Security

Enterprise Security & Data Handling

TenderMind is designed to support document-heavy AI workflows while minimizing unnecessary data exposure.

Security and data handling depend on the delivery model: authenticated Platform Workflows or Embedded Agents running inside approved enterprise AI environments.

Security at a glance

A practical summary for legal, IT, procurement, and compliance teams.

  • Ephemeral processing by designPlatform Workflows are designed to process files during the workflow and remove processed content after delivery.
  • Minimal operational metadataTenderMind may retain only minimal operational metadata needed for observability, traceability, and support.
  • Approved AI environmentsEmbedded Agents run inside the customer's approved AI workspace and follow that provider setup.
  • Human review by designTenderMind generates structured outputs for review. Final decisions remain with the responsible team.

Data handling by delivery model

  • Authenticated platform

    Platform Workflows

    • Files are uploaded into a defined workflow.
    • Processing is designed to be RAM-based and ephemeral where applicable.
    • The user receives the output after completion.
    • Processed content is deleted after delivery.
    • Minimal operational metadata may be retained.
  • Customer AI workspace

    Embedded Agents

    • The agent runs inside tools already approved by the organization.
    • Data handling follows the customer's agreement with that AI provider.
    • Existing enterprise controls, access policies, and governance apply.
    • TenderMind provides the agent structure, instructions, and workflow logic.

Platform Workflow data lifecycle

Upload files

User uploads the required files into the selected workflow.

Process during workflow

Files are processed for the requested task.

Generate output

TenderMind creates the requested report, matrix, brief, or structured result.

Deliver result

The final output is returned to the user or approved workspace.

Delete content

Processed content is removed after delivery.

Keep minimal metadata

Only minimal operational metadata may be retained.

What is retained

  • Minimal operational metadata

    • Filename logs.
    • Workflow execution metadata.
    • Basic operational information needed for observability and traceability.
  • Processed content after delivery

    • Full document content is not retained by default after processing.
    • Processed files are not retained by default after delivery.
    • Extracted document content is not retained as a persistent knowledge base by default.

AI provider and deployment-specific review

When Platform Workflows use third-party AI infrastructure, TenderMind works with commercial AI providers under terms designed to prevent customer data from being used for model training. Provider-specific retention and processing terms may vary by deployment and can be reviewed as part of a security summary.

Embedded Agents security model

Embedded Agents are designed for organizations that already use approved AI tools such as enterprise copilots or managed AI workspaces. In this model, the customer's AI provider agreement, access controls, retention settings, and internal policies remain central to the data handling model.

TenderMind provides the agent structure, instructions, output logic, review rules, and workflow design. The exact data handling model depends on where the agent is deployed and how the customer's AI environment is configured.

Security review support

Need a deployment-specific security summary? For legal, IT, procurement, or compliance review, TenderMind can provide a security summary explaining the selected workflow type, data path, processing model, retention approach, AI provider setup, and review responsibilities.

Security FAQ

Do Platform Workflows store uploaded files?Platform Workflows are designed for ephemeral processing. Processed content is deleted after delivery, while minimal operational metadata may be retained.
Do Embedded Agents send data to TenderMind?Embedded Agents run inside the customer's approved AI environment. Data handling follows the customer's agreement and configuration with that provider.
Is customer data used to train AI models?TenderMind works with commercial AI provider terms designed to prevent customer data from being used for model training. Details can be reviewed per deployment.
Can TenderMind provide material for internal review?Yes. TenderMind can provide a deployment-specific security summary for legal, IT, procurement, or compliance review.
Who makes final decisions based on outputs?TenderMind outputs are designed for human review. Final decisions remain with the responsible organization, committee, or reviewer.

Review TenderMind's security model for your deployment.

Request a deployment-specific security summary for the workflow or agent model your organization is considering.