Scroll to top
Legal

Privacy Policy

  • Home
  • Privacy Policy
Last Updated: 13 March 2026  |  Effective Date: 13 March 2026  |  Applicable Law: Digital Personal Data Protection Act, 2023 (DPDP) & IT Act, 2000

Tendworks Private Limited ("Tendworks", "we", "us", or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, store, share, and protect data when you access our website at tendworks.com or use our AI-HRMS platform and related services (collectively, "Service").

This Policy complies with the Digital Personal Data Protection (DPDP) Act, 2023, the Information Technology Act, 2000, and applicable rules thereunder.

1. Who This Policy Applies To

This Policy applies to:

  • Customers: Businesses and organisations that subscribe to and use TendWorks HRMS.
  • End Users: Employees, HR administrators, and managers who access the Platform on behalf of a Customer.
  • Website Visitors: Anyone who visits our website without a subscription.

TendWorks acts as a Data Processor with respect to Employee Data controlled by our Customers (who are the Data Fiduciaries under DPDP Act, 2023) and as a Data Fiduciary with respect to data collected directly from website visitors and prospective customers.

2. Data We Collect

Category Data Elements Source
Account & Contact Data Company name, authorised contact name, work email, phone number, billing address, GSTIN Customer registration & demo form
Employee Data (processed on behalf of Customers) Employee name, PAN, Aadhaar (masked), bank account details, salary, leave records, attendance, performance evaluations, job role, date of joining/leaving Entered by Customer HR administrators
Usage & Technical Data IP address, browser type, device information, pages visited, session duration, clickstream data, API call logs Automated collection via cookies and server logs
Communication Data Emails, chat messages, support tickets, and any content you share with us Directly from you
Payment Data Subscription plan, payment status. Card/bank details are processed by our PCI-DSS compliant payment gateway; we do not store raw payment card data. Payment gateway (Razorpay / equivalent)

3. How We Use Your Data

  • Service Delivery: To provide, operate, and improve the TendWorks HRMS platform.
  • Payroll & Compliance Processing: To automate payroll runs, calculate statutory deductions (PF, ESI, TDS, PT), and generate reports.
  • AI & Analytics Features: To power resume screening, predictive attrition models, and workforce analytics using anonymised or pseudonymised data.
  • Account Management: To manage your subscription, issue invoices, and process payments.
  • Customer Support: To respond to queries, troubleshoot issues, and provide onboarding assistance.
  • Security: To detect, prevent, and investigate fraud, security breaches, and misuse.
  • Legal Compliance: To comply with applicable laws, regulations, court orders, or governmental requests.
  • Product Improvement: To analyse usage patterns and improve platform features using aggregated, anonymised analytics. We will never use personally identifiable Employee Data for marketing or product improvement without explicit consent.
  • Communications: To send service announcements, product updates, and promotional offers. You may opt out of marketing communications at any time.

4. Legal Basis for Processing

Under the DPDP Act, 2023, we process personal data on the following lawful basis:

  • Consent: Where you have given explicit, informed consent (e.g., marketing communications).
  • Contractual Necessity: To perform our obligations under the Subscription agreement.
  • Legal Obligation: Where processing is required to comply with applicable Indian law.
  • Legitimate Interest: For fraud prevention, security monitoring, and product analytics, where your interests are not overridden.

5. Cookies and Tracking Technologies

We use the following types of cookies on our website:

  • Essential Cookies: Required for the website and platform to function. Cannot be disabled.
  • Analytics Cookies: Help us understand traffic patterns (e.g., Google Analytics). These are anonymised and require your consent.
  • Functional Cookies: Remember your preferences (e.g., language, session state).

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Service.

6. Data Sharing and Third Parties

We do not sell or rent your data. We may share data with:

  • Cloud Infrastructure Providers: Amazon Web Services (AWS) – data hosted on servers located in India (ap-south-1 region).
  • Payment Processors: Razorpay (or equivalent) – for subscription billing, under their own PCI-DSS compliance.
  • Email & Communication Services: For transactional emails and OTPs (e.g., SendGrid or AWS SES).
  • Analytics Tools: Google Analytics (anonymised data only, with IP masking enabled).
  • Statutory Authorities: When required by law (e.g., EPFO, ESIC, Income Tax Department) or court order.
  • Professional Advisors: Lawyers, auditors, and accountants bound by confidentiality obligations.

All third-party vendors are contractually bound to process data only as instructed and in compliance with applicable privacy laws.

7. Data Retention

  • Employee payroll and statutory data is retained for 8 years from the date of processing, as mandated by Indian tax and labour laws.
  • Account data is retained for the duration of the subscription and for 3 years thereafter for legal compliance purposes.
  • Website usage logs are retained for 90 days.
  • Upon subscription termination and written request, Customer data is exported and then securely deleted within 30 days.

8. Data Security

Tendworks implements industry-standard security measures including:

  • Encryption: AES-256 at rest; TLS 1.3 in transit.
  • Access Control: Role-Based Access Control (RBAC) with least-privilege principles.
  • Authentication: JWT tokens with short expiry; bcrypt password hashing; HttpOnly refresh-token cookies.
  • Infrastructure: Hosted on AWS with isolated VPCs, security groups, and automated vulnerability scanning.
  • Backups: Daily encrypted backups with geo-redundant storage within India.
  • Audits: Periodic internal security audits and penetration testing.

In the event of a personal data breach, Tendworks will notify affected Customers and, where required, the relevant authority within 72 hours of becoming aware of the breach.

9. Your Rights as a Data Principal

Under the DPDP Act, 2023, individuals whose data we process have the following rights:

  • Right to Access: Obtain confirmation of and access to your personal data we hold.
  • Right to Correction: Request correction of inaccurate or incomplete personal data.
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
  • Right to Withdraw Consent: Withdraw consent for processing based on consent, without affecting prior lawful processing.
  • Right to Grievance Redressal: Lodge a complaint with our Data Protection Officer or with the Data Protection Board of India.
  • Right to Nominate: Nominate an individual to exercise rights in the event of death or incapacity.

To exercise any of these rights, contact our Data Protection Officer at contact@tendworks.com with the subject line "DPDP Rights Request". We will respond within 30 days.

Note: Employee data rights should typically be exercised through your employer (our Customer), who is the Data Fiduciary for that data.

10. Children's Privacy

The TendWorks platform is intended for use by businesses and is not directed at children under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected such data, we will promptly delete it.

11. International Data Transfers

All Customer data and Employee Data is stored and processed on servers located within India (AWS ap-south-1 region). We do not transfer personal data outside India without explicit Customer consent and appropriate safeguards as required under Indian law.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, or our business practices. We will notify Customers of material changes via email or in-platform notification at least 14 days before the effective date. The latest version will always be available at this URL.

13. Data Protection Officer & Grievance Officer

As required under the DPDP Act, 2023 and the IT Act, 2000, you may contact our designated officer for privacy-related concerns:

If you are unsatisfied with our response, you may escalate the matter to the Data Protection Board of India once it is constituted and operational under the DPDP Act, 2023.

TendWorks HRMS
Product
Modules
About Us
Why TendWorks?
Pricing
Contact Us
Careers
Contact Us
contact@tendworks.com
No44A, Tellus Ave, Phase 2, Madambakkam, Rajakilpakkam, Chennai, Tamil Nadu 600073
About Us

Your Workforce, Intelligently Managed. Automate your HR operations locally.