Privacy Policy
Last updated: March 23, 2026
1. What We Collect
| Data | Source | Purpose |
|---|---|---|
| Email address | Stripe checkout | Account identity, API key delivery, billing |
| Company profile | Claude Code skill (with consent) | Tender matching, scoring, proposal generation |
| API usage logs | Automatic | Rate limiting, billing, service improvement |
| Payment information | Stripe (we never see card data) | Subscription billing |
2. Company Profile Data
During onboarding, you may optionally share your company profile (name, industry, capabilities, certifications, past wins, etc.) to improve tender matching and proposal generation.
Profile syncing to our servers requires explicit consent during setup. If you decline, your profile stays local on your machine only. The skill works fully either way.
Company profile data (business name, industry, capabilities) is not classified as personal data under GDPR. However, because we store your email address, we treat all data with the same standard of care.
3. How We Use Your Data
- ▶Service delivery — API access, key management, billing
- ▶Matching improvement — if synced, your profile improves tender relevance scoring
- ▶Aggregate analytics — anonymized market intelligence (e.g., "60% of users bid on IT tenders")
- ▶Transactional emails — API key delivery, payment warnings via Resend
We do not sell, rent, or share your data with third parties for marketing or advertising purposes. Ever.
4. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, payment method |
| Resend | Transactional email | Email address |
| Railway / Fly.io | Infrastructure hosting | All data (encrypted at rest) |
5. Data Storage & Security
Data is stored in PostgreSQL, encrypted at rest. API keys are generated with cryptographic randomness and stored hashed. All API traffic is served over HTTPS. We follow industry-standard security practices.
6. Your Rights (GDPR & Global)
You have the right to:
- ▶Access — request a copy of all data we hold about you
- ▶Rectification — correct inaccurate data
- ▶Erasure — request deletion of your data (via
DELETE /profileor by contacting us) - ▶Portability — receive your data in a machine-readable format
- ▶Withdraw consent — revoke profile sync consent at any time
To exercise any of these rights, email hello@tenderclaw.io. We respond within 30 days.
7. Data Retention
We retain your data for as long as your account is active. Upon cancellation, we retain billing records for 7 years (legal requirement). Company profiles and usage logs are deleted within 90 days of account cancellation unless you request immediate erasure.
8. Changes to This Policy
We may update this policy. Material changes will be communicated via email. Continued use after changes constitutes acceptance.
9. Contact
Data controller: TenderClaw LLC, Delaware, USA.
Email: hello@tenderclaw.io