Your tender data and company profile are sensitive. We treat security as a product requirement, not an afterthought.
🔐
TLS Encryption
All data in transit is encrypted using TLS 1.3. We enforce HTTPS across all endpoints.
🗄️
Row Level Security
Database access is controlled by Supabase RLS policies. Users can only query their own data.
🔑
Auth via Clerk
Authentication powered by Clerk — SOC2 certified, supports SSO, MFA, and session management.
💳
PCI-Compliant Payments
Payments handled by Stripe. We never store card details. Stripe is PCI DSS Level 1 certified.
📋
SOC2 Prep
We are preparing for SOC2 Type 1 certification. Enterprise plans available with additional compliance documentation.
🐛
Responsible Disclosure
Found a vulnerability? Email security@bidedgehq.com. We respond within 48 hours and credit responsible disclosures.