Legal

Privacy Policy

Effective:
14 May 2026
Last updated:
14 May 2026

Tenderpreneurs (Pty) Ltd ("Tenderpreneurs", "we", "us", "our") respects your privacy. This policy explains what personal information we process, why we process it, how long we keep it, and what rights you have. It is written to comply with the Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA") and the regulations issued under it.

1. Who is the responsible party?

Tenderpreneurs (Pty) Ltd is the responsible party for the personal information described in this policy.

2. What personal information we collect

We collect only what we need. Specifically:

  • Account information — name, email address, password hash, organisation name, role.
  • Billing information — billing address and the last 4 digits and brand of your card. Full card details are handled by our payment processor (PayFast) and never reach our servers.
  • Tender preferences — provinces, sectors, CIDB grading, keyword filters you save.
  • Usage data — pages viewed, features used, IP address (truncated for analytics), browser and device type, referrer.
  • Communications — emails, support tickets, and any message you send us.

We do not knowingly collect special personal information (race, health, religion, biometrics, etc.) or the personal information of children. If you believe you have provided such information by accident, contact the Information Officer and we will delete it.

3. Why we process it (purpose and lawful basis)

POPIA requires us to identify a lawful basis for every processing activity. Ours are:

PurposeLawful basis (POPIA s.11)
Providing your account and the Tenderpreneurs servicePerformance of a contract — s.11(1)(b)
Processing payment and issuing tax invoicesCompliance with a legal obligation — s.11(1)(c)
Sending service notifications (security alerts, billing receipts)Legitimate interest — s.11(1)(f)
Marketing emails and analytics beyond core functionalityYour consent — s.11(1)(a). You can withdraw at any time.
Detecting fraud and abuseLegitimate interest — s.11(1)(f)

4. Cookies and tracking

We use a small number of strictly necessary cookies and, with your consent, analytics and marketing cookies. The full breakdown is in our Cookies Policy. You may change your choice at any time using the Cookie settings link in the site footer.

5. Who we share it with

We do not sell personal information. We share it only with operators (data processors) acting on our written instructions:

  • Cloudflare, Inc. — hosting, CDN, DDoS protection.
  • PayFast (Pty) Ltd — payment processing (South African).
  • Resend, Inc. — transactional email delivery.
  • Plausible Analytics (or equivalent privacy-preserving analytics) — aggregate usage analytics, only if you consent.

We will also disclose personal information if compelled to do so by a court order, subpoena, or other lawful instrument.

6. Cross-border transfers

Some of our operators store data outside South Africa. Where this happens we rely on the conditions in POPIA s.72: the recipient is bound by a law, binding corporate rules, or contractual clauses that provide an adequate level of protection equivalent to POPIA, or you have consented to the transfer.

7. How long we keep it

  • Account data: for as long as your account is active, plus 12 months after closure (to handle disputes and reactivation requests).
  • Billing records: 5 years after the end of the tax year, as required by the Tax Administration Act.
  • Server logs: 90 days.
  • Marketing consent records: for as long as the consent is in force, plus 3 years after withdrawal (to prove we honoured the withdrawal).

8. Security safeguards

We apply the safeguards required by POPIA s.19, including TLS in transit, encryption at rest for sensitive fields, scoped database credentials, principle-of-least-privilege access for staff, and regular dependency and vulnerability scanning. No system is perfectly secure; if a security compromise occurs we will notify you and the Information Regulator as required by POPIA s.22.

9. Your rights as a data subject

Under POPIA Chapter 3 Part B you have the right to:

  • Be notified that we hold your personal information and what we do with it (this policy).
  • Request access to it and a copy of it (POPIA s.23).
  • Request correction or deletion of inaccurate, irrelevant, excessive, out-of-date, misleading, or unlawfully obtained information (POPIA s.24).
  • Object to processing, at any time, on reasonable grounds (POPIA s.11(3)).
  • Withdraw any consent you have given, at any time, without affecting the lawfulness of earlier processing.
  • Submit a complaint to the Information Regulator (details below).

To exercise any of these rights, email the Information Officer at privacy@tenderpreneurs.co.za. We respond within 30 days. For access requests we may ask you to use the prescribed PAIA Form 2.

10. Complaints to the Information Regulator

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa):

11. Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated by email or an in-product notice.

12. Contact us

Any questions about this policy or your personal information should go to privacy@tenderpreneurs.co.za.