Trust Center

Security, Legal and Compliance Questions, answered

What is AutoRFP.ai?

AutoRFP.ai is a Software as a Service (SaaS) with customers in 30+ Countries that automates the repetitive elements of Request for Proposals (RFPs) by leveraging private Artificial Intelligence (AI).


The platform helps Sales, Marketing and Bid teams to respond to public and private RFPs.

Reviewed & Trusted in 30 Countries

Reviewed & Trusted in 30 Countries

Trusted by Winners

Information Security

AutoRFP.ai implements enterprise-grade security through ISO 27001 certification and comprehensive controls including real-time monitoring, multi-factor authentication, and least privilege access.


The platform's infrastructure leverages AWS's fully managed containerized services with network isolation, WAF protection, and automated TLS certificate management, while development practices incorporate vulnerability scanning, static code analysis, and regular third-party penetration testing.

GDPR Compliant

EU, US or AU Hosting Options

ISO 27001 Certified

ISO 27001 Certified

SSO Enforced

Downloads:

Legal Compliance

AutoRFP.ai provides comprehensive legal safeguards through an industry-standard MSA that protects customer data and clearly defines IP ownership. The agreement includes specific AI data use restrictions preventing training on public models (Section 6.2c), defined liability limitations capped at annual fees (with higher caps for specific breaches), and strong indemnification against third-party IP claims.


With GDPR, GDPR UK and CCPA compliance built into contractual obligations, robust breach notification requirements (48-hour notification), and clear data management provisions, the platform ensures both legal and security protections are aligned.

Zero External AI Training

Zero External AI Training

Third-Party Indemnification

Third-Party Indemnification

Data Sovereignty Assured

48hr Breach Notification

Downloads:

Privacy & Security Compliance

Security & Legal Due Diligence Simplified

CCPA

EU Cloud COC

GPDR

ISO 27001

AI Privacy & Confidentiality

Security & Legal Due Diligence Simplified

We ensure that none of the data provided by our customers is used to train public machine-learning models. All data is only used at runtime and is not retained by the model once complete.

Azure & Google Models Only

Zero Shared Model Training

Regional AI Hosting

data sovereignty

Hosting Options in US, EU & AU

We offer hosting in either the US, EU (Germany) or Australia. Depending on your preferences and needs.

Data Controls

Industry Standard Sub-processors

AutoRFP.ai enforces strict supplier polciies that ensure compliance with GDPR, GDPR UK, CCPA and more.

Industry Standard Infrastructure

Serious and transparent approach to security

ISO 27001 Compliant

AutoRFP.ai is ISO 27001 Certified and leverages Drata for real-time monitoring

App Security

Code Review Process

Employee Disclosure Process

Responsible Disclosure (Bug Bounty)

Software Development Lifecycle

Web Application Firewall

Data Security

Point-in-time-Restore Backups

Encryption In-Transit and at Rest

Comprehensive Logging/Monitoring

SSL/TLS Enforced

System Access Control Policy

Infrastructure Security

Restricted Access & 2FA

Automatic Patch Management

Multiple Availability Zones

Security Patches Automatically Applied

AWS Secure Key Management

Network Security

Denial of Public SSH

Firewalls

Logging/Monitoring

Malware Detection Software

Unique Accounts Used

Organization Security

Acceptable Use Policy

Code of Conduct

Disaster Recovery Plan

Incident Response Plan

Incident Response Team

Formal Security Training

Product Security

Hard-Disk Encryption

Messaging Queues Monitored & Alarmed

MFA on Accounts

NoSQL Database Monitored & Alarmed

Servers Monitored & Alarmed

Session Lock

Data processing

Data Processing & Transfer

We've collated and completed a transfer impact assessment across where data entered into AutoRFP.ai may reside, and the appropriate risks associated.


For details as to our transfer impact assessment please email dpo@autorfp.ai or view our data transfer assessment below.

Other Questions

How does AutoRFP.ai protect my sensitive RFP data?

How does AutoRFP.ai protect my sensitive RFP data?

Who has access to our RFP content within the AutoRFP.ai system?

Who has access to our RFP content within the AutoRFP.ai system?

Is my data used to train AutoRFP.ai's AI models?

