Security

TenderRender maintains strict security and privacy-by-design principles. We store all data in the US, use end-to-end encryption (TLS 1.2+ / AES-256), and ensure customer data is never used for AI training. Our infrastructure runs entirely in the US via Google Cloud Platform and Supabase, with Row Level Security and data processing agreements (DPAs) with all subprocessors.

Following data protection principles, we implement least privilege access, multi-factor authentication, and continuous monitoring. Data retention is limited to 14 days after contract termination, and all subprocessors meet the same high security requirements. Your confidential proposal and company information remains completely private and secure.

Standards

GDPR

GDPR

Data Protection Compliant

Trusted by

Independent Minds
Independent Minds
Novon
Novon
Beter Bid
Beter Bid
K&A
K&A

Documentation

SECURITY

Security Policy

POLICIES

Privacy Policy

Controls

AI Model Architecture

We use state-of-the-art language models via APIs with strong isolation of customer data. Embeddings and retrieval support proposal analysis.

Customer data is not used for AI training
State-of-the-art foundation models (including Gemini/OpenAI) via API
Ability to switch LLM providers (vendor-neutral design)
US data processing (GCP Cloud Run, Supabase Postgres/Storage)

Model Usage

TenderRender supports teams with analysis and creation. The system does not make binding decisions about individuals or organizations.

Search within own tenant (Row Level Security on Supabase)
Generate personalized texts, summaries, and suggestions
Structure/describe input (requirements, criteria, deliverables) for collaboration
Derive insights from data without profiling or scoring individuals

Data Use — Training

What we do and don't use as training data (for ourselves or vendors)?

Public documentation & generic resources (without personal data) for product improvement
No use of customer data as training data for TenderRender models
Contractual: LLM vendors may not train/fine-tune via our API calls
Data categories we may process: account data, team/project, proposal documents, operational logs

Subprocessors

Google Cloud logo

Google Cloud

Cloud infrastructure hosting, AI services, and data processing

Supabase logo

Supabase

Database hosting and authentication services

PostHog logo

PostHog

Product analytics and user behavior tracking