Security approach
Last reviewed 18 July 2026
Tenant-aware access
MyBiddingAgent resolves each user’s active tenant and role before serving tenant data. Application queries are expected to filter by tenant, with PostgreSQL row-level security providing an additional isolation layer.
Identity and permissions
The platform uses Keycloak-based identity, tenant membership, and role-aware API checks. Tenant administrators, bid owners, contributors, and reviewers have different responsibilities across the proposal lifecycle.
Human decision gates
Consequential actions remain human-controlled. AI may analyse evidence and prepare content, but authorised people control bid approval, pricing decisions, proposal approval, and final submission.
Auditability and credentials
The product records human, system, and agent activity for supported workflows. Sensitive connector credentials are designed to be encrypted and are not returned as plain values through the application.
Responsible claims
This page describes implemented architectural controls and operating principles. It does not claim external certification. Security requirements for an enterprise rollout are reviewed during scoping.