Security and data protection
How we handle data, access and agreements.
Tendr is built so that procurement, IT and security functions in medium and large organisations can approve its use without going through a lengthy DPIA process. This page is the public foundation. Contracts and documentation are provided on request.
Data residency
All customer data resides in Supabase (Postgres) in the EU region (Stockholm). All AI processing goes via Anthropic Claude and OpenAI API endpoints with default Zero Data Retention (ZDR) for commercial customers.
For organisations with stricter requirements, we offer Sovereign Cloud: a dedicated Supabase project in the EU, customer-pinned LLM via AWS Bedrock Frankfurt with BYOK (bring your own key), signed SCCs. See Sovereign Cloud tier.
Audit-trail
All changes to customer data — login, capability edits, bid edits, award overrides — are logged to an append-only audit table with timestamp, user ID, resource ID and IP address.
Log retention is 12 months by default. Longer retention available on Enterprise and Sovereign tiers. Built-in audit dashboard for tenant administrators with filtering on action, resource type and date. Logs exportable to SIEM (Splunk, Sentinel) via API on Enterprise.
See live audit dashboard at /tendr/audit after login.
Access control
Default login is email + one-time code (magic link), 30 min idle timeout, 24-hour max. Role-based access per tenant: viewer, editor, admin.
Azure AD / Entra ID single sign-on (SAML) available as add-on on Enterprise tier via WorkOS. Activated on customer-specific agreement, typically within 2 weeks of signing.
Encryption standards
Data at rest: AES-256 in Supabase Postgres + S3 (customer documents). Data in transit: TLS 1.3 on all endpoints. Sensitive fields (LLM prompt parameters, library documents) are encrypted with tenant-specific DEK (envelope encryption) on Enterprise and Sovereign tiers.
GDPR and DPA
Erik Harry B Høydal Consulting (org. no. 936 955 533 MVA) is data controller. Data Processing Agreement (DPA) under GDPR art. 28 available on request and signed as part of Enterprise or Sovereign agreements.
Sub-processors: Supabase (EU), Anthropic (US API with ZDR), OpenAI (US API for embeddings, ZDR). List of all sub-processors with purpose updated quarterly in DPA appendix.
Rights of access, rectification, erasure and portability handled within 30 days of documented request to dpo@erikharry.no.
SLA — uptime and support
| Plan | Uptime | Support response (business days) |
|---|---|---|
| Scout / Bid | 99.0 % monthly, best-effort | Within 48 hours |
| Enterprise | 99.5 % monthly, SLA credits | Within 8 hours, dedicated contact |
| Sovereign Cloud | 99.9 % monthly, SLA credits | Within 4 hours, dedicated contact + on-call |
Scheduled maintenance is notified at least 7 days in advance and scheduled outside Norwegian business hours (07-17) when possible. Status and incidents published on status page (established for Enterprise customers).
EU AI Act and AI transparency
Tendr uses generative AI (large language models) for two purposes: (1) interpreting and structuring tender documents, (2) suggesting bid text based on the customer's own library.
AI-generated suggestions in Bid Composer have mandatory pre-submit disclosure: before final PDF/DOCX export, the user confirms that AI use is known and documented. Source references ([L1], [A2] etc.) are shown inline and clickable for source display. We NEVER take an AI response without source tracking.
Contact for evaluation
For IT and procurement functions evaluating Tendr: request a 30 min technical meeting. We review architecture, audit-trail, draft DPA and specific requirements.
Email consult@erikharry.no or book 30 min on Cal.com.
Last updated: 2026-05-26. Changes to this document are notified to existing customers at least 30 days in advance.