Legal

Privacy Policy

Last updated: May 2026  ·  Applies to tenderalert.org and the TenderAlert mobile apps

TenderAlert is operated by an individual developer based in Norway. Norway is a member of the European Economic Area (EEA) and is subject to the General Data Protection Regulation (GDPR). We are committed to handling your personal data responsibly and transparently.

Contents

  1. Data controller
  2. What data we collect
  3. How we use your data
  4. Legal basis for processing
  5. Third-party services
  6. Data storage and security
  7. Retention and deletion
  8. Your rights
  9. Children
  10. Cookies and local storage
  11. Changes to this policy
  12. Contact

1. Data controller

The data controller for TenderAlert is an individual developer operating under the name TenderAlert, based in Norway.

Contact for privacy matters: contact@tenderalert.org

2. What data we collect

Account data

When you sign in using Google or Apple authentication, we receive:

Organisation and profile data

When you set up or join an organisation in TenderAlert, we store:

Usage data

Technical data

What we do not collect

3. How we use your data

Purpose Data used
Authenticate your identity and manage your account Email address, authentication provider ID
Match EU procurement notices to your organisation's interests Search profile text, CPV/NUTS codes, preferences
Send daily or weekly digest emails Email address, matched notices, organisation name
Enable collaboration within your organisation Display name, ratings, comments
Generate AI summaries of matched notices Notice content (public EU data), search profile text
Improve the service and diagnose technical issues Server logs, IP addresses, app version
Understand aggregate usage patterns Anonymised analytics data via Google Analytics

Under GDPR, we process your personal data on the following legal bases:

Contract (Article 6(1)(b))

Processing your account data, search profile, and sending digest emails is necessary to provide the TenderAlert service you have signed up for.

Legitimate interests (Article 6(1)(f))

We process server log data (including IP addresses) to maintain security, diagnose technical issues, and protect the service from abuse. This is a legitimate interest that does not override your fundamental rights.

Consent (Article 6(1)(a))

We use Google Analytics cookies only with your consent, obtained via the cookie banner on first visit. You may withdraw consent at any time by adjusting your cookie preferences.

5. Third-party services

TenderAlert uses a small number of third-party services. We do not sell your data to any third party.

Google Firebase (Authentication & Cloud Services)

We use Firebase for user authentication and app infrastructure. Google processes authentication data in accordance with Google's privacy policy. Google is subject to Standard Contractual Clauses for data transfers.

Google Analytics

We use Google Analytics to understand aggregate usage of the TenderAlert website. Analytics data is anonymised and does not identify individual users. This is only activated with your cookie consent. You may opt out using the Google Analytics opt-out browser add-on.

AI processing (local)

AI-powered features (notice summarisation, semantic matching) are processed using a locally hosted language model running on servers located within the EEA. Your profile data and notice content are not sent to external AI providers. If this changes in the future, this policy will be updated and you will be notified.

EU TED (Tenders Electronic Daily)

Procurement notice data is sourced from the EU's official TED platform, which is fully public data. No personal data is shared with TED.

6. Data storage and security

Your personal data is stored on servers located within the EEA (currently in Norway). We apply the following security measures:

While we take reasonable precautions, no system is perfectly secure. In the event of a data breach that affects your rights, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR.

7. Retention and deletion

Active accounts

We retain your data for as long as your account is active and you continue to use the service.

User deletion by organisation admin

An organisation administrator may remove a user from the organisation. In this case, the user's email address is anonymised (warped) in our database to preserve the integrity of historical records, while removing personally identifiable information.

Organisation deletion

An organisation administrator may delete the entire organisation. This removes all associated profiles, preferences, ratings and comments from our systems.

Account deletion request

You may request deletion of your account and personal data at any time by contacting us at contact@tenderalert.org. We will action your request within 30 days.

Server logs

Standard web server access logs containing IP addresses are retained for up to 90 days and then deleted automatically.

8. Your rights

Under GDPR, you have the following rights regarding your personal data:

Right What it means
Access You may request a copy of the personal data we hold about you.
Rectification You may correct inaccurate data. Most profile data can be edited directly in the app.
Erasure You may request deletion of your personal data ("right to be forgotten").
Restriction You may ask us to restrict processing of your data in certain circumstances.
Portability You may request your data in a structured, machine-readable format.
Objection You may object to processing based on legitimate interests.
Withdraw consent Where processing is based on consent (e.g. analytics cookies), you may withdraw at any time.

To exercise any of these rights, contact us at contact@tenderalert.org. We will respond within 30 days. You also have the right to lodge a complaint with the Norwegian data protection authority: Datatilsynet (datatilsynet.no).

9. Children

TenderAlert is intended for use by organisations and professionals. The service is not directed at children under the age of 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child under 16 has provided us with personal data, please contact us and we will delete it promptly.

10. Cookies and local storage

Cookies set by TenderAlert

Cookie / storage Purpose Consent required
Firebase authentication token Keeps you signed in No — essential for the service
Language preference (localStorage) Remembers your chosen language on the website No — functional, no personal data
App preferences (SharedPreferences, mobile) Stores local app settings on your device No — stored locally on your device only
Google Analytics (_ga, _gid) Aggregate usage analytics Yes — only set after consent

On your first visit to tenderalert.org, a cookie banner will ask for your consent to Google Analytics cookies. You may decline without affecting your ability to use the service.

11. Changes to this policy

We may update this privacy policy from time to time, for example when we add new features or when legal requirements change. The date at the top of this page reflects when the policy was last updated. For significant changes, we will notify registered users by email.

12. Contact

For any questions about this privacy policy or your personal data, please contact:

TenderAlert
Norway
Email: contact@tenderalert.org
Website: tenderalert.org

We aim to respond to all privacy-related enquiries within 5 business days.