Privacy Policy

Version 1.0 Β· Effective Date: March 15, 2026 Β· Calgary, AB, Canada

Introduction

Tendriv Inc. (β€œTendriv,” β€œwe,” β€œus,” or β€œour”) is incorporated in Alberta and operates from Calgary, Alberta, Canada. We provide an AI-powered bid intelligence platform that helps Canadian businesses identify, evaluate, and respond to competitive government and enterprise solicitations.

This Privacy Policy explains how we collect, use, disclose, and protect personal information in compliance with the Personal Information Protection Act (Alberta) (PIPA), the Personal Information Protection and Electronic Documents Act (PIPEDA), and, where applicable, Canada's Anti-Spam Legislation (CASL).

By using Tendriv, you consent to the practices described in this policy. If you do not agree, please discontinue use of the platform.

1. Information We Collect

1.1 Account and Organization Information

When you create a Tendriv account, we collect:

  • Full name and email address
  • Organization name and type
  • Province or territory of operation
  • Account credentials, stored securely in accordance with industry best practices

1.2 Solicitation and Bid Documents

When you upload documents to the platform β€” such as solicitation documents issued by procuring authorities, or draft proposal and bid materials your organization is preparing β€” we collect and process the content of those documents solely to provide our analysis and response-preparation services. You retain full ownership of all documents you upload. See Section 5 for details.

1.3 Usage Data

We collect data about how you interact with the platform, including:

  • Features accessed and pages visited
  • Number and type of documents analyzed
  • Platform performance metrics (no personally identifiable content)
  • IP address and browser/device type for security monitoring

1.4 Billing Information

Payment card data is collected and processed exclusively by our payment processor, which maintains PCI DSS certification. Tendriv does not store, transmit, or have access to full payment card numbers. We retain only the billing identifiers issued by our payment processor that are necessary to manage your subscription.

1.5 Communications

If you contact us by email or through the platform, we retain the content of that communication to respond to your inquiry and improve our support.

2. How We Use Your Information

We use personal information for the following purposes:

  • Providing and operating the Tendriv platform and its features
  • Analyzing solicitation documents and supporting preparation of bid responses on your behalf
  • Managing your subscription, billing, and account
  • Communicating with you about your account, security alerts, and product updates
  • Improving the accuracy and performance of our AI analysis services using aggregated, de-identified data
  • Detecting, investigating, and preventing security incidents, fraud, and abuse
  • Complying with legal obligations and responding to lawful requests from government authorities

We do not sell, rent, or trade personal information to third parties for their own marketing purposes. We do not use personal information for behavioural advertising.

3. Canadian Data Residency

Tendriv is built on a Canadian data residency model. Your profiles, drafts, bid responses, and organizational data are stored and processed exclusively in Canadian data centres. Draft generation and profile-level AI processing run on Canadian infrastructure (Google Cloud northamerica-northeast1).

For government RFX document analysis (Shredder), we may use US-hosted AI for superior extraction quality. RFX documents are publicly available Canadian government solicitations β€” no user-identifying data is included in that processing. See our Trust & Security page for the full infrastructure disclosure.

The sole exception is payment processing: payment card information is collected and processed by our payment processor under PCI DSS compliance requirements. Our payment processor does not receive or store any procurement or document data.

Our data residency commitment is formally attested in a separate Data Residency Attestation document available to customers upon request and through our Trust Centre.

4. Disclosure of Information

4.1 Service Providers (Sub-Processors)

We engage a limited number of sub-processors to operate the platform. All sub-processors that handle customer data are contractually required to process data exclusively within Canada and to maintain appropriate security standards. Our current sub-processors are:

  • Database and authentication services β€” Canadian data centres
  • AI inference and document processing β€” Canadian data centres
  • Application hosting and delivery β€” Canadian data centres
  • Payment processing β€” PCI DSS certified; no solicitation or bid document data is shared with our payment processor

All sub-processors are bound by contractual obligations to process data only as directed by Tendriv and to maintain appropriate security standards.

4.2 Legal Requirements

We may disclose personal information if required to do so by law, court order, or lawful request from a government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of Tendriv, our customers, or the public.

4.3 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or a portion of Tendriv's assets, personal information may be transferred to the acquiring party. We will notify affected users via email and prominent notice on the platform at least 30 days before any such transfer, and you will have the opportunity to delete your account and data prior to the transfer.

