Security & Data Protection

All data transmitted between your browser and our servers is encrypted using industry-standard TLS (Transport Layer Security) encryption. This ensures that your sensitive information cannot be intercepted during transmission.

• Encryption in Transit: All connections use TLS 1.2 or higher
• Encryption at Rest: All stored data is encrypted using AES-256 encryption
• Secure Connections: HTTPS is enforced for all connections
• Certificate Management: SSL/TLS certificates are regularly updated and monitored

POPIA Compliance

TenderFlow fully complies with the Protection of Personal Information Act (POPIA) of South Africa. We:

• Only collect personal information necessary for service provision
• Obtain explicit consent before processing personal data
• Provide transparent information about data collection and usage
• Implement appropriate security measures to protect personal information
• Respect your rights to access, correct, and delete your personal information

GDPR Compliance

For users in the European Union, we comply with the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing

Our infrastructure is designed with security as a fundamental principle:

• Secure Data Centers: Servers are hosted in secure, certified data centers in South Africa
• Network Security: Firewalls and intrusion detection systems protect our network
• Access Controls: Strict access controls limit who can access your data
• Regular Audits: Security audits and penetration testing are conducted regularly
• Monitoring: 24/7 monitoring for suspicious activity and security threats
• Backup & Recovery: Regular automated backups with disaster recovery procedures

We implement multiple layers of access control to protect your data:

• Authentication: Secure password requirements and optional two-factor authentication
• Authorization: Role-based access control ensures users only see what they need
• Session Management: Secure session handling with automatic timeout
• Account Security: Password reset and account recovery procedures
• Audit Logs: All access and changes are logged for security auditing

Your data is backed up regularly to ensure availability and recovery:

• Automated Backups: Daily automated backups of all data
• Multiple Locations: Backups stored in geographically separate locations
• Retention Policy: Data is retained according to legal requirements and business needs
• Recovery Testing: Regular testing of backup and recovery procedures
• Data Deletion: Secure deletion of data when no longer needed

We respect your privacy and maintain strict confidentiality:

• No Data Sharing: We do not sell or share your data with third parties
• Limited Access: Only authorized personnel have access to your data
• Confidentiality Agreements: All staff sign confidentiality agreements
• Privacy by Design: Privacy considerations built into our platform design
• Transparent Policies: Clear privacy policies explain how we handle your data