Trust centre

Security and document privacy

Clear, current controls for protecting accounts, payments, and files throughout a TenderPDF workflow.

Last updated: 19 July 2026

Current subprocessors

These providers support the live TenderPDF service. Their role and data categories are limited to what is needed for the stated purpose.

ProviderPurposeData categories
VercelWebsite delivery and frontend hostingConnection, device, and application request data
RailwayAPI, temporary processing, Redis, and document workersAccount requests, processing metadata, and temporary files
PaystackHosted checkout and payment statusCustomer, transaction, and payment status data
ResendTransactional email and inbound support emailEmail address, message, receipt, and delivery data
SentryProduction error and performance monitoringError, release, request, and technical context
Google, Microsoft, Meta, and LinkedInAnalytics, advertising, and campaign measurementCookie, device, page-view, and campaign data when enabled

Document lifecycle

Temporary uploads and anonymous outputs are scheduled for deletion within two hours. Logged-in history outputs are retained only so the account holder can download them and are removed when that history item is deleted.

Encryption and storage

TenderPDF is served over HTTPS to protect data in transit. Temporary documents use non-guessable generated names and are processed outside the public frontend directory. TenderPDF does not currently advertise customer-managed encryption keys.

Accounts and access

Passwords are stored as one-way hashes. Signed, expiring account tokens protect private workflows, and history downloads are checked against the authenticated account owner.

Payments

Card details are entered on Paystack's hosted checkout. TenderPDF receives payment references and status information, not full card numbers or security codes.

Processing safeguards

File-size limits, PDF validation, bounded OCR and office conversion time, temporary-file cleanup, request IDs, and per-route success and error metrics help contain failures and support diagnosis.

Monitoring and disclosure

Operational errors are reported to Sentry with tool and service context, without intentionally attaching uploaded document contents. Per-tool metrics, request IDs, worker health, and queue health support incident diagnosis.

Hosting and continuity

The public website is hosted on Vercel. API processing, temporary files, the document queue, Redis, and background workers run on Railway. Service health is published on the TenderPDF Status page.

POPIA and GDPR

TenderPDF applies data-minimisation, purpose-limitation, access-control, retention, correction, and deletion principles to account and document workflows. Rights requests are handled through support and assessed under applicable POPIA or GDPR requirements.

Cookies and analytics

Essential browser storage supports login, location, language, carts, and workflows. Google Analytics, Microsoft Clarity, Meta, and LinkedIn technologies may be enabled for measurement and marketing as described in the Privacy Policy.

Data requests

Account holders may request access, correction, export, or deletion of personal information by contacting support@tenderpdf.co.za. Identity verification may be required before a request is completed.

Incident reporting

Suspected privacy or security incidents should be reported promptly to support@tenderpdf.co.za with Security Incident in the subject. Do not attach confidential documents unless support specifically requests a safe transfer method.

Vulnerability disclosure

Security researchers should report suspected vulnerabilities privately to support@tenderpdf.co.za. Include affected URLs, reproducible steps, impact, and contact details. Do not access other users' data or disrupt production services.