Privacy Policy

a) Account information. When you register, we collect your email address and the password you create (stored as a hashed credential via Firebase Authentication). You may also sign in with a Google account, in which case we receive your name and email from Google.

b) Company profile. To personalise tender matching we ask for: company name, registered state, industry sectors, annual turnover range, years of tender experience, employee count, and whether you hold MSME or DPIIT startup recognition. Providing this information is voluntary, but the matching and scoring features will not work without it.

c) Usage data. We automatically log standard server-side information: IP address, browser type and version, pages visited, referral URL, and timestamps. This data is used in aggregate to understand how the Platform is used.

d) Saved tenders. When you bookmark a tender, we store the tender identifier linked to your account.

e) Communications. If you contact us by email we retain that correspondence to respond to you.

• To create and maintain your account.
• To match and rank government tenders against your company profile using AI-powered vector similarity.
• To compute a Win Probability Score for each matched tender.
• To draft bid document templates using your company profile data and the tender's requirements.
• To send daily email digests of your top-matched tenders (you can unsubscribe at any time).
• To send transactional emails such as sign-in verification and deadline reminders.
• To improve our scraping pipeline, AI enrichment quality, and matching accuracy.
• To detect and prevent fraud, abuse, or security incidents.
• To comply with legal obligations.

We process your data on the following legal bases: (i) performance of a contract (your use of the Platform), (ii) your consent (email marketing), and (iii) our legitimate interests (platform security and improvement).

We do not sell your personal data. We share it only in the following circumstances:

• Google Firebase — authentication and profile storage. Firebase processes data under Google's privacy policy and our data processing terms.
• Google Cloud / Gemini AI — AI enrichment of tender data and generation of bid drafts. Tender data and your company profile may be sent to Google's Gemini API to generate AI outputs. No data is used to train Google's foundation models under our enterprise agreement.
• Cloud hosting providers — servers that host the Platform. These providers process data only on our instructions.
• Law enforcement or regulators — if required to do so by applicable law, court order, or lawful government request.
• Business transfer — if Tenderspot is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We use minimal cookies required to operate the Platform:

• Authentication session cookies set by Firebase to keep you signed in.
• Preference cookies to remember your filter and layout settings.

We do not use advertising cookies or third-party tracking pixels. You can disable cookies in your browser settings, but doing so will prevent you from signing in.

We implement industry-standard security measures including TLS encryption in transit, hashed password storage, access controls, and server-side rate limiting. We conduct periodic reviews of our security practices.

No method of transmission or storage is 100% secure. In the event of a personal data breach that is likely to result in a risk to you, we will notify you as required under the DPDP Act.

We retain your account data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required by law to retain it for a longer period (for example, financial or audit records).

Server access logs are retained for 90 days for security purposes.

Under the DPDP Act and applicable Indian law you have the right to:

• Access — obtain a summary of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data (subject to legal retention obligations).
• Withdrawal of consent — opt out of marketing emails at any time using the unsubscribe link in any email, or by contacting us.
• Grievance redressal — raise a complaint with our Grievance Officer (contact details below).

To exercise any right, email us at support@tenderspot.in with the subject line "Privacy Request". We will respond within 30 days.

The Platform is intended for use by businesses and is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.

We may update this Privacy Policy from time to time. Material changes will be communicated by email to registered users or by a prominent notice on the Platform at least 7 days before the change takes effect. Continued use of the Platform after the effective date constitutes acceptance of the revised policy.

For privacy questions or to exercise your rights, contact our Grievance Officer: