Privacy Policy

TenderAI ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, how we use it, and your rights in relation to it when you use our AI-powered tender intelligence platform.

By using TenderAI, you agree to the collection and use of information in accordance with this policy.

Account data (collected via Google OAuth):

• Email address
• Full name
• Google profile picture URL

We do not collect your Google account password. Authentication is handled entirely by Google.

Tender data (submitted by you):

• Tender title, description, and industry
• Client / issuing organisation name
• Client requirements and scope of work
• Your company name, strengths, and previous project information
• Pricing, commercial terms, and delivery timeline
• Uploaded documents (PDF, DOCX, TXT) — text is extracted and discarded; raw files are not stored

Usage data (collected automatically):

• Number of AI packs generated (for plan limit enforcement)
• Subscription plan and billing status
• Timestamps of account creation and activity

Payment data: We do not store payment card details. All payment processing is handled by Paddle as the Merchant of Record. We receive subscription status updates via secure webhook.

We use your data for the following purposes:

• Service delivery: To authenticate your account, generate AI-powered tender packs, and save your results
• Plan enforcement: To track usage against your subscription limit and apply the correct access tier
• Billing: To link your account to your Paddle subscription and verify payment status
• Service improvement: Aggregated, anonymised usage patterns may be used to improve the platform (no individual tender content is used)
• Communications: To send important service-related notices (account changes, subscription updates). We do not send unsolicited marketing without your consent

We do not sell, trade, or rent your personal data to third parties. We do not use your tender content to train AI models.

Your account and tender data is stored in a PostgreSQL database hosted on Neon (neon.tech), a managed serverless database platform with SOC 2 Type II compliance and encryption at rest.

All data is transmitted over HTTPS (TLS 1.2+). Authentication tokens are managed by NextAuth.js using industry-standard JWT practices.

Uploaded document text is processed in memory and passed to OpenAI for AI generation. Extracted text is used only for the current request and is not written to persistent storage beyond the generated output you see.

We implement reasonable technical and organisational measures to protect your data, but no method of transmission over the internet is 100% secure.

We use the following third-party services to operate the platform:

We retain your account data for as long as your account is active. Saved tender packs are retained to provide the saved history feature and are accessible in your dashboard.

If you delete your account, we will delete all associated personal data and tender packs within 30 days, unless we are required to retain it for legal or regulatory purposes.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and all associated data
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your data in certain circumstances

To exercise any of these rights, contact us at privacy@tenderai.com. We will respond within 30 days.

We use a minimal set of cookies required for the platform to function:

• Session cookie: Maintains your authenticated session (HTTP-only, secure)
• CSRF token: Protects against cross-site request forgery

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

TenderAI is a business-to-business (B2B) platform intended for use by professionals and organisations. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data to our platform, please contact us immediately.

We may update this Privacy Policy from time to time. Material changes will be communicated by email or by a prominent notice on the platform. The effective date at the top of this page will reflect the most recent revision.

For privacy-related enquiries, data access requests, or to exercise your rights, contact:
privacy@tenderai.com