Security & Privacy

Your data security
is our priority

We understand that bid documents contain sensitive business information. Here's how we protect it.

Data Encryption

Your documents and data are protected with industry-standard encryption at every stage.

  • TLS 1.2+ encryption for all data in transit
  • SSL-enforced database connections in all non-development environments
  • Secure file upload with MIME type validation via magic bytes
  • Path traversal protection on all file storage operations

Access Control

Multi-layered authentication with role-based permissions and organization-level isolation.

  • JWT-based authentication with token blocklist for effective logout
  • API key authentication (X-API-Key) for machine-to-machine integration
  • Organization-level data isolation — every query scoped by org
  • Role hierarchy: Owner > Admin > Member > Viewer with enforced permissions

Document Handling

We process your documents with care and give you full control over your uploaded files.

  • Documents parsed and chunked for AI analysis — never shared across orgs
  • Vector embeddings stored in isolated collections per organization
  • Cloud storage support (Azure Blob) with server-side encryption
  • Delete any tender and all associated data at any time

AI Processing

Your documents are processed by leading AI providers with strong privacy commitments.

  • Multi-provider support: Google Gemini, Azure AI, Groq, and self-hosted options
  • Your data is never used to train AI models
  • Document content sent only for analysis, not retained by providers
  • AI responses stored within your organization's isolated data scope

Infrastructure & Monitoring

Production-hardened infrastructure with comprehensive observability.

  • Rate limiting on authentication endpoints (brute-force protection)
  • Security headers: CSP, HSTS, X-Frame-Options, X-Content-Type-Options
  • Structured audit logging with IP address and user agent tracking
  • Prometheus metrics endpoint for real-time system monitoring

Your Control

You own your data. Export it, delete it, or close your account — all on your terms.

  • Export your tender data and analysis results anytime
  • Delete individual tenders or your entire account
  • Webhook notifications for event-driven integration with your systems
  • No lock-in — your data is always accessible via API
Our Commitment

Security is not an afterthought

We build security into every layer of BidsCue — from how we handle your uploads to how we store your analysis results.

Secure by Design

Every database query is org-scoped. Every API endpoint validates ownership. Security is architectural, not bolted on.

Multi-Tenant Isolation

Each organization's tenders, analyses, documents, and configurations are completely isolated at the data layer.

Audit Trail

Every significant action is logged with user context, IP address, and timestamp. Exportable audit logs for compliance.

Questions about
security?

We're happy to answer any questions about how we handle your data and protect your information.

operations@bidscue.comPrivacy Policy