TenderReader
Menu

Founding Pro: £39/mo for 12 months. 0/50 founding Pro places claimed. 50 remain.

See the offer

Buyer answers

Procurement and security answers

A practical answer sheet for buyers reviewing TenderReader. It says what is implemented today and where launch-stage caveats remain.

Last updated: 15 June 2026

TenderReader runs on Railway for application hosting, Postgres, deployment logs, and scheduled jobs.

Uploaded packs are stored under the owning user account boundary. App routes require the signed-in owner before showing packs, analyses, files, or generated outputs.

The current production upload backend uses Postgres-backed upload storage unless object storage is explicitly configured.

Production currently uses the deterministic stub extraction engine by default. No third-party model processor is active under that configuration.

TenderReader code does not use uploaded customer packs to train a model. If a non-stub extraction provider is deliberately enabled later, the privacy page must name the live processor boundary before launch claims change.

  • Magic-link sign-in uses signed HTTP-only session cookies.
  • CSRF protection is enforced for unsafe requests in every environment.
  • Auth, upload, analysis, support, checkout, billing portal, pause, and cancellation endpoints are treated as critical routes and rate limited with forwarded-IP awareness for Railway-style proxy traffic.
  • Pack, analysis, calendar, preference, and billing routes check the owning account before returning account data.
  • Production responses set security headers including HSTS and a content security policy.
  • Structured request logs, health checks, scheduler sentinels, and optional Sentry events are available when SENTRY_DSN is configured.

Launch-stage retention is conservative and manual: account records, uploaded packs, analyses, events, and suppression records are retained until account deletion, a valid deletion request, or operational cleanup. Automatic expiry jobs have not been implemented yet.

Some records may be retained where required for security, abuse prevention, accounting, or legal duties.

The public data-accuracy page is based on versioned eval snapshots and live source counters where available. TenderReader does not claim production customer accuracy proof until that evidence exists.

No SOC 2, ISO 27001, or enterprise compliance badge is claimed. Buyer security review should treat this as a launch-stage product with clear controls and clear gaps, not as an audited enterprise platform.

For the full policy context, review the privacy, security, and data-accuracy pages linked in the site footer.