Privacy policy

For data about you and your teammates (your account, your usage of Tend), Tend is the data controller. For data you put into Tend about your own clients — names, addresses, job notes, photos, invoices — you are the controller and Tend is your processor, acting on your instructions under these terms and our data-processing commitments.

• Account data: your name, email, business name, address and password (stored only as a salted hash).
• Content you create: clients, jobs, schedules, estimates, invoices, checklists, time entries and photos.
• Usage and device data: log entries, IP address and basic device information, used for security and to operate the service.
• Communications: messages you send to us, and notifications we send on your behalf.

We do not sell personal data, and we do not use your or your clients' content to train third-party advertising models.

• To provide the service you signed up for — performance of a contract.
• To keep the service secure, prevent abuse and fix problems — our legitimate interests.
• To send service and account notifications — performance of a contract or legitimate interests.
• To meet legal and accounting obligations — legal obligation.
• Where required, with your consent — which you can withdraw at any time.

Your data is hosted in the European Union. We use a small set of carefully chosen sub-processors to run Tend, for example: cloud hosting and databases, object storage for photos and receipts, and email/messaging providers used to deliver the notifications you send. Each is bound by a data-processing agreement. Where any transfer outside the EEA is unavoidable, it is covered by Standard Contractual Clauses. We can provide our current sub-processor list on request.

We keep your account and content for as long as your account is active. When you close your account, we delete or anonymise personal data within 30 days, except where we must keep certain records (such as invoices) to meet legal and tax obligations. Backups are rotated on a rolling schedule and then permanently deleted.

Under the GDPR you have the right to:

• Access the personal data we hold about you;
• Correct inaccurate data;
• Erase your data (the right to be forgotten), subject to legal retention;
• Restrict or object to certain processing;
• Receive your data in a portable format;
• Withdraw consent where processing relies on it;
• Lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or your local supervisory authority.

To exercise any of these, use our contact page. If you are one of our customers' clients, please contact that business directly — they are the controller of your data — and we will help them respond.

We protect data with encryption in transit, strict tenant isolation so one business can never see another's data, hashed passwords, least-privilege access and audit logging. Read more on our Security page.

Tend uses only the cookies it needs to keep you signed in securely and to remember your preferences (such as light or dark theme). We do not use advertising or cross-site tracking cookies.

Tend is a tool for businesses and is not intended for anyone under 18. We do not knowingly collect data from children.

If we make a material change to this policy we will notify you before it takes effect. For any privacy question or request, reach our team through the contact page.