Language
Customer Support
MTMitra TenderIndia's Most Advanced Tender Intelligence Platform
Get Started Free

Policy

Privacy Policy

πŸ“œ MITRA TENDER – PRIVACY POLICY Version 2.0 Effective Date: 01 April 2027 Last Updated: 01 April 2027 Support & Grievance Officer: support@mitratender.com Mitra Tender (" Platform ", " we ", " us ", " our ") is an ...

πŸ“œ MITRA TENDER – PRIVACY POLICY Version 2.0 Effective Date: 01 April 2027 Last Updated: 01 April 2027 Support & Grievance Officer: support@mitratender.com

Mitra Tender ("Platform", "we", "us", "our") is an AI-powered tender aggregation and intelligence platform that collects, processes, analyzes, and delivers tender opportunities from government and private procurement sources.

This Privacy Policy explains in clear and plain language how we collect, use, store, protect, share, and process your personal data. It also describes your rights as a Data Principal under the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000, and other applicable laws (including GDPR where relevant for international users).

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree, please do not use the Platform.

FOUNDATIONAL LEGAL FRAMEWORK (Sections 1–8)

1. INTRODUCTION Mitra Tender provides tender aggregation, AI-powered document parsing, eligibility analysis, bid assistance, personalized recommendations, and deadline alerts.

This Policy covers:

  • What data we collect and from where
  • Purposes of processing
  • Legal basis for processing
  • Storage, security, and retention
  • Your rights (including access, correction, deletion, and withdrawal of consent)
  • How we handle AI processing, cookies, and third-party sharing

The Policy applies to all users, including website visitors, SaaS subscribers, vendors, API consumers, and enterprise clients.

2. DEFINITIONS 2.1 β€œPersonal Data” β€” Any data about an identifiable individual, such as name, email, phone, IP address, device information, or business contact details.

2.2 β€œSensitive Personal Data” β€” Includes financial details, identity documents (PAN, GSTIN, certificates), login credentials, and any data classified as sensitive under applicable law.

2.3 β€œTender Data” β€” Publicly available procurement notices, bid documents, BOQ, technical specifications, and related records.

2.4 β€œUser / Data Principal” β€” Any individual or organization accessing or using the Platform.

2.5 β€œProcessing” β€” Any operation on personal data, including collection, storage, analysis, use, sharing, or deletion.

2.6 β€œData Fiduciary” β€” Mitra Tender, as the entity determining the purpose and means of processing personal data.

3. SCOPE OF POLICY This Policy applies to:

  • MitraTender website, mobile/web apps, dashboards, admin panel, and APIs.
  • Data from government portals, private sources, user uploads, and automated systems.
  • Compliance with DPDP Act 2023 (India), IT Act 2000, and GDPR (for applicable international transfers/users).

4. DATA COLLECTION PRINCIPLES We follow DPDP Act principles:

  • Lawful, fair, and transparent processing
  • Purpose limitation and data minimization
  • Accuracy and storage limitation
  • Security safeguards and accountability

Data is collected only when necessary and with appropriate lawful basis.

5. TYPES OF DATA COLLECTED 5.1 User Account Data: Full name, company name, designation, email address, phone number. 5.2 Business Data: GSTIN, company registration details, industry category, business profile. 5.3 Tender Interaction Data: Viewed/saved/applied tenders, search queries, alerts, and preferences. 5.4 Uploaded Documents: Bid documents, certificates, financial statements, and other user-submitted files. 5.5 Technical Data: IP address, device type, browser/OS details, usage logs. 5.6 AI Interaction Data: Chat queries, inputs to AI assistant, generated outputs, and analysis results.

6. DATA SOURCES

  • Public government tender portals and procurement APIs
  • Private tender listings and industry sources
  • Direct user inputs and document uploads
  • Automated crawlers and integrated pipelines (only on publicly accessible data, respecting legal limits)

7. PURPOSE OF DATA PROCESSING We process data for:

  • Aggregating, normalizing, and delivering tender opportunities
  • AI-powered parsing, eligibility extraction, summarization, and recommendation
  • Personalized dashboards, alerts, and bid assistance tools
  • Platform improvement, analytics, and market insights
  • Security, fraud prevention, and legal compliance

8. LEGAL BASIS FOR PROCESSING Under DPDP Act, processing is based on:

  • Your free, specific, informed, unconditional, and unambiguous consent (with clear affirmative action)
  • Contractual necessity (to provide the requested service)
  • Legitimate uses permitted under law
  • Legal obligations (e.g., compliance with government orders)

Consent notices are provided in clear language before or at the time of collection.

