Privacy Policy

We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal data in compliance with GDPR and other applicable privacy laws.

Last updated: January 31, 2025
Privacy at a Glance

What We Collect

Account info, documents you upload, usage data, and AI analysis results

How We Use It

AI document analysis, service improvement, and legal compliance

Your Rights

Access, export, correct, or delete your data at any time

Data Retention

Business documents: 7 years, Usage data: 2 years, You control deletion

1. Information We Collect

Account Information

  • • Email address (for authentication and communication)
  • • Profile information you provide
  • • Account preferences and settings

Document Data

  • • Files you upload for analysis
  • • Document metadata (filename, size, upload date)
  • • AI analysis results and extracted insights

Usage Information

  • • How you interact with our service
  • • Feature usage patterns (anonymized)
  • • Error logs and performance data

Technical Data

  • • IP address and browser information
  • • Device identifiers and operating system
  • • Cookies and similar tracking technologies
2. How We Use Your Information

Essential Services

  • • Process and analyze your documents
  • • Provide AI-powered insights
  • • Maintain your account and preferences
  • • Ensure service security and stability

Improvements & Communication

  • • Improve our AI models and features
  • • Send important service updates
  • • Provide customer support
  • • Comply with legal obligations

Legal Basis for Processing (GDPR)

Consent: Document processing, marketing communications

Contract: Account management, service delivery

Legitimate Interest: Service improvement, security

Legal Obligation: Data retention, compliance reporting

3. Data Sharing and Third Parties

AI Processing Partners

We use trusted AI service providers to analyze your documents:

  • Anthropic: AI document analysis and processing
  • • Data is processed securely and not used to train AI models
  • • Processing agreements ensure GDPR compliance

Infrastructure Partners

  • Supabase: Database and authentication services
  • Upstash: Redis caching and queue management
  • • All partners maintain SOC 2 compliance and data protection standards

We Never:

  • • Sell your personal data to third parties
  • • Share your documents with unauthorized parties
  • • Use your data for advertising or marketing to others
4. Your Privacy Rights

Under GDPR and other privacy laws, you have the following rights:

Access & Portability

Download all your personal data in JSON or CSV format

Correction

Update incorrect or incomplete personal information

Deletion

Request permanent deletion of your account and data

Consent Management

Withdraw or modify your consent for data processing

Restriction

Limit how we process your personal information

Objection

Object to processing based on legitimate interests

How to Exercise Your Rights

You can exercise most rights directly through your account settings. For other requests, contact us at privacy@tenderx.com. We will respond within 30 days as required by law.

5. Data Security & Retention

Security Measures

  • • End-to-end encryption for data transmission
  • • Encrypted storage of all personal data
  • • Regular security audits and penetration testing
  • • Access controls and authentication requirements
  • • Employee training on data protection

Data Retention Periods

Business Documents: 7 years (legal requirement)

AI Analysis Results: 7 years (linked to documents)

Account Information: Until account deletion

Usage Analytics: 2 years maximum

Marketing Data: 3 years or until consent withdrawn

Support Records: 2 years after resolution

Automatic Deletion

We automatically delete data when retention periods expire. You'll receive notifications before any scheduled deletions and can request earlier deletion at any time.

6. International Data Transfers

Your data may be processed in countries outside your region. We ensure adequate protection through:

  • • EU-US Data Privacy Framework compliance
  • • Standard Contractual Clauses (SCCs) with all processors
  • • Adequacy decisions from relevant data protection authorities
  • • Regular assessments of data protection levels
7. Contact & Complaints

Data Protection Officer

Email: dpo@tenderx.com
Response time: Within 72 hours
Languages: English, German, French

Supervisory Authority

If unsatisfied with our response, you can lodge a complaint with your local data protection authority or the Irish Data Protection Commission (our lead supervisory authority in the EU).

8. Policy Updates

We may update this privacy policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes via email or prominent notice in our service. Continued use after changes constitutes acceptance of the updated policy.

Version History

This policy was last updated on January 31, 2025. Previous versions are available upon request.