Privacy Policy | Data Protection & Privacy

Privacy Policy

Effective Date: April 1, 2026

1. Introduction

TENDERD is committed to protecting the privacy and security of personal data processed through our platform and services. This Privacy Policy explains how TENDERD collects, uses, shares, retains, and deletes personal data in connection with the provision of our fleet management and asset intelligence services to business customers (“Customers”).
This policy applies to personal data relating to representatives, employees, and authorized users of our Customers and other individuals whose data is processed when our services are used. By accessing or using TENDERD’s services, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Processor Roles

TENDERD operates in different capacities depending on the context in which personal data is processed:

2.1 TENDERD as Data Controller: TENDERD acts as a data controller in respect of personal data it collects directly and independently. For example, contact details of Customer representatives for account management, billing, and communications purposes. In this capacity, TENDERD determines the purposes and means of processing and is responsible for ensuring that processing is carried out in accordance with applicable data protection laws.

2.2 TENDERD as Data Processor: When TENDERD processes personal data on behalf of its Customers as part of delivering its platform services (for example, data generated by IoT devices or uploaded by Customer users), TENDERD acts as a data processor. In this capacity, TENDERD processes data strictly in accordance with the Customer’s documented instructions, as set out in the applicable Data Processing Agreement (DPA).
Customers who act as data controllers in respect of their end users’ or employees’ data are responsible for ensuring they have a lawful basis for sharing that data with TENDERD and for providing appropriate notices to the individuals concerned.

2.3 Data Processing Agreements: TENDERD enters into Data Processing Agreements with Customers where required under applicable law (including the EU General Data Protection Regulation (GDPR) and similar legislation). Customers may request a DPA by contacting info@tenderd.com.

3. Information We May Collect

TENDERD may collect and process the following categories of personal data:

  • Names, job titles, business email addresses, telephone numbers, and other contact details of Customer representatives and authorized platform users: Business Contact Information

  • Business billing details, bank account information, and transactional records necessary for invoicing and payment processing: Billing and Financial Information

  • Data generated by IoT sensors and third-party APIs relating to equipment operation, including location, performance metrics, fuel usage, and environmental data: Operational and IoT Data

  • Configuration data, custom workflows, preferences, and other content entered into the platform by Customer users: User-Generated Content

  • IP addresses, device identifiers, browser types, access logs, and usage analytics that help us understand how the platform is used and support security monitoring: Technical and Usage Data

  • We use essential and analytics cookies to manage user sessions, maintain platform security, and analyze platform performance and usage patterns. We do not use cookies for advertising or cross-site tracking: Cookies and Tracking Technologies

4. How We Use Personal Data

  • To provision, operate, and maintain our fleet management platform and associated services, including technical support: Service Delivery

  • To process invoices, manage billing relationships, and maintain financial records in accordance with legal obligations: Billing and Account Management

  • To improve platform features, diagnose technical issues, and conduct internal analytics and product research: Platform Improvement

  • To send service notifications, product updates, maintenance alerts, and, where applicable, commercial communications to authorized Customer contacts: Communications

  • To comply with applicable laws and regulations, respond to lawful requests from authorities, and protect our legal rights: Legal and Regulatory Compliance

  • To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other security incidents: Security and Fraud Prevention

5. Sharing Personal Data

  • Carefully selected third-party vendors who provide infrastructure, payment processing, data analytics, email delivery, and customer support services on our behalf, under binding confidentiality and data processing obligations: Service Providers and Sub-processors

  • Where required by applicable law or regulation, we may disclose personal data to regulatory bodies, courts, or law enforcement authorities: Legal and Regulatory Disclosures

  • In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant successor entity, subject to equivalent privacy protections: Business Transfers

TENDERD does not sell personal data to third parties. A current list of TENDERD’s sub-processors is available upon request by contacting info@tenderd.com.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, and contractual obligations. The following retention periods apply:

6.1 Account and Contact Data:Business contact details and account information are retained for the duration of the Customer relationship and for up to 3 years following contract termination, or as required by applicable law.

6.2 Billing and Financial Data: Invoices, payment records, and related financial data are retained for up to 7 years from the date of the transaction to comply with financial reporting and tax regulations.

6.3 Operational and IoT Data: Equipment telemetry, location data, and performance metrics generated through the platform are retained for up to 5 years from the date of collection, after which data is aggregated or anonymized for analytics purposes.

6.4 Technical and Usage Data: Access logs, IP addresses, and session data are retained for up to 12 months. Aggregated, anonymized usage analytics may be retained indefinitely.

6.5 User-Generated Content and Configuration Data: Platform configurations, settings, and Customer-uploaded content are retained for the duration of the active subscription and deleted within 90 days of contract termination, unless a longer period is required by law or agreed in the Customer’s contract.

6.6 Support and Communications Records: Records of support interactions and business correspondence are retained for up to 3 years.

6.7 Deletion and Anonymization: Upon expiry of the applicable retention period, personal data will be securely deleted or irreversibly anonymized. Where immediate deletion is not technically feasible (e.g., data held in encrypted backup systems), the data will be isolated from active processing until it can be permanently deleted.

7. Data Security

TENDERD implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or disclosure. These measures are reviewed and updated regularly in line with industry standards and applicable legal requirements.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, TENDERD will notify the relevant supervisory authority and affected Customers in accordance with applicable legal obligations.

8. Privacy Rights

Authorized users and individuals whose personal data is processed by TENDERD (in its capacity as data controller) may have the following rights under applicable data protection law:

  • The right to obtain confirmation of whether TENDERD holds personal data about you and to receive a copy of that data: Access

  • The right to request correction of inaccurate or incomplete personal data: Rectification

  • The right to request deletion of your personal data, subject to applicable legal and contractual retention requirements: Erasure

  • The right to request that processing of your personal data be restricted in certain circumstances: Restriction of Processing

  • The right to object to processing carried out on the basis of legitimate interests: Right to Object

  • The right to receive personal data in a structured, commonly used, and machine-readable format: Data Portability

Where TENDERD acts as a data processor on behalf of a Customer, requests relating to personal data processed under that Customer’s instruction should be directed to the relevant Customer (as data controller). TENDERD will assist Customers in responding to such requests as required under the applicable DPA.
To exercise your rights where TENDERD acts as data controller, please contact info@tenderd.com. We will respond within 30 days.

9. Children’s Privacy

TENDERD’s services are designed exclusively for use by businesses and their authorized adult representatives. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that such data has been collected, we will take prompt steps to delete it.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. We will notify Customers of material changes by posting the revised policy on our website and, where appropriate, by direct communication. Continued use of our services following notification of changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

  • Email: info@tenderd.com

  • Website: https://tenderd.com/contact-us/