Security & Trust
Built on three pillars: zero retention, no AI training, and enterprise-grade security controls.
All documents are deleted after delivery. Nothing is stored long-term.
Your data never trains our models. Ever.
Encrypted at rest and in transit, built on Google Cloud infrastructure, aligned with ISO 27001 best practices.
We're actively working toward formal certifications. We share progress transparently while operating with strict controls around data handling, privacy, and AI governance.
We're preparing for ISO 42001 certification, giving customers confidence in how we build and run AI.
We're preparing for ISO 27001 certification to provide trust in our information security management.
We're preparing for a SOC 2 Type I audit to verify the design of our security and Adherence controls.
We operate under GDPR — the world's strictest standard for data privacy.
Our platform is built on world-class Google Cloud infrastructure, designed with multiple layers of defense to protect your data at every stage.
At Rest
All data stored in our environment is encrypted at rest using industry-standard AES-256.
In Transit
All data transmitted between you and Midpilot, and within our internal network, is encrypted using TLS 1.2 or higher.
Logical Isolation
Each client's data and analysis runs in a completely separate, logically isolated cloud environment. This architecture is designed to eliminate the risk of data cross-contamination.
European Data Residency
We ensure that all data is processed and stored exclusively on data centers within the European Union, consistent with GDPR requirements.
World-Class Infrastructure
We build on top of Google Cloud's certified infrastructure (e.g., ISO 27001, SOC 2), inheriting their world-class physical and environmental security controls. These certifications apply to Google Cloud's infrastructure — our own organizational certifications are listed above.
Privacy-First Access by Default
Bid content is processed only by the AI system and delivered as reports with citations. Midpilot personnel do not read or review bid content.
Principle of Least Privilege
As we grow, all team members will be granted access only to the specific data and systems required to perform their roles.
Multi-Factor Authentication
All access to our internal systems and infrastructure requires multi-factor authentication.
Our service model is inherently more secure than a traditional SaaS product.
Zero Client-Side Software Integration
Because you are not integrating our software into your IT systems, you are not creating any new potential attack vectors or vulnerabilities in your own network.
No Client-Side User Management
You don't need to worry about provisioning new user accounts, managing passwords, or offboarding former employees.
A Clear, Auditable Process
The service is easy to understand and audit. There are no “black boxes.” We provide a clear chain of custody for your data from start to finish.
We welcome and encourage deep security reviews from our clients' technical teams. If you have further questions or would like to see our detailed security documentation, please get in touch.
Request a Security Briefing