Document lifecycle
Temporary uploads and anonymous outputs are scheduled for deletion within two hours. Logged-in history outputs are retained only so the account holder can download them and are removed when that history item is deleted.
Trust centre
Clear, current controls for protecting accounts, payments, and files throughout a TenderPDF workflow.
Last updated: 19 July 2026
These providers support the live TenderPDF service. Their role and data categories are limited to what is needed for the stated purpose.
| Provider | Purpose | Data categories |
|---|---|---|
| Vercel | Website delivery and frontend hosting | Connection, device, and application request data |
| Railway | API, temporary processing, Redis, and document workers | Account requests, processing metadata, and temporary files |
| Paystack | Hosted checkout and payment status | Customer, transaction, and payment status data |
| Resend | Transactional email and inbound support email | Email address, message, receipt, and delivery data |
| Sentry | Production error and performance monitoring | Error, release, request, and technical context |
| Google, Microsoft, Meta, and LinkedIn | Analytics, advertising, and campaign measurement | Cookie, device, page-view, and campaign data when enabled |
Temporary uploads and anonymous outputs are scheduled for deletion within two hours. Logged-in history outputs are retained only so the account holder can download them and are removed when that history item is deleted.
TenderPDF is served over HTTPS to protect data in transit. Temporary documents use non-guessable generated names and are processed outside the public frontend directory. TenderPDF does not currently advertise customer-managed encryption keys.
Passwords are stored as one-way hashes. Signed, expiring account tokens protect private workflows, and history downloads are checked against the authenticated account owner.
Card details are entered on Paystack's hosted checkout. TenderPDF receives payment references and status information, not full card numbers or security codes.
File-size limits, PDF validation, bounded OCR and office conversion time, temporary-file cleanup, request IDs, and per-route success and error metrics help contain failures and support diagnosis.
Operational errors are reported to Sentry with tool and service context, without intentionally attaching uploaded document contents. Per-tool metrics, request IDs, worker health, and queue health support incident diagnosis.
The public website is hosted on Vercel. API processing, temporary files, the document queue, Redis, and background workers run on Railway. Service health is published on the TenderPDF Status page.
TenderPDF applies data-minimisation, purpose-limitation, access-control, retention, correction, and deletion principles to account and document workflows. Rights requests are handled through support and assessed under applicable POPIA or GDPR requirements.
Essential browser storage supports login, location, language, carts, and workflows. Google Analytics, Microsoft Clarity, Meta, and LinkedIn technologies may be enabled for measurement and marketing as described in the Privacy Policy.
Account holders may request access, correction, export, or deletion of personal information by contacting support@tenderpdf.co.za. Identity verification may be required before a request is completed.
Suspected privacy or security incidents should be reported promptly to support@tenderpdf.co.za with Security Incident in the subject. Do not attach confidential documents unless support specifically requests a safe transfer method.
Security researchers should report suspected vulnerabilities privately to support@tenderpdf.co.za. Include affected URLs, reproducible steps, impact, and contact details. Do not access other users' data or disrupt production services.