DATA STORAGE, SECURITY & INFRASTRUCTURE GOVERNANCE (Sections 9–16)

9. DATA STORAGE ARCHITECTURE We use a secure multi-layered architecture:

  • Raw Data Layer (immutable crawled/API records)
  • Processed Data Layer (normalized tenders for search)
  • Intelligence Layer (AI-extracted insights)
  • User Data Layer (tenant-isolated profiles and uploads)

Databases may include PostgreSQL (relational), ClickHouse (analytics), S3-compatible storage, and Redis (caching). Data is partitioned by tenant and region.

10. DATA HOSTING & INFRASTRUCTURE Hosted on secure cloud providers (AWS/GCP/Azure) or dedicated infrastructure. Indian users’ data is preferably stored in India or compliant jurisdictions. Cross-border transfers are minimized and protected by safeguards.

11. DATA ENCRYPTION

  • At Rest: AES-256 or equivalent for all sensitive and personal data.
  • In Transit: TLS 1.2/1.3 enforced; HTTPS mandatory.
  • Key Management: Secure vaults with rotation and strict access controls.

12. ACCESS CONTROL & AUTHORIZATION

  • Role-Based Access Control (RBAC) with least privilege principle.
  • Multi-factor authentication (MFA) for sensitive accounts.
  • Detailed audit logs for all access and modifications.

13. DATA RETENTION POLICY

Data Type Retention Period Notes
User Account Data While account is active + 30 days Earlier deletion possible on request
Public Tender Data As long as relevant for service Archival for historical insights
User Uploaded Documents Until deleted by user or account closure Subject to legal holds
Logs & Technical Data 30–365 days Security & compliance needs

 

14. BACKUP & DISASTER RECOVERY Daily incremental and weekly full encrypted backups. Defined RTO and RPO with multi-zone redundancy.

15. SECURITY CONTROLS

  • Network: Firewalls, WAF, DDoS protection.
  • Application: Secure coding, input validation, rate limiting, regular penetration testing.
  • Vulnerability management with timely patching.

16. INCIDENT RESPONSE & BREACH MANAGEMENT We maintain a formal plan for detection, containment, investigation, and notification. Breaches are reported to authorities and affected users as required by DPDP Act.

AI, AUTOMATED PROCESSING & DATA INTELLIGENCE GOVERNANCE (Sections 17–26)

17. AI SYSTEM OVERVIEW Our AI acts as a decision-support tool only. It assists with document parsing, eligibility summarization, bid recommendations, and proposal drafting. Final decisions on bidding, compliance, and submissions remain solely your responsibility.

18. AI DATA INPUT SOURCES Public tender data, user-uploaded documents, business profiles, and chat inputs.

19. DOCUMENT PROCESSING & PARSING AI extracts dates, criteria, requirements, and specifications. Accuracy Disclaimer: Extracted data is provided β€œas is”. OCR or formatting errors may occur. You must always verify against the original official tender document before acting.

20. AI-GENERATED CONTENT Generated proposals, checklists, and strategies are advisory only. They do not constitute legal, financial, or professional advice.

21. AUTOMATED DECISION-MAKING No fully automated decisions with significant legal or similar effects are made.

22. AI TRAINING & DATA USAGE Models may use public datasets and anonymized/aggregated data. Your personal data is not used for training without safeguards. You may opt out of such use.

23. AI CHAT SYSTEM The chat assistant helps with tender understanding. Avoid sharing unnecessary sensitive information.

24. DATA ANONYMIZATION & AGGREGATION We use techniques like removal of identifiers and masking for analytics and insights.

25. AI ETHICS & COMPLIANCE We prioritize transparency, fairness, and accountability, aligned with DPDP Act principles.

26. LIMITATION OF AI LIABILITY To the maximum extent permitted by law, we are not liable for any loss, tender rejection, or financial damage arising from reliance on AI outputs or extracted data. Use of AI features is at your own risk.

DATA SHARING, THIRD PARTIES & INTEGRATIONS (Sections 27–36)

27–28. THIRD-PARTY SERVICE PROVIDERS We share data only with vetted providers (cloud hosting, email/SMS, analytics, OCR/NLP, payment gateways) under strict Data Processing Agreements. They may process data only for specified purposes and with equivalent security.

29. PUBLIC DATA & GOVERNMENT SOURCES We aggregate publicly available tender data without claiming ownership. The Platform is not a substitute for official government portals. Always verify critical information at the source.

30. DATA SCRAPING & AGGREGATION POLICY Automated tools are used only on publicly accessible data, respecting robots.txt, rate limits, and legal restrictions. We do not bypass authentication or security measures.

31. NO SALE OF PERSONAL DATA We do not sell personal data. Sharing occurs only for service delivery, legal compliance, or with consent.

32. API & INTEGRATION POLICY API users must follow rate limits and usage rules. Data obtained via API cannot be resold or misused.

33. CROSS-BORDER TRANSFERS Transfers outside India occur only with appropriate safeguards (e.g., contractual clauses) and in compliance with DPDP Act.

34–36. Business transfers (merger/acquisition), legal disclosures, and external links are handled with privacy protections. Third-party sites have their own policies.