Is my data used to train AutoRFP.ai's AI models?

What certifications and compliance standards does AutoRFP.ai maintain?

What certifications and compliance standards does AutoRFP.ai maintain?

How is data segregated between different customers on the AutoRFP.ai platform?

How is data segregated between different customers on the AutoRFP.ai platform?

What is AutoRFP.ai's data retention and deletion policy?

What is AutoRFP.ai's data retention and deletion policy?

What security measures are in place for AutoRFP.ai's AI capabilities?

What security measures are in place for AutoRFP.ai's AI capabilities?

How does AutoRFP.ai ensure business continuity and disaster recovery?

How does AutoRFP.ai ensure business continuity and disaster recovery?

What is AutoRFP.ai's process for security vulnerability management?

What is AutoRFP.ai's process for security vulnerability management?

Does AutoRFP.ai provide an audit trail of user actions within the system?

Does AutoRFP.ai provide an audit trail of user actions within the system?

Other Questions

How does AutoRFP.ai protect my sensitive RFP data?

How does AutoRFP.ai protect my sensitive RFP data?

Who has access to our RFP content within the AutoRFP.ai system?

Who has access to our RFP content within the AutoRFP.ai system?

Is my data used to train AutoRFP.ai's AI models?

Is my data used to train AutoRFP.ai's AI models?

What certifications and compliance standards does AutoRFP.ai maintain?

What certifications and compliance standards does AutoRFP.ai maintain?

How is data segregated between different customers on the AutoRFP.ai platform?

How is data segregated between different customers on the AutoRFP.ai platform?

What is AutoRFP.ai's data retention and deletion policy?

What is AutoRFP.ai's data retention and deletion policy?

What security measures are in place for AutoRFP.ai's AI capabilities?

What security measures are in place for AutoRFP.ai's AI capabilities?

How does AutoRFP.ai ensure business continuity and disaster recovery?

How does AutoRFP.ai ensure business continuity and disaster recovery?

What is AutoRFP.ai's process for security vulnerability management?

What is AutoRFP.ai's process for security vulnerability management?

Does AutoRFP.ai provide an audit trail of user actions within the system?

Does AutoRFP.ai provide an audit trail of user actions within the system?

Internal Policies

Acceptable Use Policy

Asset Management Policy

Backup Policy

Business Continuity Plan

Change Management Policy

Modern Slavery Policy

Password Policy

Responsible Disclosure Policy

Code of Conduct

Data Classification Policy

Data Protection Policy

Data Retention Policy

Disaster Recovery Plan

Risk Assessment Policy

SDLC Policy

System Access Control Policy

Encryption Policy

Incident Response Plan

ISMS Plan

Information Security Policy

Logging and Monitoring Policy

Utility Program Access Control Policy

Vendor Management Policy

Vulnerability Management Policy

Other Questions

How does AutoRFP.ai protect my sensitive RFP data?

How does AutoRFP.ai protect my sensitive RFP data?

Who has access to our RFP content within the AutoRFP.ai system?

Who has access to our RFP content within the AutoRFP.ai system?

Is my data used to train AutoRFP.ai's AI models?

Is my data used to train AutoRFP.ai's AI models?

What certifications and compliance standards does AutoRFP.ai maintain?

What certifications and compliance standards does AutoRFP.ai maintain?

How is data segregated between different customers on the AutoRFP.ai platform?

How is data segregated between different customers on the AutoRFP.ai platform?

What is AutoRFP.ai's data retention and deletion policy?

What is AutoRFP.ai's data retention and deletion policy?

What security measures are in place for AutoRFP.ai's AI capabilities?

What security measures are in place for AutoRFP.ai's AI capabilities?

How does AutoRFP.ai ensure business continuity and disaster recovery?

How does AutoRFP.ai ensure business continuity and disaster recovery?

What is AutoRFP.ai's process for security vulnerability management?

What is AutoRFP.ai's process for security vulnerability management?

Does AutoRFP.ai provide an audit trail of user actions within the system?

Does AutoRFP.ai provide an audit trail of user actions within the system?

Product Demo

See it in Action

Find 30 minutes to learn more about AutoRFP.ai and what the ROI might be for you.