🔒 Security at BidXlence
How we protect your proposal data
At BidXlence, we understand that your proposal content is sensitive business information. Federal contractors trust us with competitive intelligence, pricing strategies, and past performance data. We take that responsibility seriously.
Our Security Foundation
BidXlence is built on enterprise-grade infrastructure with security built in from the ground up:
| Security Control | Implementation |
|---|---|
| Encryption in Transit | ✓ TLS 1.3 on all connections |
| Encryption at Rest | ✓ AES-256 encryption for all stored data |
| Authentication | ✓ Secure authentication with MFA support |
| Data Isolation | ✓ Row-level security ensures tenant data separation |
| Infrastructure | ✓ Hosted on SOC 2 compliant platforms (Vercel, Supabase) |
| DDoS Protection | ✓ Built-in protection at the edge |
| Automatic Backups | ✓ Daily automated backups with point-in-time recovery |
Application Security
Secure Development Practices
- Regular security assessments of our codebase
- Input validation and sanitization on all user inputs
- Protection against common vulnerabilities (XSS, CSRF, SQL injection)
- Dependency monitoring for known vulnerabilities
- Secure API design with proper authentication on all endpoints
Access Controls
- Role-based access control within your organization
- Secure session management with automatic timeout
- Audit logging of administrative actions
Data Handling
⚠️ Important: Unclassified Content Only
BidXlence is designed for unclassified proposal content only. Users must not upload or store any classified information, Controlled Unclassified Information (CUI), export-controlled content (ITAR/EAR), or any data requiring special handling procedures.
What You Can Safely Store
- Past performance narratives and capability statements
- Proposal drafts and compliance matrices
- Pricing worksheets and cost volumes
- Team resumes and organizational charts
- RFP/RFI documents (unclassified only)
Data Retention
Your data remains under your control. You can export or delete your data at any time. When you delete content, it is permanently removed from our systems within 30 days.
Infrastructure Partners
We've chosen best-in-class infrastructure partners who maintain their own rigorous security programs:
Our Infrastructure Stack
- Vercel — Hosting platform (SOC 2 Type II certified)
- Supabase — Database and authentication (SOC 2 Type II certified)
- AWS — Underlying cloud infrastructure (FedRAMP authorized)
Our Commitment
As a company serving the federal contracting community, we are committed to:
- Continuous improvement of our security posture
- Transparent communication about our security practices
- Prompt response to any security concerns
- Regular security assessments and updates
Reporting Security Concerns
Contact Us
If you discover a security vulnerability or have concerns about our security practices, please contact us immediately:
Email: security@bidxlence.com
Last updated: January 2026