  • Payment information — processed by our payment provider; we never store card details

2. How we use your data

  • To generate bid scores, compliance analyses, and response drafts using AI
  • To personalize your experience based on your company profile
  • To improve our AI models and service quality (using anonymized, aggregated data only)
  • To communicate service updates and account-related notifications
  • To process payments and manage your subscription

3. AI processing

Your tender documents are sent to our AI provider (Azure OpenAI) for analysis. Documents are processed in real-time and are not retained by the AI provider after processing. We do not use your documents to train AI models.

4. Data storage & security

Your data is stored securely using Supabase (hosted on AWS infrastructure). We implement industry-standard security measures including:

  • Encryption at rest and in transit (TLS 1.3)
  • Row-level security policies ensuring you can only access your own data
  • Regular security audits and dependency updates
  • Secure authentication via Supabase Auth with bcrypt password hashing

5. Data sharing

We do not sell your data. We share data only with:

  • Azure OpenAI — for AI-powered document analysis (processing only, no retention)
  • Supabase — database and authentication infrastructure
  • Payment processor — for subscription billing

We may disclose data if required by law or to protect our legal rights.

6. Your rights

You have the right to:

  • Access all personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and all associated data
  • Export your data in a portable format
  • Withdraw consent for optional data processing

To exercise any of these rights, contact us at privacy@tendor.cc.

7. Cookies

We use essential cookies only — for authentication and session management. We do not use tracking cookies or third-party analytics cookies.

8. Data retention

We retain your data for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days. Anonymized, aggregated usage data may be retained indefinitely for service improvement.

9. Changes to this policy

We may update this policy from time to time. Significant changes will be communicated via email or in-app notification. Continued use of Tendor after changes constitutes acceptance.

10. Contact

For privacy-related questions or concerns:

Email: privacy@tendor.cc