Legal
Privacy Policy
How TenderWatch collects, uses, and protects your information.
1. Introduction
TenderWatch ("we", "our", or "us") operates tenderwatch.world (the "Site"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Site and use our services.
By using TenderWatch, you agree to the collection and use of information in accordance with this policy.
2. Information We Collect
2.1 Information You Provide
- Email address, for creating your account, passwordless sign-in links, and delivering your tender digests
- Watch preferences, the sectors and keywords you choose so we can match tenders to you
- Newsletter subscription, your email address if you subscribe to our newsletter
- Waitlist entries, your email address if you join a plan waitlist
2.2 Automatically Collected Information
- Usage data, IP address, browser type, pages visited, and similar diagnostic data recorded in our server logs
- Cookies, strictly necessary cookies for session management and security (see Section 7)
2.3 Payment Information
Payment processing for paid plans is handled by Stripe. We never see or store your card details; we store only a reference to your Stripe customer record and your subscription status. Stripe's use of your personal information is governed by their Privacy Policy.
2.4 Tender Data
The tender notices we index are published public procurement information about contracting authorities and opportunities. They are not personal data about you and are sourced from official public feeds.
3. How We Use Your Information
We use the information we collect to:
- Match published tenders to your chosen sectors and keywords and email you the results
- Send you sign-in link emails for passwordless authentication
- Process subscription payments for paid plans
- Send you the newsletter, if you have subscribed
- Respond to your inquiries and provide support
- Monitor and analyse usage patterns to improve our services
- Detect, prevent, and address technical issues or fraudulent activity
- Comply with legal obligations
4. Data Storage and Location
Your data is stored on secure servers located in Germany (EU). We use industry-standard security measures to protect your information, including:
- Encrypted connections (HTTPS/TLS) for all traffic
- Secure database storage with access controls
- Regular security updates and monitoring
International data transfers. If you access our services from the United Kingdom, your information is stored and processed in the European Union under the UK's adequacy arrangements for the EU. If you access our services from elsewhere, your information will be transferred to, stored, and processed in the EU.
5. Data Sharing and Disclosure
We do not sell your personal information. We share it only with the service providers we rely on to operate the Site:
- Stripe, payment processing (see their Privacy Policy)
- Postmark, email delivery for sign-in links, digests, and the newsletter (see their Privacy Policy)
- Cloudflare, DNS and security services (see their Privacy Policy)
- Hetzner, server hosting in Germany (see their Privacy Policy)
Our databases are self-hosted on our own server; no third-party database provider has access to your data.
Legal requirements. We may disclose your information if required to do so by law or in response to valid requests by public authorities.
6. Your Rights (UK GDPR & GDPR)
If you are located in the United Kingdom or the European Economic Area, you have the following rights:
- Right to access, request a copy of your personal data
- Right to rectification, update or correct your information
- Right to erasure, request deletion of your account and data
- Right to restrict processing, request limitation of data processing
- Right to data portability, receive your data in a portable format
- Right to object, object to processing of your personal data
- Right to withdraw consent, withdraw consent at any time
To exercise these rights, email [email protected].
7. Cookies
We use strictly necessary cookies to provide our services. These cookies are essential for the Site to function and cannot be disabled:
- Session cookie (_tender_watch_session), maintains your signed-in session
- CSRF token, protects against cross-site request forgery attacks
We do not use tracking, analytics, or advertising cookies. No cookie consent banner is required because these cookies are strictly necessary for the Site's operation.
8. Data Retention
We retain your personal information for as long as:
- Your account or subscription is active
- Needed to provide you with our services
- Required to comply with legal obligations (such as payment records)
Unsubscribing from your watch or the newsletter stops those emails immediately. To delete your account and personal data entirely, email [email protected] and we will delete it within 30 days, except where we are required by law to retain certain records.
9. Children's Privacy
Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of our services after changes constitutes acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact:
Email, [email protected]
Data controller, TenderWatch
12. Supervisory Authority
If you are located in the UK or EEA and believe we haven't addressed your concerns, you have the right to lodge a complaint with your local data protection authority. In the UK, this is the Information Commissioner's Office (ICO).