TENDER//FIT

Legal · Last updated 13 July 2026

Privacy policy

This policy explains what data TenderFitcollects, why, and how it's handled. We're a POPIA-conscious South African business — the short version is that we collect what we need to run the Service, we don't sell it, and you can ask for it back or for it to be deleted at any time.

1. Information we collect

1.1 Account data

When you sign up we collect your email, name, and (via Clerk) your hashed password. Organization membership and role. We use this to authenticate you and to bill you.

1.2 Company profile data

Whatever you enter into your company profile — capabilities, credentials, region, industry. This is used solely to score tenders for you. It is not shared or sold.

1.3 Usage data

Basic analytics: pages visited, actions taken, IP address, browser user-agent. Used to keep the Service reliable and to catch abuse.

1.4 Billing data

Handled by Paystack. We store a subscription reference; we do not store card numbers or CVCs.

2. How we use it

  • Score tenders against your company profile.
  • Send account, security, and billing emails.
  • Send product emails and daily digests (opt-out any time).
  • Investigate abuse, fraud, or policy violations.
  • Comply with legal obligations.

3. Who we share it with

Only the processors we need to run the Service:

  • Clerk — authentication and identity.
  • Neon — Postgres database hosting.
  • Paystack — payment processing.
  • Voyage AI + Google Gemini — text embeddings and brief generation. Only tender content and company profile text is sent; no PII beyond the profile you supplied.
  • Resend — outbound transactional email.

We do not sell data to advertisers. We do not use tracking cookies for cross-site profiling.

4. Where it lives

Data is stored in Neon Postgres and (encrypted) backups. Servers are hosted regionally where feasible; some processors are US-based. Cross-border transfers happen under standard contractual clauses and POPIA section 72.

5. How long we keep it

Account and profile data: for the life of your account plus 90 days after deletion (grace window for account restoration). Billing records: 5 years, per SARS retention rules. Usage logs: 12 months.

6. Your rights under POPIA

You can, at any time:

  • Ask to see the data we hold about you.
  • Ask us to correct it.
  • Ask us to delete it (subject to legal retention).
  • Object to processing or withdraw consent.
  • Lodge a complaint with the Information Regulator (inforegulator.org.za).

Email hello@tenderfit.co.za to exercise any of these rights. We aim to respond within 14 days.

7. Cookies

We use first-party cookies for essential session state (Clerk auth, your theme preference). We do not use third-party advertising or cross-site tracking cookies.

8. Security

Transport is encrypted (TLS). Passwords are hashed by Clerk with bcrypt-family algorithms. Databases are encrypted at rest. Access to production data is limited to a small named team, audit-logged, and revoked on employment change.

9. Children

The Service is not directed at anyone under 18 and we do not knowingly collect data from children.

10. Changes

Material changes are announced by email or in-app banner at least 14 days before they take effect.

Contact

Information Officer: hello@tenderfit.co.za.