Effective 15 July 2026

Privacy Policy

This policy explains how Tenqual ANS processes personal data when you visit tenqual.com or use Tenqual’s tender discovery, alert, delivery, API, webhook, and MCP services.

1. Controller and contact

Tenqual ANS is the data controller. We are registered in Norway under organization number 935 920 604 at Lerkerinden 61, 5099 Bergen, Norway. Contact support@tenqual.com for privacy questions or requests.

2. Data we process

3. Why we process data

We process account, workspace, alert, and billing data to perform our contract with you under GDPR Article 6(1)(b). We process security, reliability, abuse prevention, product measurement, and business support data for our legitimate interests under Article 6(1)(f). We process accounting records and lawful requests under Article 6(1)(c). We rely on consent where the law requires it.

4. AI processing

Tenqual uses Google Vertex AI and Gemini for features such as alert drafting, tender fit classification, and optional notice translation. Translation applies only to notice titles and descriptions when enabled; Tenqual does not translate tender documents. Prompts may include your approved fit criteria, company context, and source notice text. We do not use customer content to train our own models.

If you provide a company website, Tenqual may retrieve its public pages to help prepare an alert draft. You review the resulting search scope and all fit criteria before activation.

5. Service providers and integrations

We use providers including Google Cloud Platform for infrastructure and AI, Firebase for authentication, Stripe for billing, and SendGrid for transactional email. When you configure a webhook, API client, CRM, MCP client, or another external system, data is sent to that destination at your direction and its own privacy terms apply.

6. International transfers

We prefer EU regions for Tenqual’s application data. Some providers or customer-configured destinations may process data outside the EEA. Where GDPR requires it, we use an adequacy decision, Standard Contractual Clauses, or another lawful transfer mechanism.

7. Retention

We retain active account and workspace data while providing the service. Security and operational logs are retained for limited periods based on reliability and security needs. Billing records are retained as required by Norwegian accounting and tax law. After account closure, we delete or anonymize customer configuration within our operational retention cycle, subject to legal obligations and backup expiry.

Public tender records may remain in the discovery database to maintain procurement history, source auditability, and stable public links. We correct or remove personal data from those records where required by law.

8. Security and credentials

Tenqual uses encryption in transit and at rest, least-privilege service identities, managed secrets, access controls, and audit logging. API keys are stored as one-way hashes. Webhook signing secrets are encrypted. You are responsible for protecting credentials and promptly revoking any credential you believe is exposed.

9. Cookies

At launch, Tenqual uses only technologies needed for authentication, security, and core service operation. We do not use advertising cookies. If we add optional analytics or marketing technologies, we will update this policy and request consent where required.

10. Your rights

Under GDPR, you may request access, correction, deletion, restriction, portability, or object to certain processing. You may withdraw consent at any time. Contact support@tenqual.com. You may also complain to the Norwegian Data Protection Authority, Datatilsynet.

11. Changes

We may update this policy when the product, providers, or legal requirements change. We will publish the new effective date and provide reasonable notice of material changes.