Security
Your business runs on the trust your clients place in you. We treat their data — and yours — with the seriousness that deserves. Here is how Tend protects it.
Encrypted in transit
All traffic to and from Tend is served over TLS. Data is encrypted on the wire, end to end.
Strict tenant isolation
Every query is scoped to your organisation. One business can never read or touch another's data.
Hashed passwords
Passwords are stored only as salted bcrypt hashes. We can never see or recover your password.
Hosted in the EU
Your data is stored and processed in the European Union, with encrypted, rotating backups.
Least-privilege access
Roles limit what each teammate can see. Cleaners only ever see their own assigned jobs.
Audit logging
Sensitive actions are recorded so account owners have a clear, reviewable trail.
Access control and roles
Tend has three roles. Owners manage the business, billing and teammates. Admins help run day-to-day operations. Cleaners get a focused mobile experience limited to their own jobs — they can never see clients, money or other people's schedules. Access is enforced on the server for every request, not just hidden in the interface.
Authentication
Sessions are short-lived and re-validated against our records. Passwords must be at least eight characters and are stored only as salted hashes. Password reset links are single-use and expire after 30 minutes. We never reveal whether an email address has an account, to protect your team from enumeration.
Data protection and backups
Data is encrypted in transit and stored in the EU. We take regular encrypted backups on a rolling schedule and test that they restore. You can export your data at any time, and we delete it on request as described in our Privacy policy.
Responsible disclosure
If you believe you have found a security issue, please tell us before disclosing it publicly. Reach our team through the contact page and we will respond quickly and work with you to fix it. We appreciate every report.