5. Data Ownership and AI-Generated Content

5.1 Your Data

You retain full ownership of all documents you upload to Tendriv and all bid responses, compliance matrices, and other content you create within the platform. Tendriv claims no ownership or licence over your proprietary business information.

5.2 Tendriv IP

Tendriv retains ownership of the platform, algorithms, AI models, prompt engineering, extraction methodologies, and all software comprising the service. Aggregated, non-identifying usage data (e.g., processing volumes, feature adoption rates) may be used to improve and benchmark our services.

5.3 AI Output Disclaimer

Compliance checklists, requirement extractions, gap analyses, and other outputs generated by our AI systems are provided as analytical tools to support your bid preparation process. AI-generated content may contain errors or omissions. You are responsible for verifying all AI-generated output against source solicitation documents before relying on it for any bid submission. AI output does not constitute legal, financial, or professional advice.

6. Data Retention

We retain personal information for as long as your account is active or as needed to provide services. Specifically:

  • Account and organization data β€” retained for the duration of your subscription plus 90 days after account closure
  • Uploaded documents and extracted requirements β€” retained for the duration of your subscription; you may delete individual documents at any time
  • Billing records β€” retained for 7 years as required by Canadian tax law
  • Security and audit logs β€” retained for a period sufficient to support our security obligations and any applicable regulatory requirements

Upon account closure, we will delete or anonymize your personal information within 90 days, except where retention is required by law.

7. Security

Tendriv is designed with security as a foundational requirement, targeting SOC 2 Type II and ISO 27001 certification. We apply appropriate technical and organizational safeguards to protect personal information against unauthorized access, disclosure, alteration, and destruction, including:

  • Encryption of data in transit and at rest
  • Strict organizational isolation β€” no organization can access another organization's data
  • Access controls based on the principle of least privilege
  • Audit logging of data access events
  • Ongoing vulnerability management and security reviews
  • Separation of personal information from operational log data

Despite these measures, no system is completely secure. In the event of a data breach that poses a real risk of significant harm to individuals, we will notify affected users and the Office of the Privacy Commissioner of Canada as required by PIPEDA's Breach of Security Safeguards Regulations.

8. Your Rights

Under PIPA (Alberta) and PIPEDA, you have the following rights with respect to your personal information:

  • Access β€” You may request a copy of the personal information we hold about you.
  • Correction β€” You may request that we correct inaccurate or incomplete personal information.
  • Withdrawal of Consent β€” You may withdraw consent to non-essential processing at any time. Withdrawal may affect your ability to use certain features.
  • Deletion β€” You may request deletion of your personal information, subject to retention obligations under applicable law.
  • Portability β€” You may request an export of your data in a machine-readable format.

To exercise any of these rights, contact us at legal@tendriv.ca. We will respond within 30 days. We may require identity verification before processing requests.

If you are unsatisfied with our response, you have the right to file a complaint with the Office of the Information and Privacy Commissioner of Alberta (OIPC Alberta).

9. Cookies and Tracking

Tendriv uses the following cookies and client-side storage:

  • Authentication cookies β€” strictly necessary session tokens required for login and session management; cannot be disabled without preventing platform access
  • Security cookies β€” strictly necessary tokens that protect the integrity of your session; cannot be disabled

We do not use third-party analytics cookies (e.g., Google Analytics), advertising cookies, or social media tracking pixels. We do not share browsing data with advertising networks.

10. Children's Privacy

The Tendriv platform is intended for business use by individuals who are 18 years of age or older, or the age of majority in their province. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact legal@tendriv.ca and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (at the address on file for your account) and by posting a prominent notice on the platform at least 30 days before the changes take effect. Your continued use of Tendriv after the effective date of the revised policy constitutes your acceptance of the changes.

The current version number and effective date are displayed at the top of this document.

12. Contact

For privacy-related inquiries, requests, or complaints, contact our Privacy Officer:

Tendriv Inc.
Privacy Officer
Calgary, Alberta, Canada
Email: legal@tendriv.ca
Website: tendriv.ca/privacy

This Privacy Policy is governed by the laws of the Province of Alberta and the federal laws of Canada applicable therein. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of the courts of Alberta.

Contains information licensed under the Open Government Licence β€” Canada.

Your data never leaves Canada.

Protected B Ready