Your privacy is important to us. This policy explains how TenderIQ collects, uses, and protects your personal data.
Quick Summary
We collect only what's necessary to provide our tender matching service
Your data is encrypted and stored in UK data centers
We never sell your data to third parties
You can delete your account and all data anytime
1. Information We Collect
1.1 Account Information
When you register, we collect:
Name and email address
Company name and registration number
Industry sectors and preferences
Region and location
Password (encrypted, never stored in plain text)
1.2 Usage Data
We automatically collect:
Search queries and filters
Tenders viewed, saved, or downloaded
Template downloads
Login times and IP addresses
Browser type and device information
1.3 Payment Information
Payment details are processed by Stripe (PCI DSS Level 1 certified). We never store your full card details—only the last 4 digits for reference.
2. How We Use Your Data
We use your information to:
Provide our service: Match you with relevant tenders using AI
Send notifications: Email alerts for new matching opportunities
Process payments: Manage subscriptions and billing
Improve our platform: Analyze usage patterns to enhance features
Comply with law: Meet legal and regulatory requirements
Prevent fraud: Detect and prevent unauthorized access
3. Legal Basis for Processing
Under UK GDPR, we process your data based on:
Contract: Necessary to deliver our service to you
Legitimate interests: Improve platform and prevent fraud
Consent: Marketing emails (you can opt out anytime)
Legal obligation: Tax, accounting, and regulatory compliance
4. Data Sharing & Third Parties
We share data only with:
Stripe: Payment processing (PCI DSS compliant)
Google Cloud: Hosting and storage (ISO 27001 certified, UK data centers)
SendGrid: Transactional emails (GDPR compliant)
Analytics: Anonymized usage data for Google Analytics (IP anonymization enabled)
We never sell your data. Third parties are contractually bound by data processing agreements (DPAs).
5. Data Security
Encryption: AES-256 at rest, TLS 1.3 in transit
Access control: Role-based access with MFA for staff
Backups: Automated daily backups with 30-day retention
Monitoring: 24/7 intrusion detection and security logging
Audits: Quarterly penetration testing by independent firms
6. Your Rights (UK GDPR)
You have the right to:
Access: Request a copy of your data (free, within 30 days)
Rectification: Correct inaccurate data
Erasure: Delete your account and all data ("right to be forgotten")
Portability: Export your data in CSV/JSON format
Object: Opt out of marketing emails or analytics
Restrict: Limit how we process your data
To exercise your rights, email contact@tenderiq.io or use your account settings.
7. Data Retention
Active accounts: Retained while your subscription is active
Cancelled accounts: Deleted 90 days after cancellation
Financial records: Kept 7 years for tax/legal compliance
Anonymized data: Aggregated usage stats retained indefinitely (no personal identifiers)
8. Cookies & Tracking
We use cookies for:
Essential: Login sessions, security (cannot be disabled)
Analytics: Google Analytics with IP anonymization (can opt out)
Referral tracking: 90-day cookie for affiliate commissions
Manage cookie preferences in your browser settings or our cookie banner.
9. Children's Privacy
TenderIQ is not intended for users under 18. We do not knowingly collect data from children. If we discover we have, we will delete it immediately.
10. International Transfers
Your data is stored in UK data centers (Google Cloud europe-west2 London). If we ever transfer data outside the UK, we will use Standard Contractual Clauses (SCCs) approved by the ICO.
11. Changes to This Policy
We may update this policy to reflect legal or service changes. Material changes will be notified via email 30 days in advance. Continued use after changes constitutes acceptance.
12. Contact & Complaints
Data Controller: TenderIQ Ltd, London, United Kingdom