Privacy Policy

This policy explains what personal data TenderPath collects, why, and how it is handled.

Last updated: April 2025

TenderPath is operated by Tenderpath Limited, 49 Street 105 Hadayek El Maadi, Maadi, Cairo, Egypt 10543. For questions about this policy, contact us at info@tenderpath.me.

1. What data we collect

We collect only the data needed to provide the service:

Account data: email address and, optionally, your name — collected at signup and login.
Assessment data: company name, company website URL, business description, sector selections, and operating countries — entered during the free assessment wizard.
Assessment results: AI-generated company profile, readiness scores, matched tenders, and capability extractions — stored against your account.
Tender feedback: your saved, not-relevant, in-progress, or applied status on individual tenders.
Vault documents: files you upload to the document vault (PDFs, Word documents, spreadsheets, images — up to 10 MB per file).
Billing data: subscription and payment records. Card details are handled entirely by Stripe and are never stored on TenderPath servers. For manual payment methods (USDT, Whish, OMT, bank wire), transaction references and confirmation details may be stored by TenderPath staff.
Authentication tokens: short-lived magic-link tokens (expire after 30 minutes) and a session token stored in an httpOnly cookie (tp_session).
Server logs: standard web server logs including IP addresses and request metadata, retained for operational and security purposes.

We do not collect payment card numbers, government ID, or any special-category personal data.

2. How we use your data

Delivering the assessment, matched tender feed, and readiness analysis.
Sending transactional emails (magic-link sign-in, assessment reports, weekly tender digests).
Processing payments and managing subscriptions.
Storing your vault documents for retrieval during your active account period.
Improving crawler coverage and matching quality in aggregate (non-identifiable).
Responding to your support requests.

We do not sell your personal data or use it for advertising.

3. Third-party services that process your data

We use the following sub-processors. Each operates under its own privacy policy:

Service	Purpose
Vercel	Application hosting and serverless infrastructure
Vercel Blob Storage	Storage of user-uploaded vault documents
Neon / Vercel Postgres	Primary database (user accounts, assessments, tenders)
Resend	Transactional email delivery (magic links, reports, digests)
Stripe	Card payment processing and subscription management
Cloudflare	Browser rendering for company website crawling (assessment stage)
Google Fonts	Web font delivery (Inter, Playfair Display)

Manual payment methods (USDT, Whish Money, OMT, bank wire transfer) are coordinated directly by TenderPath staff; transaction references are stored within our primary database.

4. Data retention

We retain your data for the following periods:

Account data (email, name): retained while your account is active and deleted within 90 days of account closure.
Assessment data (company profile, readiness scores, matched tenders): retained for 12 months from your last login or last meaningful platform activity, or earlier on request.
Vault documents: available for 30 days after account closure for export or recovery, then permanently deleted.
Billing records: retained for 7 years as required by applicable financial regulations.
Server and access logs: retained for 90 days in searchable form; security-relevant logs may be retained for up to 12 months for incident investigation purposes.
Magic-link tokens: expire 30 minutes after issue.

You may request earlier deletion of your data at any time by emailing info@tenderpath.me, subject to any legal retention obligations.

5. Your rights

TenderPath is operated in Egypt and processes data in accordance with the Egyptian Personal Data Protection Law (Law No. 151 of 2020). Under that law and other applicable regulations, you may have the right to:

Access a copy of the personal data we hold about you.
Correct inaccurate or incomplete data.
Request deletion of your data (subject to legal retention obligations).
Object to certain types of processing.
Request a copy of your data in a portable format.

To exercise any of these rights, email info@tenderpath.me. We will respond within 30 days.

6. Cookies

We use a single strictly-necessary authentication cookie (tp_session) to keep you signed in. No marketing or analytics cookies are set. See our Cookie Policy for details.

7. Security

Authentication tokens are short-lived. The session cookie is httpOnly and scoped to TenderPath's domain. Vault documents are stored in access-controlled cloud storage. We do not store payment card data.

8. Children

TenderPath is intended for business use by adults. We do not knowingly collect data from anyone under 18.

9. Changes to this policy

We may update this policy as the product evolves. If changes are material, we will notify registered users by email before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions or data requests: info@tenderpath.me
Tenderpath Limited, 49 Street 105 Hadayek El Maadi, Maadi, Cairo, Egypt 10543