USER RIGHTS, CONSENT & DATA CONTROL (Sections 37–46)

37. YOUR RIGHTS (DPDP Act) You have the right to:

  • Access your personal data
  • Correction or completion
  • Deletion (β€œright to be forgotten”)
  • Restriction of processing
  • Portability (in structured format)
  • Withdrawal of consent (with comparable ease)
  • Objection to certain processing

38–44. Rights can be exercised by emailing support@mitratender.com. We respond within 30 days (or as required by law). Consent withdrawal may limit some features.

45. GRIEVANCE REDRESSAL Contact: support@mitratender.com We acknowledge complaints within 48 hours and resolve in a reasonable timeframe. You may also approach the Data Protection Board of India if unsatisfied.

46. CHILDREN’S PRIVACY The Platform is not intended for users under 18. We do not knowingly collect data from children. Any such data found is promptly deleted.

 COOKIES, TRACKING TECHNOLOGIES & SESSION SECURITY (Sections 47–56)

47. INTRODUCTION We use cookies and similar technologies to enable functionality, improve experience, personalize content, and ensure security.

48. WHAT ARE COOKIES? Small text files stored on your device that help recognize your browser and store preferences or activity.

49. TYPES OF COOKIES 49.1 Strictly Necessary: For login, authentication, and core security. Cannot be disabled. 49.2 Functional: Remember language, filters, and preferences. 49.3 Analytics & Performance: Anonymized usage insights to improve the Platform. 49.4 Security: Detect fraud and suspicious activity.

50. THIRD-PARTY TECHNOLOGIES Limited use from trusted providers for analytics and security. No advertising cookies.

51. PURPOSES Service delivery, personalization, performance monitoring, security, and analytics.

52. CONSENT MANAGEMENT A clear cookie consent banner appears on first visit. You can accept, reject non-essential cookies, or customize. Consent is free, specific, informed, and withdrawable easily.

53. MANAGING COOKIES Use the Platform’s preference center or your browser settings. Blocking essential cookies may affect functionality.

54. SESSION MANAGEMENT Secure, encrypted session tokens with automatic expiry after inactivity. MFA encouraged.

55. FRAUD DETECTION Behavioral monitoring and limited device signals for security (legitimate interest basis).

56. RETENTION Cookie-related data is kept only as long as necessary. Analytics data is often aggregated/anonymized.

ENTERPRISE TERMS, LIABILITY & LEGAL PROTECTION (Sections 57–70)

57. LEGAL FRAMEWORK OVERVIEW This section sets out disclaimers, liability limits, user obligations, and dispute resolution.

58. DISCLAIMER OF WARRANTIES The Platform is provided β€œAS IS” and β€œAS AVAILABLE” without warranties of accuracy, completeness, timeliness, or uninterrupted availability. Tender data depends on public sources and may contain errors. Always verify with official sources.

59. LIMITATION OF LIABILITY To the fullest extent permitted by law, our total liability is limited to the amount you paid in the 12 months before the claim. We are not liable for indirect, consequential, or punitive damages, including lost profits, tender rejections, or business opportunities.

60. INDEMNIFICATION You agree to indemnify us against claims arising from your misuse of the Platform, violation of laws, or breach of this Policy.

61. USER RESPONSIBILITIES Provide accurate information, verify tenders, comply with laws, and not misuse (scrape, resell, or reverse-engineer) the Platform.

62. ENTERPRISE CLAUSES Enterprise clients may have separate SLAs with customized terms, higher security, and data isolation.

63. INTELLECTUAL PROPERTY We own the Platform, AI models, and technology. Tender data rights remain with original government/publishers. You may not copy, redistribute, or commercially exploit our content without permission.

64. TERMINATION You may close your account anytime. We may suspend/terminate for violations or legal reasons. Upon termination, access ends and data deletion may begin (subject to legal holds).

65. FORCE MAJEURE We are not liable for events beyond reasonable control (natural disasters, war, government actions, internet failures).

66. GOVERNING LAW & JURISDICTION Governed by the laws of India. Disputes are subject to the exclusive jurisdiction of courts in Delhi, India.

67. DISPUTE RESOLUTION First, mutual discussion; then arbitration; finally, courts.

68. MODIFICATIONS TO POLICY We may update this Policy. Material changes will be notified via email or prominent notice. Continued use after changes means acceptance.

69. SEVERABILITY If any clause is invalid, the rest remains enforceable.

70. ENTIRE AGREEMENT This Privacy Policy, along with our Terms of Service, forms the complete agreement between you and Mitra Tender regarding data handling and Platform use.

Contact for Privacy Queries or Rights Exercise: support@mitratender.com

 

🏠
Home
⚑
Features
πŸ’°
Plans
πŸ“Š
Tender Discovery
πŸ“˜
Knowledge Center
Privacy Policy | Mitra Tender