TenqualTQ
Start with Tenqual

Privacy Policy

This Privacy Policy explains how Tenqual ("we", "us", "our") processes personal data when you use our products, websites, and services (collectively, the "Service"). The short version is: we use your data to run Tenqual, secure accounts, deliver product features, bill correctly, and support customer and sales conversations. We do not use customer content to train our own models.

At a glance

Controller

Tenqual ANS
Lerkerinden 61, 5099 Bergen, Norway
Org. no. 935 920 604

Privacy contact

support@tenqual.com
Use this address for access, deletion, correction, or other privacy requests.

What we collect

Account details, authentication data, workspace content, product usage data, billing records, and business contact details.

What we use it for

Running the service, securing accounts, delivering AI features, handling billing, and responding to sales or support interactions.

On this page

Controller and contactScopeData we collectSources of dataPurposes and legal basesAI processingCookiesDisclosures and processorsInternational transfersRetentionSecurityYour rights

Controller and Contact

Tenqual ANS is the controller for the personal data covered by this policy. We are registered in Norway under organization number 935 920 604 and our business address is Lerkerinden 61, 5099 Bergen, Norway.

For privacy or data protection questions, contact support@tenqual.com. If we appoint a DPO or EU representative, we will update this page.

Scope

This policy covers personal data we process when you visit our websites, create an account, sign in, upload content, work in Tenqual, receive alerts, interact with support, or respond to our marketing or sales outreach.

Categories of Data We Collect

  • Account and profile: name, email address, company, country, role, consent timestamps (ToS/Privacy), and workspace membership metadata.
  • Authentication: identity tokens from your chosen provider (e.g., Google; via Firebase Auth), session identifiers, and security logs.
  • Service data: files and text you upload, search queries, tender selections, usage events (e.g., feature invocations, model tokens in/out for cost estimation), and system diagnostics.
  • Device/usage: IP address, browser/OS information, timestamps, and cookies necessary for sign-in and security. With consent, Google Analytics may use analytics cookies. Without consent, we may still receive limited cookieless measurement signals for aggregate website performance and CTA measurement.
  • CRM/marketing: business contact details, event and campaign interactions, email preferences, and attribution data when you opt in or engage with our sales team.

Sources of Data

We collect data directly from you, from your organization (if your account is provisioned by an admin), from integrated services (Firebase Authentication, Stripe), and from our applications as you use the Service.

  • Provide and secure the Service (Art. 6(1)(b) contract; Art. 6(1)(f) legitimate interests for security): account creation, authentication, access control, fraud prevention, and logging.
  • Operate product features (Art. 6(1)(b)): document processing, search, qualification, collaboration, notifications.
  • Measure usage and costs (Art. 6(1)(f)): event and token accounting per workspace for transparency and billing.
  • Billing (Art. 6(1)(b) and (c)): subscription management, invoicing, and tax compliance via Stripe.
  • CRM and marketing (Art. 6(1)(a) consent; Art. 6(1)(f) legitimate interests B2B): keeping a record of business contacts, responding to inquiries, sending product updates where permitted, and honoring opt-outs at any time.
  • Legal obligations (Art. 6(1)(c)): record keeping, responding to lawful requests, enforcing terms.

AI Processing

When you invoke AI features, we process the text you provide and model outputs solely to deliver the feature and to compute usage statistics. We do not use your customer content to train our own models.

Our AI providers may retain service logs in line with their own terms and applicable law. Where supported, we configure provider data controls to disable use of customer content for model training and to minimize retention.

Cookies

We use strictly necessary cookies and similar technologies for authentication and security. With your consent, Google Analytics may set analytics cookies to improve product experience and measurement. If you reject or do not answer the analytics choice, we do not set analytics cookies, but Google Analytics may still receive limited cookieless measurement signals for aggregate website performance and CTA measurement. We do not use those limited signals for advertising personalization. You can adjust preferences at any time via your browser or our banner.

Disclosures and Processors

We share data with service providers under data processing agreements and require appropriate confidentiality, security, and subprocessing controls.

Our current subprocessors include:

  • Google Cloud Platform (hosting and cloud infrastructure)
  • Firebase (authentication)
  • Stripe (payments and billing)
  • SendGrid (transactional email)
  • HubSpot (CRM and B2B marketing communications)

International Transfers

Where data moves outside your region, we rely on GDPR transfer mechanisms (e.g., SCCs) and implement technical and organizational measures appropriate to the risks.

Retention

Account records and workspace data are retained for the life of the account and then deleted or anonymized per our retention schedule. You may request export or deletion at any time, subject to legal holds.

  • Operational logs: typically retained for up to 90 days.
  • Backups: retained for up to 30 days unless required longer for recovery or legal reasons.
  • Billing and invoicing records: retained for periods required by tax and accounting laws (commonly 5–10 years).

Security

We apply least-privilege access, encryption in transit and at rest, network isolation for production systems, audit logging, and automated deployment with secrets from a managed store.

Your Rights

Under GDPR you may request access, rectification, erasure, restriction, portability, and object to certain processing (including direct marketing). You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal. We may ask you for information to verify your identity, and we aim to respond within 30 days of receiving a complete request, subject to extensions permitted by law. Contact support@tenqual.com.

Children

The Service is not directed to children under 16 (or the lower age permitted by local law) and we do not knowingly collect their personal data.

Changes

We may update this policy to reflect product, legal, or operational changes. We will post revisions with an effective date and, where material, provide reasonable advance notice.

Effective date: 2026-03-24

Privacy Policy | Tenqual