Privacy Policy

TenderBox is a tender management platform operated by Beyond Condition Pty Ltd (ABN 33 139 306 360), registered office Toowong QLD Australia, as trustee for the Beyond Condition Unit Trust (“we”, “us”, “our”). TenderBox is accessible at tenderbox.au and tenderbox.beyondcondition.com.

This Privacy Policy explains how we collect, use, disclose, and manage personal information. We comply with the requirements of the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), and we intend to incorporate the standards set forth in the European Union General Data Protection Regulation (GDPR) where applicable.

Beyond Condition reserves the right to modify this Privacy Policy at any time. Changes will be communicated electronically to all relevant parties. The current version will always be available at tenderbox.beyondcondition.com/privacy.

By using TenderBox, you acknowledge and agree that you have had sufficient opportunity to read and understand this policy and you agree to be bound by it. If you do not agree, please do not use the platform.

If a provision of this policy is invalid or unenforceable it is to be read down or severed to the extent of the inconsistency without affecting the validity or enforceability of the remaining provisions.

This policy applies to:

• Project managers and other professionals who create and manage tender exercises on TenderBox (Users);
• Tenderers or Bidders who receive an invitation link and submit bids through TenderBox (Tenderers); and
• Visitors to the TenderBox website.

Tenderers interact with TenderBox without creating an account. Their personal information is collected and held only for the duration of the tender exercise in which they participate.

We collect personal information from you for the exclusive purpose of providing the TenderBox platform and its services. If you do not provide us with certain information, you may not be able to enjoy the full functionality of the platform.

TenderBox collects session cookies from your browser, which enable us to maintain your login state and operate the platform. We do not use advertising cookies, cross-site tracking, or third-party analytics that collect personal information.

Your browser settings allow you to control or delete cookies, though disabling essential cookies may impair platform functionality.

Beyond Condition will not share, rent, trade, or sell your personal information to third parties. Personal information is used only for the purposes for which it was collected, including:

• Providing and operating the TenderBox platform
• Processing tender exercises, including sealed bid management, Q&A broadcasts, and evaluation workflows
• Sending transactional emails (tender invitations, bid confirmations, Q&A notifications, opening summaries) via SMTP2GO
• Generating evaluation reports and audit logs for export by the User
• Processing payments and managing billing via Stripe
• Responding to support enquiries
• Improving platform functionality and resolving technical issues
• Complying with legal obligations

You may correct, update, or request deletion of your personal information by contacting us at [email protected].

We disclose personal information to the following third parties only to the extent necessary to operate the platform:

Beyond Condition restricts access to your personal information within our organisation to specific personnel who require it to perform their job function. We maintain appropriate physical, electronic, and procedural safeguards to protect your information, including:

• Encryption of data in transit (TLS)
• Sealed bid architecture that prevents tender content from being accessed before the tender close time
• Append-only audit logging of all platform events

No method of electronic transmission or storage is completely secure. While we take reasonable precautions, we cannot guarantee absolute security. To report a security concern, please contact [email protected].

TenderBox is hosted on servers located in North America. We select providers who maintain appropriate data security standards. By continuing to use TenderBox, you consent to the transfer of your data to our hosting infrastructure.

Beta note: TenderBox is in active development. Following beta testing, our roadmap includes migrating to AWS servers hosted in Australia.

Additionally, by activating the AI co-evaluator feature, you acknowledge that tender content will be transmitted to Anthropic in the United States for the purpose of generating AI evaluations. User activation of the AI co-evaluator constitutes informed consent for that specific disclosure in accordance with APP 8.

Under the Privacy Act 1988 (Cth) and applicable law, you have the right to:

• Access — request access to the personal information we hold about you. We will respond within 30 days.
• Correction — request correction of inaccurate, out-of-date, or incomplete information. We will take reasonable steps to correct it within 30 days of a verified request.
• Deletion — request deletion of your personal information, subject to legal retention obligations (see §8).

If you believe we have breached the Australian Privacy Principles, you may contact us directly — we will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

Beyond Condition Pty Ltd is registered in Australia and complies with Australian state and Commonwealth law. This policy is governed by the laws of Queensland, Australia.

For privacy enquiries, access requests, correction requests, or complaints, please contact: