Security approach

Last reviewed 18 July 2026

Tenant-aware access

MyBiddingAgent resolves each user’s active tenant and role before serving tenant data. Application queries are expected to filter by tenant, with PostgreSQL row-level security providing an additional isolation layer.

Identity and permissions

The platform uses Keycloak-based identity, tenant membership, and role-aware API checks. Tenant administrators, bid owners, contributors, and reviewers have different responsibilities across the proposal lifecycle.

Human decision gates

Consequential actions remain human-controlled. AI may analyse evidence and prepare content, but authorised people control bid approval, pricing decisions, proposal approval, and final submission.

Auditability and credentials

The product records human, system, and agent activity for supported workflows. Sensitive connector credentials are designed to be encrypted and are not returned as plain values through the application.

Responsible claims

This page describes implemented architectural controls and operating principles. It does not claim external certification. Security requirements for an enterprise rollout are reviewed during scoping.

Report a security concern to ops@mybiddingagent.com.