Privacy Policy

1. Introduction

Compliance0 Pty Ltd (ACN 687 131 479) trading as Tendor (ABN 32 687 131 479) (referred to in this document as 'we', 'us', or 'our') is committed to protecting your privacy.

We are bound by the Privacy Act 1988 (Cth) (the Privacy Act) and the Australian Privacy Principles (APPs) contained therein. This policy sets out how we collect, hold, use, and disclose your personal information.

By providing personal information to us, or by using our website and services, you consent to our collection, storage, use, and disclosure of your personal information in accordance with this Privacy Policy.

2. Anonymity and Pseudonymity

Where it is lawful and practicable, you may deal with us on an anonymous basis or by using a pseudonym. For example, you may make general enquiries about our services without identifying yourself.

However, in most cases we will need to collect your personal information to provide our services to you. If you choose not to provide us with the personal information we request, we may not be able to:

• Create or manage your account;
• Provide you with our products or services;
• Respond to your enquiries or requests; or
• Process payments or transactions.

3. Types of Personal Information We Collect

We collect personal information that is reasonably necessary for us to provide our services to you. The types of personal information we collect may include:

1. Identity Data: Name, age, and date of birth.
2. Contact Data: Email address, telephone number, mailing or street address.
3. Business Data: Information about your business, company structure, role, and professional circumstances.
4. Financial Data: Credit card details or bank account information for payment processing.
5. Technical Data: Internet Protocol (IP) address, login data, browser type and version, time zone setting and location, and operating system (when you interact with our website).
6. Interaction Data: Information provided in client surveys, questionnaires, and feedback forms.

4. How We Collect Personal Information

We generally collect personal information directly from you. We may collect your information when you:

• Register for an account or sign up for our services;
• Contact us via our website, email, or telephone;
• Subscribe to our newsletters or fill out a form on our website;
• Interact with our social media pages (e.g., LinkedIn, Facebook); or
• Provide information during the course of a business relationship.

Third-Party Collection: In some circumstances, we may collect personal information about you from third parties, such as:

• Publicly available sources;
• Credit reporting bodies; or
• Your employer (if they are a client of Tendor).

Cookies and Website Data: We may use 'cookies' and similar technologies on our website. Cookies are small text files that help a website remember your preferences. You can disable cookies in your browser settings, though this may affect your experience on our site. We may also use third-party tools to analyse website traffic and improve our services. For more details, please see our Cookie Policy.

Unsolicited Information: If we receive personal information about you that we did not request (unsolicited information), and we determine that we could not have collected this information under the Australian Privacy Principles, we will destroy or de-identify that information as soon as practicable, unless it is contained in a Commonwealth record or it would be unlawful to do so.

5. Purposes for Collection and Use

We collect, hold, use, and disclose your personal information for the following purposes:

1. Service Delivery: To provide goods, software, and compliance services to you.
2. Communication: To contact you regarding your account, support requests, or administrative matters.
3. Improvement: To improve and optimise our platforms, service offerings, and customer experience.
4. Marketing: To send you promotional messages and information that may be of interest to you (in accordance with the Spam Act 2003 (Cth)). You may opt-out of these at any time.
5. Legal Compliance: To comply with our legal obligations, resolve disputes, or enforce our agreements.
6. Employment: To process applications if you apply for a job with us.

6. Disclosure of Personal Information

We may disclose your personal information to third parties for the purposes described in this policy. These third parties may include:

• Service Providers: Cloud storage providers, IT support, payment processors, and marketing providers.
• Professional Advisors: Lawyers, accountants, and auditors.
• Regulatory Bodies: Government agencies where required by law.

International Transfers: We store data using reputable third-party cloud providers. These providers may store data on servers located inside or outside of Australia, including in the United States and European Union. Before disclosing personal information to an overseas recipient, we take reasonable steps to ensure they will handle your information in a manner consistent with the Australian Privacy Principles, including through contractual arrangements. By providing your personal information, you consent to this cross-border disclosure.

7. Security and Data Retention

We take the security of your personal information seriously. We implement reasonable administrative, technical, and physical safeguards to protect your data from misuse, interference, loss, unauthorised access, modification, or disclosure.

Measures we take include:

• Password protection on our systems;
• Encryption of data in transit and at rest where possible; and
• Limiting access to personal information to authorised personnel only.

Data Retention: We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. When personal information is no longer required for these purposes, we will take reasonable steps to destroy or permanently de-identify it. The retention period may vary depending on the context, including:

• Account information is retained for the duration of your relationship with us and for a reasonable period thereafter;
• Transaction records are retained for at least 7 years to comply with tax and accounting obligations;
• Marketing preferences are retained until you withdraw consent or unsubscribe.

Notifiable Data Breaches: In the event of a data breach that is likely to result in serious harm, we will notify you and the Office of the Australian Information Commissioner (OAIC) in accordance with the Notifiable Data Breaches scheme.

8. Links to Other Websites

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to read the privacy policies of any website you visit.

9. Accessing and Correcting Your Information

You have the right to request access to the personal information we hold about you and to request corrections if you believe the information is inaccurate, out of date, or incomplete.

To make a request:

• Please contact us in writing using the details provided below.
• We may require you to verify your identity before processing the request.
• We will respond within a reasonable timeframe (usually 30 days).

There is no fee for requesting corrections. However, we may charge a reasonable fee for the administrative costs of retrieving and providing access to your information.

10. Complaints

If you believe we have breached the Australian Privacy Principles, you may lodge a complaint with us in writing. We will investigate your complaint and respond within a reasonable timeframe.

If you are not satisfied with our response, you may contact the Office of the Australian Information Commissioner (OAIC):

• Website: www.oaic.gov.au
• Phone: 1300 363 992

11. Artificial Intelligence and Machine Learning

Tendor uses artificial intelligence (AI) and machine learning to provide and improve our services.

No Global LLM Training: We guarantee that your proprietary tender data, documents, and inputs are never used to train global, public AI models (such as those provided by OpenAI, Google, or Anthropic).

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last Updated" date at the top of this policy. We encourage you to periodically review this policy to stay informed about how we are protecting your information.

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

13. Contact Us

For any questions regarding this Privacy Policy, or to access or correct your information, please contact our Privacy Officer:

Last Updated: 24 December 2025