Security & Trust
Built on three pillars: your data deleted after delivery, no AI training, and enterprise-grade security controls.
Your bid content is removed after each engagement. We keep only what's required for legal, billing, and security obligations — nothing more.
We never use customer data for training AI models, either internally or through third-party providers. Your data remains yours, is processed in a secure, isolated environment, and is not retained by us or third parties.
Encrypted at rest and in transit, built on Google Cloud infrastructure, aligned with ISO 27001 best practices.
We're actively working toward formal certifications. We share progress transparently while operating with strict controls around data handling, privacy, and AI governance.
We're preparing for ISO 42001 certification, giving customers confidence in how we build and run AI.
We're preparing for ISO 27001 certification to provide trust in our information security management.
We're preparing for a SOC 2 Type I audit to verify the design of our security and Adherence controls.
We operate under GDPR — the world's strictest standard for data privacy.
Our platform is built on world-class Google Cloud infrastructure, designed with multiple layers of defense to protect your data at every stage.
At Rest
All data stored in our environment is encrypted at rest using industry-standard AES-256.
In Transit
All data transmitted between you and Midpilot, and within our internal network, is encrypted using TLS 1.2 or higher.
Logical Isolation
Each client's data and analysis runs in a completely separate, logically isolated cloud environment. This architecture is designed to eliminate the risk of data cross-contamination.
European Data Residency
We ensure that all data is processed and stored exclusively on data centers within the European Union, consistent with GDPR requirements.
World-Class Infrastructure
We build on top of Google Cloud's certified infrastructure (e.g., ISO 27001, SOC 2), inheriting their world-class physical and environmental security controls. These certifications apply to Google Cloud's infrastructure — our own organizational certifications are listed above.
Privacy-First Access by Default
Bid content is primarily processed by the AI system and delivered as reports with citations. Human access is restricted by default and limited to necessary operational or support cases under internal controls.
Principle of Least Privilege
As we grow, all team members will be granted access only to the specific data and systems required to perform their roles.
Multi-Factor Authentication
All access to our internal systems and infrastructure requires multi-factor authentication.
Our service model is inherently more secure than a traditional SaaS product.
Nothing to Install
No software on endpoints. If you share files via SharePoint or OneDrive, we connect through a read-only Microsoft 365 integration—scoped only to the folders you share, with no write access and no broader tenant permissions.
No Client-Side User Management
You don't need to worry about provisioning new user accounts, managing passwords, or offboarding former employees.
A Clear, Auditable Process
The service is easy to understand and audit. There are no “black boxes.” We provide a clear chain of custody for your data from start to finish.
We welcome and encourage deep security reviews from our clients' technical teams. If you have further questions or would like to see our detailed security documentation, please get in touch.
Request a Security Briefing