Privacy Policy

Last updated: 3 June 2026

1. Introduction

Australia Tender Alerts (ABN 85 639 380 225) ("we", "us", "our") is committed to protecting the privacy of our users and handling personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and otherwise handle your personal information when you use our website and services at australiatenderalerts.com.

2. Information We Collect

We collect personal information through the following channels: when you register for an account, when you configure your business profile and alert preferences, when you contact us via email, and automatically when you use our platform. The types of information we collect include:

  • Account information: Your name, email address, mobile number, and password (which is securely hashed and never stored in plain text).
  • Business information: Organisation name, business phone number, ABN, state or territory, employee count, billing email, service descriptions, keywords, and industry preferences that you provide to help us match relevant tenders to your business and manage your account.
  • Usage and analytics data: We use Google Analytics to collect information about how you use our platform, including pages visited, features used, device type, browser information, and referral sources. This helps us understand usage patterns and improve the Service.
  • Email engagement data: We record whether our emails to you are delivered, opened, or clicked, along with associated technical information such as IP address and device or email-client details. This helps us monitor deliverability and improve our communications.
  • Log and security data: Our servers automatically record information including your IP address, access times, the pages or endpoints you request, and audit information about actions taken on your account. This data is used for security monitoring, debugging, and service improvement.
  • Payment information: Payment processing is handled entirely by Stripe. We never store your credit card details, bank account numbers, or other financial information on our servers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our tender alert service.
  • Match tenders to your business profile using AI-powered classification to ensure you receive the most relevant opportunities.
  • Send you email alerts about tenders that match your business profile and preferences.
  • Process payments and manage your subscription.
  • Communicate important service updates, changes, or maintenance notifications.
  • Send you onboarding, follow-up, and promotional emails about the Service — for example, reminders to complete your setup or activate a subscription. You can opt out of these marketing communications at any time using the unsubscribe link in the email; opting out does not affect transactional emails (such as tender alerts and billing notices) that are required to operate the Service.
  • Analyse usage patterns and measure advertising effectiveness to improve the platform, fix issues, and develop new features.

4. AI Classification

We use OpenAI's services to classify the relevance of government tenders against your business profile. This process helps us determine which tenders are most likely to be relevant to your organisation.

Only tender data sourced from publicly available government portals and your business description (organisation name, service descriptions, and keywords) are sent to OpenAI for classification purposes.

Your personal information, including your email address, name, and payment details, is never sent to AI providers. OpenAI's handling of data sent through their API is governed by their business terms and privacy policy. We encourage you to review these policies directly.

5. Third-Party Services

We use the following third-party service providers to operate our platform:

  • Amazon Web Services (AWS): Cloud hosting and email delivery via Amazon SES, hosted in the ap-southeast-2 (Sydney) region.
  • Stripe: Secure payment processing for subscriptions and billing.
  • OpenAI: AI-powered classification of tender relevance against your business profile.
  • Google Analytics: Website usage analytics to help us understand how our platform is used and improve the Service.
  • Google Ads: Conversion tracking and remarketing, used to measure the effectiveness of our advertising and to show our ads to people who have visited our website. For conversion measurement, we may share a hashed version of your email address with Google ("enhanced conversions"). See the Cookies and Tracking section below for how you can control this.

Each of these providers is bound by their own privacy policies and data processing agreements. We encourage you to review their respective privacy policies.

6. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: httpOnly secure cookies used solely for authentication. These are required to maintain your logged-in session and cannot be accessed by client-side scripts.
  • Analytics cookies: Google Analytics cookies used to collect usage data about how visitors interact with our platform. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
  • Advertising cookies: Google Ads cookies used for conversion tracking and remarketing — measuring whether our ads led to sign-ups and showing our ads to people who have previously visited our website. As part of conversion measurement, we may share a hashed version of your email address with Google. We do not sell your personal information, and we do not share it with advertising networks other than Google for these purposes.

You can control advertising cookies and personalised advertising through Google Ad Settings, and you can manage or block cookies through your browser settings at any time.

Our platform does not respond to Do Not Track (DNT) browser signals, as there is no industry-standard technology for honouring DNT requests. However, you can control cookie preferences through your browser settings.

7. Data Security

We take reasonable steps to protect your personal information from misuse, interference, loss, and unauthorised access or disclosure. Our security measures include:

  • All data is encrypted in transit using TLS/SSL.
  • Authentication is managed via httpOnly secure cookies with a strict SameSite policy to prevent cross-site request forgery.
  • Rate limiting is applied to all API endpoints to prevent abuse.
  • Regular security reviews and updates are conducted to maintain the integrity of our systems.

8. Data Retention and Deletion

Your account data is retained for as long as your account remains active. If you choose to close your account, your personal data will be deleted from our active systems.

You may request the deletion of your account and all associated personal data at any time by contacting us.

Tender data sourced from public government portals is retained independently of your account, as it constitutes publicly available information.

After your account is deleted from our active systems, residual copies of your personal data may persist in our routine encrypted backups until those backups age out of our rolling backup-retention cycle, which occurs within 90 days. Backup data is not used for any purpose other than disaster recovery.

9. Your Rights

Under the Australian Privacy Principles, you have the right to:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we update or correct any inaccurate personal information.
  • Deletion: Request the deletion of your account and associated personal data.
  • Complaint: If you believe we have breached the Australian Privacy Principles, you may first lodge a complaint directly with us. We will acknowledge your complaint within five (5) business days and aim to provide a substantive response within thirty (30) days. If you are not satisfied with our response, you may escalate your complaint to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.

To exercise any of these rights, please contact us at [email protected].

10. Overseas Disclosure

In the course of providing our services, your personal information may be processed by service providers located in the United States, including Amazon Web Services, OpenAI, Stripe, and Google (Analytics and Ads).

We take reasonable steps to ensure that these overseas recipients handle your personal information in accordance with the Australian Privacy Principles and maintain appropriate data protection standards consistent with Australian privacy law.

11. Data Breach Notification

In the event of a data breach that is likely to result in serious harm to any individual whose personal information is involved, we will comply with the Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth), to the extent that it applies to us.

Where required, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as soon as practicable after becoming aware of a qualifying breach. We will take reasonable steps to contain the breach and mitigate any potential harm.

Nothing in this section creates an obligation on us beyond what is required by applicable law. Our liability in connection with any data breach is limited to the maximum extent permitted by law, as set out in our Terms of Service.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. Any material changes will be communicated to you via email prior to the changes taking effect.

Your continued use of our services after any modifications to this Privacy Policy constitutes your acceptance of the updated terms.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us: