Last updated: 15 April 2026

Privacy Policy

This Privacy Policy explains how Tendios S.L. ("Tendios", "we", "us") collects, uses, discloses and safeguards personal data when you visit public.tendios.com or use any Tendios product. We are committed to handling personal data in accordance with the EU General Data Protection Regulation (GDPR) and Spanish data protection law (LOPDGDD).

1. Data controller

Tendios S.L., registered in Spain, is the data controller for personal data processed through this website and the Tendios products. You can reach our data protection contact at privacy@tendios.com.

2. What data we collect

  • Account data: name, work email, company, role, and the credentials you set up.
  • Usage data: pages visited, search queries, saved tenders, alerts, and interactions with AI features.
  • Technical data: IP address (truncated for analytics), browser, device type, referrer.
  • Communications: support conversations, sales contact forms, newsletter opt-ins.

3. How we use it

We process personal data for the following purposes:

  • Providing the Tendios service and personalising tender recommendations (legal basis: contract).
  • Measuring product usage and improving features (legitimate interest).
  • Sending service emails, product updates and — with your consent — marketing communications (consent).
  • Complying with legal obligations (tax, accounting, lawful requests).

We never train our AI models on your private content, nor do we sell personal data to third parties.

4. Cookies and tracking

We use strictly necessary cookies for authentication and consent-based cookies for analytics (Amplitude) and marketing (Google Tag Manager). You can review and change your choices at any time through the cookie settings link in the footer. See our Cookie Policy for details.

5. Where data is stored

Personal data is stored on infrastructure located within the European Union (primarily Frankfurt, DE). Data is encrypted in transit (TLS 1.2+) and at rest. We strictly isolate each customer tenant.

6. Retention

Account data is retained for the lifetime of your account and up to 36 months after cancellation for legal/accounting purposes. Support logs are retained for 24 months. Marketing consent records are retained as long as you remain subscribed plus 5 years.

7. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction or erasure.
  • Restrict or object to processing based on legitimate interest.
  • Data portability (receive your data in a structured, machine-readable format).
  • Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
  • Lodge a complaint with the Spanish Data Protection Authority (AEPD) or your local supervisory authority.

To exercise any of these rights, email privacy@tendios.com. We respond within 30 days.

8. Sub-processors

Tendios uses a limited set of vetted sub-processors (cloud hosting, email delivery, payment processing, AI inference). All sub-processors sign GDPR-compliant Data Processing Agreements and are either based in the EU or rely on EU-approved transfer mechanisms (Standard Contractual Clauses + EU-US Data Privacy Framework where applicable). The current list is available on request.

9. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified via email to registered users at least 15 days in advance.

10. Contact

Privacy questions: privacy@tendios.com. General contact: hello@tendios.com.