Skip to content
Home
SolutionsPricing
Sign inTalk to sales
privacy

Privacy Policy.

We are an Indian company that processes data under the Digital Personal Data Protection Act, 2023 (DPDP). This policy is written in plain English so you can actually read it.

Last updated: 10 May 2026 · Effective: 12 May 2026

1. Overview

TenderGuruji is operated by TenderGuruji Technologies Private Limited, a company incorporated under the Companies Act, 2013 of India, with its registered office in Gandhinagar, Gujarat. References to “we”, “us” or “TenderGuruji” in this policy mean TenderGuruji Technologies Private Limited.

This policy explains the personal data we collect about you when you use our website, sign up for an account, or otherwise interact with us, and how we process that data.

2. Data we collect

We collect the following categories of personal data:

  • Account data — name, work email, company, phone number, password (hashed), role.
  • Billing data — GSTIN, billing address, PAN where required by Indian tax law. We do not store full card numbers; payments are processed by PCI-DSS-compliant gateways.
  • Usage data — logs of searches, saved searches, exports, login events, IP address, browser, device type.
  • Communications — emails, chat transcripts, and call notes when you contact our team.
  • Cookies & similar — see Section 4.

We do not knowingly collect sensitive personal data of the kind defined under the DPDP Act unless strictly necessary and with your explicit consent.

3. Purposes of processing

We process personal data only for clearly defined purposes:

  • To provide and operate the TenderGuruji platform.
  • To authenticate you and secure your account.
  • To send service notifications (alerts, billing receipts, security notices).
  • To improve the platform via aggregated, anonymised analytics.
  • To meet legal, tax, and audit obligations under Indian law.
  • To respond to enquiries you send us through any channel.

We do not sell, rent, or trade your personal data. We do not use your data to train third-party AI models.

4. Cookies & analytics

We use a small number of first-party cookies for essential session management and product analytics. We minimise third-party trackers deliberately.

  • Essential cookies — required to keep you signed in and to secure the session. These cannot be disabled.
  • Analytics cookies — first-party, privacy- preserving product analytics. You may opt out from the cookie banner.
  • Marketing cookies — we currently do not run any retargeting or behavioural advertising cookies.

5. Sharing with third parties

We share personal data only with vetted sub-processors under written data-processing agreements:

  • Cloud hosting (AWS Mumbai region) — infrastructure.
  • Email delivery — transactional and alert emails.
  • Payment processors — Razorpay / Stripe India.
  • Customer support tooling — helpdesk and chat.
  • Auditors and counsel — where strictly required.

Our full sub-processor list is available on request via dpo@tenderguruji.com.

6. Retention periods

Personal data is retained only for as long as needed to provide the service or to meet legal obligations:

  • Account data — for the life of your account, plus 12 months for legal hold.
  • Billing data — 8 financial years (Indian tax law).
  • Usage logs — 13 months by default; security logs up to 36 months.
  • Marketing leads — 24 months from last interaction.

You may request earlier deletion under Section 8.

7. Security measures

We treat security as the floor, not the ceiling. Our technical and organisational measures include:

  • TLS 1.3 in transit, AES-256 at rest.
  • Role-based access control with least-privilege defaults.
  • Audit logging of administrative actions.
  • Annual third-party penetration testing.
  • Mandatory security training for every employee.
  • SOC 2 Type I controls; Type II audit underway.

8. Your rights under DPDP

As a Data Principal under the DPDP Act, 2023, you have the right to:

  • Access a summary of personal data we process about you.
  • Correct or update inaccurate or incomplete data.
  • Erase data that is no longer necessary.
  • Nominate another individual to exercise your rights.
  • Withdraw consent at any time (where consent is the basis of processing).
  • Raise a grievance with our Grievance Officer (Section 13).

We respond to verified rights requests within 30 days, as required by the Act.

9. DPDP-specific notices

In line with Section 5 of the DPDP Act, this notice is provided clearly and in plain language, in English. Alternative-language copies (Hindi, Gujarati) are available on request.

Where the lawful basis for processing is your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal. Some features of the platform will not function if processing is withdrawn.

10. Children's data

TenderGuruji is a business platform intended for adults employed by organisations. We do not knowingly collect personal data of any individual under the age of 18. If you believe we have, please write to dpo@tenderguruji.com and we will delete it.

11. Cross-border transfers

Personal data is primarily stored and processed within India (AWS Mumbai region). We may transfer limited categories of data outside India only where the destination jurisdiction is permitted under the DPDP Act and our sub-processor agreements include appropriate safeguards.

12. Updates to this policy

When we make material changes, we will notify you via email and on the TenderGuruji dashboard at least 14 days before the changes take effect. The current version is always available at this URL.

13. Contacting the DPO

Our Data Protection Officer can be reached at:

Data Protection Officer
TenderGuruji Technologies Private Limited
GIFT City, Gandhinagar, Gujarat 382355, India
dpo@tenderguruji.comContact form

For unresolved concerns, you may also approach the Data Protection Board of India once it is operational.