TendorAITendorAI

Privacy Policy

Last updated: February 2026

1. Introduction

TendorAI ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our website at tendorai.com and our services.

TendorAI is a trading name registered in England and Wales. We operate as an AI visibility platform helping UK businesses get recommended by AI search engines and assistants.

By using our services, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

Quote Request Information

When you submit a quote request, we collect:

  • Company name and business address
  • Contact name and job title
  • Email address and telephone number
  • Postcode (for supplier matching)
  • Equipment requirements (volume, features, timeline)
  • Current provider details (if provided)

Vendor Account Information

If you register as a supplier, we collect:

  • Business name, registration number, and VAT number
  • Business address and service coverage areas
  • Contact details for your account
  • Product and pricing information you upload
  • Payment details for subscription services (processed securely by Stripe)

Analytics Data

We automatically collect:

  • Page views and navigation patterns
  • Search queries and filter selections
  • AI assistant referrals and mentions
  • Device type, browser, and operating system
  • IP address (anonymised for analytics)

3. Why We Collect Your Data

We use your data to:

  • Match your business with relevant local suppliers
  • Forward your quote requests to selected vendors
  • Provide pricing estimates and savings calculations
  • Improve our AI matching algorithms
  • Send service-related communications
  • Process vendor subscriptions and payments
  • Prevent fraud and ensure platform security
  • Comply with legal obligations

4. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Legitimate Interest: As a B2B service, we have a legitimate interest in processing business contact information to facilitate supplier matching and provide our services.
  • Contractual Necessity: Processing is necessary to fulfil our service agreement with vendor subscribers.
  • Consent: For optional cookies and marketing communications, we rely on your consent.
  • Legal Obligation: We may process data to comply with legal requirements.

5. Who We Share Data With

Suppliers: When you submit a quote request, your contact details and requirements are shared with the suppliers you select (or our AI matches for you). This is the core function of our service.

Service Providers: We use trusted third-party services:

  • MongoDB Atlas (database hosting)
  • Render.com (application hosting)
  • Vercel (website hosting)
  • Stripe (payment processing)
  • Google Analytics (anonymised usage analytics)

We do not sell your data to third parties for marketing purposes.

6. Data Storage and Security

Your data is stored securely on MongoDB Atlas servers located in the EU/UK region. Our backend services are hosted on Render.com with industry-standard security measures including:

  • Encryption in transit (HTTPS/TLS)
  • Encryption at rest for sensitive data
  • Regular security updates and monitoring
  • Access controls and authentication

7. Cookies

We use the following types of cookies:

  • Essential Cookies: Required for the website to function (session management, authentication).
  • Analytics Cookies: Google Analytics cookies to understand how visitors use our site. These are anonymised and do not identify you personally.

You can control cookies through your browser settings. Disabling essential cookies may affect site functionality.

8. Data Retention

  • Quote Requests: Retained for 24 months to allow follow-up and service improvement, then automatically deleted.
  • Vendor Accounts: Retained while your account is active. Upon account closure, data is deleted within 30 days except where required for legal purposes.
  • Analytics Data: Aggregated analytics retained indefinitely; individual session data retained for 14 months.

9. Your Rights Under GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Request your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Restriction: Request limited processing in certain circumstances

To exercise any of these rights, please contact us at scott.davies@tendorai.com. We will respond within 30 days.

10. Regulatory Information

TendorAI is registered with the Information Commissioner's Office (ICO) as a data controller.

If you have concerns about how we handle your data that we cannot resolve, you have the right to lodge a complaint with the ICO at ico.org.uk.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting a notice on our website. Your continued use of our services after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: scott.davies@tendorai.com

Have questions about your data?

Contact Us