Security and isolation by design
Your pipeline, documents and answers are some of your most sensitive commercial assets. We treat them that way — at every layer of the platform.
Multi-tenant isolation
Every record is scoped to your organisation and that scope is enforced on every single request — there is no path to another tenant's data.
Private AI knowledge
Your library and answer bank live in a per-organisation knowledge store. They are never shared between customers and never used to train shared models.
Encrypted credentials
Provider and integration keys are encrypted at rest. Your browser never sees backend credentials.
Signed-URL storage
Documents are stored privately and served only via short-lived signed URLs — never public buckets.
Fine-grained access
Role-based permissions down to individual bids, so people see and do exactly what their role allows.
Complete audit trail
Every meaningful action is recorded with the actor, timestamp and context for full accountability.
Privacy-first by default
Good security is mostly good defaults. Ours are built for organisations that bid for regulated and public-sector work.
Least-privilege by default
New members start with the access they need and nothing more.
Self-hostable AI & retrieval
Run the AI and knowledge layers in your own environment for data residency.
System & error logging
Operational events are logged separately, so issues are traceable without exposing tenant data.
Compliance on the roadmap
We are building towards formal certification. We're transparent about where we are: the controls below are in place today, and independent attestation (SOC 2, ISO 27001) is on our roadmap. If you have specific compliance requirements, talk to us — we'll share our current posture in detail.
- Tenant data isolation enforced in every query
- Encryption of secrets at rest
- Signed-URL-only document access
- Role-based access control with per-bid scoping
- Full audit logging of mutating actions
- GDPR-aligned data handling
See access control in action
Control exactly what each person can do, with a full audit trail.

Roles & Permissions
Control exactly what each person can do, with a full audit trail.
Security questions? Let's talk.
We're happy to walk your security team through how isolation, encryption and access control work in practice.