Legal

Privacy Policy

Last updated: 26 April 2026 · Effective immediately

This is a placeholder we're publishing in good faith ahead of a full review by our data protection adviser. If anything here matters to your decision to use Tenderforge, email us at hello@tenderforge.app and we'll give you a straight answer.

Who we are

Tenderforge is operated from the United Kingdom. We act as the data controller for account information (name, email, organisation), and as a data processor for the content you upload — your bid documents, knowledge-base entries, and tender responses.

What we collect

  • Account data: name, work email, organisation name, role, and authentication credentials.
  • Content you upload: tender packs (PDF, DOCX, XLSX, etc.), case studies, team profiles, accreditations, policies — everything you put into your knowledge base.
  • Generated content: tender responses, AI drafts, evaluator reviews, compliance matrices, chat history with Forge.
  • Operational data: sign-in timestamps, last activity, security audit events.
  • Billing data (when applicable): we use Stripe to process payments and don't store card details ourselves; Stripe's privacy policy applies to that processing.

What we do with it

  • Run the product you signed up for — drafting, reviewing, discovering tenders, collaborating with your team.
  • Send you Forge-generated emails (bid digests, account notifications) when you've opted in.
  • Improve Tenderforge itself — typically via aggregated, anonymised metrics, not by reading your bid content.

We do not sell your data, and we do not train third-party AI models on your tender content. Forge is built on the Anthropic Claude API; your content is sent to Claude only to generate a response and is not retained by Anthropic for model training (per their commercial terms).

How long we keep it

  • Account & content: for as long as your account is active. Deleted within 30 days of account closure unless we have a legal obligation to retain it.
  • Backups: rotated within 90 days.
  • Audit logs: retained for up to 12 months.

Your rights

Under UK GDPR you can request a copy of your data, correct it, restrict our processing, object to processing, or have it deleted. Email privacy@tenderforge.app and we'll respond within 30 days. If we don't, you can complain to the Information Commissioner's Office (ICO).

Cookies

We use one essential session cookie to keep you signed in. We don't run advertising or cross-site tracking cookies. When we add product analytics we'll show a proper consent dialog before any non-essential cookies are set.

Where it's hosted

Application data is hosted in UK Azure regions. AI requests transit Anthropic's US-region API endpoints under their commercial data-processing terms.

Changes to this policy

We'll update the "Last updated" date when material changes happen and notify you by email if anything affects how we handle your existing data.

Questions: privacy@tenderforge.app

Reconnecting…
Connection lost.
Session expired.