POPIA-Aligned Data Protection Statement

This statement describes Tenders SA's current privacy and data protection approach. It is provided for transparency and user confidence.

It does not constitute legal advice, a formal POPIA certification, an independent audit report, or a guarantee that every operational process is legally compliant in all circumstances.

Tenders SA maintains a Trust Center where platform trust signals are explained separately from legal policy pages. The Trust Center is used to show public evidence summaries for platform identity, privacy approach, hosting location, security infrastructure, and tender data transparency.

View related trust evidence:

Tenders SA periodically reviews its data protection practices, hosting configuration, access controls, privacy notices, user rights handling, and platform safeguards.

Where an external legal, technical, or compliance review is completed, we will identify the reviewer, review date, scope, and public evidence available to users.

At present, this page explains our current privacy approach and operational safeguards. It should not be read as a formal compliance certificate.

We design our data handling around the eight conditions for lawful processing as outlined in POPIA:

We have designated an information officer to oversee privacy practices and handle data subject requests.

Depending on how users interact with Tenders SA, we may process account information, contact details, company profile information, tender preferences, saved opportunities, application support data, billing and subscription records, support messages, notification preferences, usage logs, and security-related records.

We aim to collect only the information needed to provide tender discovery, tender matching, account management, communication, payment, support, security, and platform improvement services.

We process information to operate user accounts, provide tender discovery and matching tools, support company profiles, send requested notifications, manage subscriptions, provide customer support, secure the platform, improve service quality, and comply with financial or legal recordkeeping obligations.

Tenders SA processes personal information only where there is a lawful reason to do so. Depending on the user interaction, this may include consent, contract or service delivery, legal obligations, and legitimate business interests.

Tenders SA uses cloud infrastructure to operate the platform and deliver tender discovery, account, notification, matching, subscription, and support services.

Where applicable, core platform hosting is configured to support South African data residency through AWS South Africa infrastructure. Some third-party services, such as payment providers, email delivery providers, analytics tools, monitoring tools, or AI service providers, may process limited information outside South Africa depending on their own infrastructure, contractual terms, and technical requirements.

We aim to minimise unnecessary data transfers and use service providers that support appropriate security, confidentiality, and operational safeguards.

Tenders SA may use AI-assisted systems to summarise tender information, classify opportunities, extract requirements, support tender matching, generate recommendations, and help users prepare tender applications.

AI-assisted processing is used to improve platform functionality and user experience. It does not replace official tender source documents, government notices, issuing organisation instructions, or user verification of final tender requirements.

Where personal or company profile information is used to support matching or recommendations, it is processed for platform service delivery and user-requested functionality.

Tenders SA applies technical and organisational safeguards designed to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure.

Security controls are reviewed periodically and improved as the platform evolves.

Users may contact Tenders SA to request access to personal information, correction of inaccurate information, deletion where legally appropriate, objection to direct marketing, or clarification about how their information is processed.

To help us process a request, users should provide their name, account email address, request type, and enough detail for us to identify the relevant account or record.

We may need to verify identity before making account or data changes. We aim to respond within a reasonable period and in line with applicable POPIA requirements.

We engage carefully selected third-party service providers to help us operate the platform and deliver services.

Service providers are bound by contractual terms that require appropriate security and confidentiality measures.

We retain personal information only as long as necessary for the purposes for which it was collected, or as required by law.

The Information Regulator is South Africa's independent body responsible for overseeing compliance with POPIA and handling data protection complaints.

This POPIA-Aligned Data Protection Statement should be read in conjunction with our other legal and privacy documents:

If you believe your personal information has been handled incorrectly, please contact us first so we can investigate and respond.

We regularly review and update our data protection approach to ensure continued alignment with regulatory requirements and industry best practices.

For any privacy or data protection questions, please contact us: