TenderSign In

Privacy Policy

Effective 2026-05-11 · version 2026-05-11

This Privacy Policy explains what information Tender collects when you use the platform, how we use it, who we share it with, and the choices you have. It applies to marina staff, administrators, and customer-portal users.

Information You Provide

When you or your marina creates an account, we collect:

  • Name, email address, phone number, and mailing address.
  • Marina business name, address, and tax-collection jurisdictions.
  • Vessel details (make, model, year, dimensions, engine specifications).
  • Service requests, invoices, and any notes you enter.
  • Authentication credentials — either a hashed password or a passkey (WebAuthn) public key. We never store raw passwords.

Payment Information

Online payments are processed by Stripe, Inc. Card numbers, bank account numbers, and identity-verification documents are submitted directly to Stripe and are never stored on Tender's servers. We retain only the Stripe customer / payment-intent identifiers needed to reconcile transactions to invoices.

Automatically Collected Information

When you use Tender we automatically receive limited technical data needed to operate and secure the service:

  • IP address, user-agent string, and approximate request timing (used for rate limiting and abuse prevention).
  • A first-party session cookie ("tender-session") that authenticates you between requests.
  • Aggregate page-view and performance metrics via Vercel Analytics and Vercel Speed Insights. These products are designed to be cookieless and do not build cross-site profiles. See the Cookie Policy for details.

How We Use Information

We use the information described above to:

  • Provide the platform — authenticate you, render your data, send invoices, accept payments.
  • Communicate transactional messages (welcome emails, password resets, invoice notifications).
  • Detect and prevent fraud, abuse, and security incidents.
  • Meet legal, tax, and accounting obligations.
  • Improve the product through aggregate, non-identifying usage analysis.

Who We Share Information With

We do not sell personal information. We share data only with the service providers necessary to run Tender, and only to the extent needed for them to perform their role:

  • Stripe — payment processing, identity verification for Connected Accounts, and tax reporting.
  • Vercel — hosting, edge networking, and privacy-friendly analytics.
  • Email delivery providers — sending transactional email.
  • Database hosting — encrypted storage of your account and business data.
  • Law enforcement or regulators — only when required by valid legal process.
  • Marinas and their customers — each marina sees its own customers, vessels, requests, and invoices; customers see only their own records.

Data Retention

We retain account and transactional records for as long as your account is active and for a reasonable period afterward to comply with tax, accounting, and dispute-resolution obligations (typically seven years for financial records). Soft-deleted records remain in the database for audit purposes but are excluded from normal application views.

Your Rights

Depending on where you live, you may have rights to access, correct, port, or delete your personal information, to restrict or object to certain processing, and to lodge a complaint with a supervisory authority. California residents have additional rights under the CCPA / CPRA, including the right to know and the right to opt out of "sharing" for cross-context behavioral advertising (Tender does not engage in such sharing). To exercise any of these rights, contact us using the details on the Contact page.

International Transfers

Tender is operated in the United States and your information is processed there. If you access the service from outside the U.S., you understand that your information will be transferred to and processed in the United States.

Security

We use industry-standard safeguards including TLS in transit, encrypted storage at rest, passkey-based authentication, hashed passwords (scrypt), and role-based access controls. No method of transmission or storage is perfectly secure; please notify us immediately if you suspect your account has been compromised.

Children

Tender is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can delete it.

Changes to This Policy

We may update this policy from time to time. When we make material changes we will update the effective date and version above and, where required, request renewed consent.