Privacy Policy

Effective: May 10, 2026

1. Who We Are

TenderBridge ("we," "us," or "our") is a Canadian software-as-a-service company operating the TenderBridge platform at tenderbridge.ca. We provide government procurement intelligence services to Canadian businesses. You can reach our Privacy Officer at hello@tenderbridge.ca.

2. Information We Collect

2.1 Information You Provide Directly

When you create an account or update your profile, we collect:

• Identity information: your name and company name
• Contact information: your business email address
• Business profile: industries you operate in, Canadian provinces of interest, contract value ranges, keywords relevant to your business, and a brief company description
• Company size: approximate number of employees (used to improve matching)

2.2 Billing Information

Payment processing is handled entirely by Stripe, Inc. We never see, store, or process your credit card numbers or banking details. Stripe provides us with a customer identifier and subscription status only. Stripe's privacy practices are governed by Stripe's Privacy Policy.

2.3 Usage and Technical Information

We collect limited technical information to operate the service:

• IP address at login (for security logging)
• Email open and click events (to assess digest relevance and manage service)
• Browser session data via a secure, HTTP-only session cookie set when you access your dashboard

2.4 Information We Do Not Collect

We do not collect Social Insurance Numbers, government IDs, health information, financial account details, or any sensitive personal information. TenderBridge is a B2B service; we do not knowingly collect information from individuals under 18.

3. How We Use Your Information

We use your personal information only for the purposes for which it was collected:

• Service delivery: matching your business profile against new government tender opportunities published daily across 10+ Canadian procurement portals
• AI processing: your business profile (industries, provinces, keywords, description) is submitted to Anthropic's Claude API to generate relevance scores and tender summaries. See Section 5 for details on this third-party processing
• Email communications: delivering your daily digest email, weekly summary, account notifications (magic link login, subscription confirmations), and service updates. All emails comply with Canada's Anti-Spam Legislation (CASL)
• Billing and account management: processing subscription payments, handling cancellations, and maintaining your subscription status via Stripe
• Service improvement: aggregate, de-identified usage data to improve matching accuracy and expand source coverage
• Legal compliance: retaining records as required by applicable law

We do not use your personal information for advertising, profiling for non-service purposes, or sale to third parties.

4. Legal Basis for Processing

Under PIPEDA, we rely on your knowledge and consent as the basis for collecting and using your personal information. You provide consent when you create an account and accept these terms. You may withdraw consent at any time by cancelling your subscription and requesting deletion of your data (see Section 9).

We may also process your information without consent where required or permitted by law (e.g., responding to a valid legal demand).

5. Third-Party Service Providers

We share personal information with the following trusted third parties solely to operate the TenderBridge service. Each is bound by appropriate data processing agreements:

• Anthropic, PBC (Claude AI API) — United States
  We transmit your business profile (industries, provinces, keywords, company description — not your name or email) alongside tender content to Anthropic's API to generate relevance scores and summaries. Anthropic's enterprise API does not use submitted data to train models. Anthropic Privacy Policy →
• Resend, Inc. (email delivery) — United States
  We use Resend to deliver digest emails and account notifications. Resend receives your name, email address, and email content. Resend Privacy Policy →
• Stripe, Inc. (payment processing) — United States
  Stripe processes all subscription payments. We share your email address with Stripe; Stripe independently collects payment card data. Stripe Privacy Policy →
• Hetzner Online GmbH (server hosting) — Germany
  Your subscriber profile and matched tender data are stored on servers located in Germany operated by Hetzner. Hetzner is subject to EU GDPR, which provides a high standard of data protection. Hetzner Privacy Policy →

We do not sell, rent, or trade your personal information to any third party for their own marketing or commercial purposes.

6. International Data Transfers

Your personal information may be transferred to and processed in the United States (Anthropic, Resend, Stripe) and Germany (Hetzner). These countries may have different privacy laws than Canada. Where we transfer data internationally, we take steps to ensure adequate protection is in place, including relying on service providers who maintain appropriate security certifications and contractual protections.

7. Cookies and Tracking

We use a minimal number of cookies:

• Session cookie (essential): A signed, HTTP-only, secure cookie set after you authenticate via magic link. This cookie is required to access your dashboard and expires after 30 days of inactivity. It cannot be disabled while using the authenticated dashboard.
• Email tracking pixels: Our digest emails may contain a small invisible image that tells us whether an email was opened. This helps us assess digest relevance and identify accounts that may need re-engagement. You can disable this by blocking images in your email client.

We do not use advertising cookies, third-party tracking pixels on our website, or participate in cross-site tracking networks. Our landing page uses Google Analytics (via Google Tag Manager) in aggregate, anonymized form to understand traffic sources.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the service. Specifically:

• Active subscribers: data retained for the duration of the subscription
• Cancelled or expired accounts: subscriber profile data is retained for 12 months after cancellation to allow reactivation, then deleted or de-identified
• Email logs: records of emails sent are retained for 24 months for compliance and troubleshooting purposes
• Billing records: Stripe-related transaction records are retained for 7 years as required by Canadian tax law

9. Your Rights Under PIPEDA

You have the right to:

• Access: request a copy of the personal information we hold about you
• Correction: request that inaccurate or incomplete information be corrected (you can update most profile data directly in your dashboard)
• Withdrawal of consent: withdraw consent to our processing of your personal information. Note that withdrawal may prevent us from providing the service
• Deletion: request deletion of your personal information. We will action deletion requests within 30 days, subject to retention obligations described above
• Complaint: lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

To exercise any of these rights, contact our Privacy Officer at hello@tenderbridge.ca. We will respond within 30 days.

10. Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, or disclosure, including:

• TLS encryption for all data in transit
• HTTP-only, secure, SameSite session cookies
• HMAC-signed magic link tokens with 30-minute expiry
• Server-side access controls and logging on our Hetzner infrastructure
• No storage of payment card data (fully delegated to Stripe)

No method of electronic storage or transmission is 100% secure. If you become aware of any security vulnerability or incident, please contact us immediately at hello@tenderbridge.ca.

11. CASL Compliance

All commercial electronic messages we send comply with Canada's Anti-Spam Legislation (CASL). By creating a TenderBridge account, you provide express consent to receive:

• Daily government tender digest emails (the core service)
• Weekly summary emails
• Account and billing notifications
• Occasional product updates related to TenderBridge

You may withdraw consent to commercial messages at any time by clicking "Unsubscribe" in any email or contacting us at hello@tenderbridge.ca. Note that transactional messages (billing receipts, magic link emails) cannot be unsubscribed from while your account is active, as they are necessary to operate the service.

12. Children's Privacy

TenderBridge is a business-to-business service intended for use by legal business entities and their authorized representatives. We do not knowingly collect personal information from individuals under the age of 18. If you believe a minor has submitted personal information to us, contact us at hello@tenderbridge.ca and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will notify active subscribers by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of the service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries, requests, or complaints, contact our Privacy Officer:

TenderBridge Privacy Officer
Email: hello@tenderbridge.ca
Website: tenderbridge.ca

We aim to respond to all privacy inquiries within 30 days.