Cotender logo

Privacy

Last updated: May 2025

This privacy policy ("Policy") applies to CoTender and its affiliates (collectively, "CoTender", "we", "our", or "us"). It explains how we collect, use, store, disclose, and protect personal data when you interact with our end-to-end tender management platform, website, and related services (collectively, the "Services").

We may update this Policy from time to time. When required by law, we will provide notice through the Services, by email, or by other reasonable means.

1. Scope and User Types

Your privacy relationship with CoTender depends on how you engage with us:

  • Visitor: A person browsing our public website.
  • Customer: A business entity subscribing to or contracting for our Services.
  • User: An employee, agent, or representative of a Customer using the Services.

2. Information We Collect and Why

Visitors

  • Approximate location, browser/device metadata, and usage analytics.
  • Cookies and similar technologies.
  • Contact information submitted through forms (for example, name and email).

We use this information to operate and improve the website, maintain security, understand engagement, and communicate with you where you have requested contact or provided consent.

Customers

  • Business and account details, including administrator name, business email, and billing information.
  • Payment and transaction metadata required to process subscriptions and invoices.

We use this information to onboard accounts, provide Services, process payments, prevent fraud, and meet legal and accounting obligations.

Users

  • Profile and authentication identifiers (such as name, work email, and role).
  • Platform usage data, feature interactions, activity logs, and diagnostics.
  • Device, browser, and app metadata used for reliability and support.

We use this information to deliver core product functionality, support customer workflows, troubleshoot issues, and maintain service performance and security.

3. AI Data Processing and Governance

CoTender uses AI-assisted tooling to support tender analysis, document extraction, clause classification, and recommendation workflows. AI outputs are intended to support human decision-making and are not autonomous or legally binding decisions.

Zero Data Retention Principles

  • Deleted data is removed from active systems in accordance with our deletion workflows.
  • On contract termination, customer data is deleted within the contractual retention window (typically up to 30 days unless otherwise agreed or required by law).
  • Customers are responsible for exporting required records before account closure timelines expire.

AI Use Boundaries

  • We do not use customer confidential data to train third-party or public models without explicit contractual permission.
  • Data is processed only for the purposes described in this Policy and relevant service agreements.
  • We apply human-in-the-loop checks for material AI-generated outputs.

4. Lawful Bases for Processing

Depending on your location and applicable laws, we process personal data under one or more of the following bases:

  • Performance of a contract.
  • Legitimate interests (for example, security and analytics).
  • Consent (for example, non-essential cookies or marketing).
  • Compliance with legal obligations.

5. Cookies and Tracking Technologies

We use cookies and similar technologies to remember preferences, secure sessions, measure traffic, and improve usability. Where required by law, we request your consent for non-essential cookies. You can manage cookie preferences through your browser or consent settings.

6. Data Sharing and Disclosures

We may share information with:

  • Trusted infrastructure, hosting, analytics, communication, and payment providers operating under contractual confidentiality and security obligations.
  • Professional advisors and auditors under duties of confidentiality.
  • Law enforcement, regulators, or courts where required by law or to protect rights, safety, and platform integrity.

We do not sell personal data in exchange for monetary consideration.

7. International Data Transfers

Where cross-border transfers occur, we use recognized safeguards appropriate to the applicable jurisdiction, such as contractual data protection clauses and equivalent protective measures.

8. Data Retention

We retain personal data for as long as needed to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, and maintain security records. Retention periods vary by data category and legal requirements.

9. Security

We implement administrative, technical, and physical safeguards designed to protect personal data, including encryption in transit and at rest, access controls, monitoring, and incident response procedures. No system can be guaranteed fully secure, but we continuously improve our controls in line with industry standards.

10. Your Rights and Choices

Subject to applicable law, you may have rights to access, correct, delete, restrict, object to processing, port your data, and withdraw consent where consent is the basis of processing. You may also have rights related to automated decision-making.

To exercise your rights, contact us using the details in Section 12. We may request verification of identity before fulfilling a request.

11. Children's Privacy

Our Services are intended for business users and are not directed to children. We do not knowingly collect personal data from children in violation of applicable law.

12. Contact Us

If you have privacy questions, concerns, or requests, contact our Privacy Team/Data Protection Officer at:

  • Email: privacy@cotender.work

If you do not agree with this Policy, please discontinue use of the Services.