Privacy Policy

Controller: LoadCircle Ltd (Company No. 16956262), England & Wales · Last updated: April 2026

This Privacy Policy explains how LoadCircle Ltd (“we”, “us”) processes personal data when you use TenderCircle websites, applications, waitlist forms, subscriptions, and related services (the “Service”). It applies together with our Cookie Policy and Terms & Conditions.

We process personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you are in the UK, you have the rights summarised in section 9.

Who we are

The data controller is LoadCircle Ltd, trading TenderCircle. Contact: help@tendercircle.co.uk. For data protection enquiries, use the same address with subject line “Data protection”.

What personal data we collect

Depending on how you use the Service, we may process:

Identity and contact: name, email, phone (if provided), company name, role.
Account and profile: business profile fields (e.g. sector, regions, preferences) used for matching and communications.
Transaction data: subscription plan, payment status, and identifiers from our payment processor (we do not store full card numbers).
Technical and usage data: IP address, device/browser identifiers, approximate location derived from IP, timestamps, pages or screens viewed, logs, session identifiers, and security/anti-abuse signals.
Communications: messages you send us and records of support.
Cookie and similar data: as described in our Cookie Policy.

We do not intentionally collect special-category (sensitive) data through the Service; please do not submit health or other special-category data unless we explicitly request it and provide a lawful basis.

Why we use personal data (purposes and lawful bases)

Purpose	Lawful basis (UK GDPR)
Provide, operate, and improve the Service; matching and notifications	Performance of a contract; legitimate interests (service delivery and improvement)
Process subscriptions and payments (via Stripe)	Performance of a contract; legal obligation (tax/accounting where applicable)
Security, fraud prevention, abuse detection, enforcing Terms and Fair Use Policy	Legitimate interests; legal claims; occasionally legal obligation
Preventing re-registration after termination or abuse (e.g. IP/device signals)	Legitimate interests (security and enforcement)
Analytics where non-essential cookies or tools are used	Consent (where required under PECR/ePrivacy)
Marketing communications (where applicable)	Consent or soft opt-in where permitted under PECR
Responding to legal requests and defending legal rights	Legal obligation; legitimate interests

Processors and recipients

We use trusted service providers (“processors”) to host and operate the Service, including for example:

Stripe — payment processing (subject to Stripe’s privacy notice).
Supabase or similar — database/hosting for waitlist and product data.
Cloudflare (or similar) — hosting, security, and edge services.
Email and analytics providers — as configured (e.g. Plausible or similar for analytics if you consent).

We impose appropriate contractual terms on processors. We do not sell your personal data.

International transfers

Where personal data is transferred outside the UK, we ensure appropriate safeguards (e.g. UK adequacy regulations, UK International Data Transfer Agreement, or Standard Contractual Clauses) as required by UK GDPR.

Retention

We retain personal data only as long as necessary for the purposes above, including legal, tax, and accounting requirements. Technical logs and anti-abuse records may be retained for a limited period to secure the platform and enforce policies. When retention ends, we delete or anonymise data unless a longer period is required by law.

Security

We implement appropriate technical and organisational measures to protect personal data. No method of transmission over the internet is completely secure; we cannot guarantee absolute security.

Automated processing and “AI” features

Some features may use automated or assisted analysis (e.g. summaries or match scores). Outputs are advisory and not solely determinative of legal rights affecting you in a significant way within the meaning of UK GDPR Article 22 without human review where required. You should verify important information on official buyer channels.

Your rights

Subject to UK GDPR, you may have the right to: access; rectification; erasure; restriction; data portability; object to processing based on legitimate interests; withdraw consent where processing is consent-based; and lodge a complaint with the ICO (ico.org.uk). To exercise rights, contact help@tendercircle.co.uk. We may need to verify your identity.

Children

The Service is aimed at businesses and is not directed at children. We do not knowingly collect data from anyone under 18.

Changes to this Privacy Policy

We may update this policy from time to time. The “Last updated” date will change; material changes may be communicated by email or in-product notice where appropriate.

Contact: help@tendercircle.co.uk

This Privacy Policy is provided for transparency. It is not legal advice. For regulated or high-risk processing, seek professional advice.