Security & Data Protection

Your data security is our top priority

Data Encryption

All data transmitted between your browser and our servers is encrypted using industry-standard TLS (Transport Layer Security) encryption. This ensures that your sensitive information cannot be intercepted during transmission.

  • Encryption in Transit: All connections use TLS 1.2 or higher
  • Encryption at Rest: All stored data is encrypted using AES-256 encryption
  • Secure Connections: HTTPS is enforced for all connections
  • Certificate Management: SSL/TLS certificates are regularly updated and monitored

Compliance & Regulations

POPIA Compliance

TenderFlow fully complies with the Protection of Personal Information Act (POPIA) of South Africa. We:

  • Only collect personal information necessary for service provision
  • Obtain explicit consent before processing personal data
  • Provide transparent information about data collection and usage
  • Implement appropriate security measures to protect personal information
  • Respect your rights to access, correct, and delete your personal information

GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

Infrastructure Security

Our infrastructure is designed with security as a fundamental principle:

  • Secure Data Centers: Servers are hosted in secure, certified data centers in South Africa
  • Network Security: Firewalls and intrusion detection systems protect our network
  • Access Controls: Strict access controls limit who can access your data
  • Regular Audits: Security audits and penetration testing are conducted regularly
  • Monitoring: 24/7 monitoring for suspicious activity and security threats
  • Backup & Recovery: Regular automated backups with disaster recovery procedures

Access Controls

We implement multiple layers of access control to protect your data:

  • Authentication: Secure password requirements and optional two-factor authentication
  • Authorization: Role-based access control ensures users only see what they need
  • Session Management: Secure session handling with automatic timeout
  • Account Security: Password reset and account recovery procedures
  • Audit Logs: All access and changes are logged for security auditing

Data Backup & Retention

Your data is backed up regularly to ensure availability and recovery:

  • Automated Backups: Daily automated backups of all data
  • Multiple Locations: Backups stored in geographically separate locations
  • Retention Policy: Data is retained according to legal requirements and business needs
  • Recovery Testing: Regular testing of backup and recovery procedures
  • Data Deletion: Secure deletion of data when no longer needed

Privacy & Confidentiality

We respect your privacy and maintain strict confidentiality:

  • No Data Sharing: We do not sell or share your data with third parties
  • Limited Access: Only authorized personnel have access to your data
  • Confidentiality Agreements: All staff sign confidentiality agreements
  • Privacy by Design: Privacy considerations built into our platform design
  • Transparent Policies: Clear privacy policies explain how we handle your data

Security Best Practices

We recommend that you:

  • Use strong, unique passwords for your account
  • Enable two-factor authentication if available
  • Keep your browser and operating system updated
  • Log out when using shared computers
  • Report any suspicious activity immediately

Have Security Questions?

If you have questions about our security measures or need to report a security concern, please contact us.

Contact Us Privacy Policy