Privacy Policy

1. Information We Collect

1.1 Account Information

When you register, we collect:

• Name and email address
• Company name and registration number
• Industry sectors and preferences
• Region and location
• Password (encrypted, never stored in plain text)

1.2 Usage Data

We automatically collect:

• Search queries and filters
• Tenders viewed, saved, or downloaded
• Template downloads
• Login times and IP addresses
• Browser type and device information

1.3 Payment Information

Payment details are processed by Stripe (PCI DSS Level 1 certified). We never store your full card details—only the last 4 digits for reference.

2. How We Use Your Data

We use your information to:

• Provide our service: Match you with relevant tenders using AI
• Send notifications: Email alerts for new matching opportunities
• Process payments: Manage subscriptions and billing
• Improve our platform: Analyze usage patterns to enhance features
• Comply with law: Meet legal and regulatory requirements
• Prevent fraud: Detect and prevent unauthorized access

3. Legal Basis for Processing

Under UK GDPR, we process your data based on:

• Contract: Necessary to deliver our service to you
• Legitimate interests: Improve platform and prevent fraud
• Consent: Marketing emails (you can opt out anytime)
• Legal obligation: Tax, accounting, and regulatory compliance

4. Data Sharing & Third Parties

We share data only with:

• Stripe: Payment processing (PCI DSS compliant)
• Google Cloud: Hosting and storage (ISO 27001 certified, UK data centers)
• SendGrid: Transactional emails (GDPR compliant)
• Analytics: Anonymized usage data for Google Analytics (IP anonymization enabled)

We never sell your data. Third parties are contractually bound by data processing agreements (DPAs).

5. Data Security

• Encryption: AES-256 at rest, TLS 1.3 in transit
• Access control: Role-based access with MFA for staff
• Backups: Automated daily backups with 30-day retention
• Monitoring: 24/7 intrusion detection and security logging
• Audits: Quarterly penetration testing by independent firms

6. Your Rights (UK GDPR)

You have the right to:

• Access: Request a copy of your data (free, within 30 days)
• Rectification: Correct inaccurate data
• Erasure: Delete your account and all data ("right to be forgotten")
• Portability: Export your data in CSV/JSON format
• Object: Opt out of marketing emails or analytics
• Restrict: Limit how we process your data

To exercise your rights, email contact@tenderiq.io or use your account settings.

7. Data Retention

• Active accounts: Retained while your subscription is active
• Cancelled accounts: Deleted 90 days after cancellation
• Financial records: Kept 7 years for tax/legal compliance
• Anonymized data: Aggregated usage stats retained indefinitely (no personal identifiers)

8. Cookies & Tracking

We use cookies for:

• Essential: Login sessions, security (cannot be disabled)
• Analytics: Google Analytics with IP anonymization (can opt out)
• Referral tracking: 90-day cookie for affiliate commissions

Manage cookie preferences in your browser settings or our cookie banner.

9. Children's Privacy

TenderIQ is not intended for users under 18. We do not knowingly collect data from children. If we discover we have, we will delete it immediately.

10. International Transfers

Your data is stored in UK data centers (Google Cloud europe-west2 London). If we ever transfer data outside the UK, we will use Standard Contractual Clauses (SCCs) approved by the ICO.

11. Changes to This Policy

We may update this policy to reflect legal or service changes. Material changes will be notified via email 30 days in advance. Continued use after changes constitutes acceptance.

12. Contact & Complaints

Data Controller: TenderIQ Ltd, London, United Kingdom

Email: contact@tenderiq.io

If you're unhappy with our response, you can complain to the Information Commissioner's Office (ICO).