Trust Center
Security, Legal and Compliance Questions, answered
What is AutoRFP.ai?
AutoRFP.ai is a Software as a Service (SaaS) with customers in 30+ Countries that automates the repetitive elements of Request for Proposals (RFPs) by leveraging private Artificial Intelligence (AI).
The platform helps Sales, Marketing and Bid teams to respond to public and private RFPs.
Information Security
AutoRFP.ai implements enterprise-grade security through ISO 27001 certification and comprehensive controls including real-time monitoring, multi-factor authentication, and least privilege access.
The platform's infrastructure leverages AWS's fully managed containerized services with network isolation, WAF protection, and automated TLS certificate management, while development practices incorporate vulnerability scanning, static code analysis, and regular third-party penetration testing.
GDPR Compliant
EU, US or AU Hosting Options
SSO Enforced
Downloads:
Legal Compliance
AutoRFP.ai provides comprehensive legal safeguards through an industry-standard MSA that protects customer data and clearly defines IP ownership. The agreement includes specific AI data use restrictions preventing training on public models (Section 6.2c), defined liability limitations capped at annual fees (with higher caps for specific breaches), and strong indemnification against third-party IP claims.
With GDPR, GDPR UK and CCPA compliance built into contractual obligations, robust breach notification requirements (48-hour notification), and clear data management provisions, the platform ensures both legal and security protections are aligned.
Data Sovereignty Assured
48hr Breach Notification
Downloads:

CCPA

EU Cloud COC

GPDR

ISO 27001
We ensure that none of the data provided by our customers is used to train public machine-learning models. All data is only used at runtime and is not retained by the model once complete.
Azure & Google Models Only
Zero Shared Model Training
Regional AI Hosting
data sovereignty
Hosting Options in US, EU & AU
We offer hosting in either the US, EU (Germany) or Australia. Depending on your preferences and needs.
Data Controls
Industry Standard Sub-processors
AutoRFP.ai enforces strict supplier polciies that ensure compliance with GDPR, GDPR UK, CCPA and more.
Industry Standard Infrastructure



Serious and transparent approach to security
ISO 27001 Compliant
AutoRFP.ai is ISO 27001 Certified and leverages Drata for real-time monitoring
App Security
Code Review Process
Employee Disclosure Process
Responsible Disclosure (Bug Bounty)
Software Development Lifecycle
Web Application Firewall
Data Security
Point-in-time-Restore Backups
Encryption In-Transit and at Rest
Comprehensive Logging/Monitoring
SSL/TLS Enforced
System Access Control Policy
Infrastructure Security
Restricted Access & 2FA
Automatic Patch Management
Multiple Availability Zones
Security Patches Automatically Applied
AWS Secure Key Management
Network Security
Denial of Public SSH
Firewalls
Logging/Monitoring
Malware Detection Software
Unique Accounts Used
Organization Security
Acceptable Use Policy
Code of Conduct
Disaster Recovery Plan
Incident Response Plan
Incident Response Team
Formal Security Training
Product Security
Hard-Disk Encryption
Messaging Queues Monitored & Alarmed
MFA on Accounts
NoSQL Database Monitored & Alarmed
Servers Monitored & Alarmed
Session Lock
Data processing
Data Processing & Transfer
We've collated and completed a transfer impact assessment across where data entered into AutoRFP.ai may reside, and the appropriate risks associated.
For details as to our transfer impact assessment please email dpo@autorfp.ai or view our data transfer assessment below.




Product Demo
See it in Action
Find 30 minutes to learn more about AutoRFP.ai and what the ROI might be for you.